From 10efebe156155373d5458010e8fc9bd89b260662 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Wed, 13 Aug 2025 19:12:34 +0800 Subject: [PATCH 01/49] fix: make building Chinese Docker images optional in workflow Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 18 ++++++++++-------- script/build_and_push_images.sh | 8 +++----- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 062a2565..cdf51775 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -7,6 +7,10 @@ on: description: 'tag for the Docker image' required: true default: 'latest' + build_cn_image: + description: 'Build the Chinese version of the Docker image' + required: false + default: 'false' push: branches: - 'main' @@ -69,6 +73,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Aliyun ACR uses: docker/login-action@v3 + if: ${{ inputs.build_cn_image == 'true' }} with: registry: ${{ secrets.ALIYUN_REGISTRY }} username: ${{ secrets.ALIYUN_USERNAME }} @@ -78,19 +83,16 @@ jobs: echo "build_target=${{ matrix.build_target }}" echo "tag=${{ needs.define-matrix.outputs.tag }}" ghcr_image_name=$(bash script/get_image_name.sh "ghcr.io" "${{ github.repository_owner }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag }}" | tr '[:upper:]' '[:lower:]') - acr_image_name=$(bash script/get_image_name.sh "${{ secrets.ALIYUN_REGISTRY }}" "${{ secrets.ALIYUN_NAMESPACE }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag }}" | tr '[:upper:]' '[:lower:]') echo "ghcr_image_name=$ghcr_image_name" >> $GITHUB_OUTPUT - echo "acr_image_name=$acr_image_name" >> $GITHUB_OUTPUT - echo "Building and pushing both images..." - is_cn="0" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$ghcr_image_name" "$acr_image_name" $is_cn + echo "Building and pushing images..." + is_cn="0" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$ghcr_image_name" $is_cn - name: Build and push images_cn + if: ${{ inputs.build_cn_image == 'true' }} run: | echo "build_target=${{ matrix.build_target }}" echo "tag_cn=${{ needs.define-matrix.outputs.tag_cn }}" - ghcr_image_name_cn=$(bash script/get_image_name.sh "ghcr.io" "${{ github.repository_owner }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag_cn }}" | tr '[:upper:]' '[:lower:]') acr_image_name_cn=$(bash script/get_image_name.sh "${{ secrets.ALIYUN_REGISTRY }}" "${{ secrets.ALIYUN_NAMESPACE }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag_cn }}" | tr '[:upper:]' '[:lower:]') - echo "ghcr_image_name_cn=$ghcr_image_name_cn" >> $GITHUB_OUTPUT echo "acr_image_name_cn=$acr_image_name_cn" >> $GITHUB_OUTPUT - echo "Building and pushing both images..." - is_cn="1" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$ghcr_image_name_cn" "$acr_image_name_cn" $is_cn + echo "Building and pushing images..." + is_cn="1" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$acr_image_name_cn" $is_cn # TODO: generate runtime yaml and json diff --git a/script/build_and_push_images.sh b/script/build_and_push_images.sh index 6b77e2c1..65c10a35 100644 --- a/script/build_and_push_images.sh +++ b/script/build_and_push_images.sh @@ -1,16 +1,14 @@ #!/bin/bash build_target=$1 -image_name1=$2 -image_name2=$3 -is_cn=$4 +image_name=$2 +is_cn=$3 function build_and_push_image() { docker buildx build --push \ --file "$build_target" \ --platform linux/amd64 \ - --tag "$image_name1" \ - --tag "$image_name2" \ + --tag "$image_name" \ . } From 409f593d68d032a0a2ee7655ae3ed1c98d1f4add Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Thu, 14 Aug 2025 17:53:37 +0800 Subject: [PATCH 02/49] fix: restructure php 8.2.20 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/php/{8.2.20 => 8.2}/Dockerfile | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) rename Language/php/{8.2.20 => 8.2}/Dockerfile (68%) diff --git a/Language/php/8.2.20/Dockerfile b/Language/php/8.2/Dockerfile similarity index 68% rename from Language/php/8.2.20/Dockerfile rename to Language/php/8.2/Dockerfile index df6e12b1..13ea2e3b 100644 --- a/Language/php/8.2.20/Dockerfile +++ b/Language/php/8.2/Dockerfile @@ -1,22 +1,23 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 - -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/php/project /home/devbox/project +# Set the user to root +USER root RUN apt update && \ apt install -y apt-transport-https lsb-release ca-certificates wget && \ wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list && \ apt update && \ - apt install -y php8.2 php8.2-cli php8.2-common php8.2-xml php-pear php8.2-mbstring php-pgsql php-mysql php-mongo php-redis && \ + apt install -y php8.2 php8.2-cli php8.2-common php8.2-xml php-pear php8.2-mbstring php-pgsql php-mysql php-mongo php-redis && \ curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - rm -rf /var/lib/apt/lists/* && \ - chmod -R +x /home/devbox/project/entrypoint.sh + rm -rf /var/lib/apt/lists/* COPY /Language/php/php.ini /etc/php/8.2/apache2/php.ini -RUN mkdir /root/.devbox \ No newline at end of file +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/php/project /home/devbox/project + +RUN chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From 52a32c43291349eb1bedc41dc439a11cb84c94de Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 11:58:59 +0800 Subject: [PATCH 03/49] fix: restructure php 7.4 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/php/7.4/Dockerfile | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/Language/php/7.4/Dockerfile b/Language/php/7.4/Dockerfile index fdba0406..9666eaed 100644 --- a/Language/php/7.4/Dockerfile +++ b/Language/php/7.4/Dockerfile @@ -1,22 +1,23 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 +# Set the user to root +USER root -RUN cd /home/devbox/project && \ - rm -rf ./* - -COPY /Language/php/project /home/devbox/project - RUN apt update && \ apt install -y apt-transport-https lsb-release ca-certificates wget && \ wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list && \ apt update && \ - apt install -y php7.4 php7.4-cli php7.4-common php7.4-xml php-pear php7.4-mbstring php-pgsql php-mysql php-mongo php-redis && \ + apt install -y php7.4 php7.4-cli php7.4-common php7.4-xml php-pear php7.4-mbstring php-pgsql php-mysql php-mongo php-redis && \ curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - rm -rf /var/lib/apt/lists/* && \ - chmod -R +x /home/devbox/project/entrypoint.sh - + rm -rf /var/lib/apt/lists/* + COPY /Language/php/php.ini /etc/php/7.4/apache2/php.ini -RUN mkdir /root/.devbox \ No newline at end of file +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/php/project /home/devbox/project + +RUN chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From a3bca23ebddc6e4030dde83891d137a734d52ab7 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 11:51:28 +0800 Subject: [PATCH 04/49] fix: restructure python 3.12 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/python/3.12/Dockerfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Language/python/3.12/Dockerfile b/Language/python/3.12/Dockerfile index a2a7934b..5c634893 100644 --- a/Language/python/3.12/Dockerfile +++ b/Language/python/3.12/Dockerfile @@ -1,17 +1,17 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/python/project /home/devbox/project +USER root RUN apt-get update && \ apt-get install -y python3 python3-pip python3-venv && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - ln -s /usr/bin/python3 /usr/bin/python && \ - python -m venv /home/devbox/project && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh + ln -s /usr/bin/python3 /usr/bin/python + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/python/project /home/devbox/project -RUN mkdir /home/devbox/.devbox \ No newline at end of file +RUN python -m venv /home/devbox/project && chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From 7a5a3b75e6cde29bce68066ede8c359e77815525 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:01:48 +0800 Subject: [PATCH 05/49] fix: restructure python 3.10 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/python/3.10/Dockerfile | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/Language/python/3.10/Dockerfile b/Language/python/3.10/Dockerfile index ceff25c5..afe985b2 100644 --- a/Language/python/3.10/Dockerfile +++ b/Language/python/3.10/Dockerfile @@ -1,18 +1,17 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 - -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/python/project /home/devbox/project +USER root RUN apt-get update && \ apt-get install -y python3.10 python3-pip python3-venv && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - ln -s /usr/bin/python3 /usr/bin/python && \ - python -m venv /home/devbox/project && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh - -RUN mkdir /home/devbox/.devbox \ No newline at end of file + ln -s /usr/bin/python3 /usr/bin/python + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/python/project /home/devbox/project + +RUN python -m venv /home/devbox/project && chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From 1fe0063f6ad9525dd98bea0aac53e554e2eb5455 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:01:56 +0800 Subject: [PATCH 06/49] fix: restructure python 3.11 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/python/3.11/Dockerfile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Language/python/3.11/Dockerfile b/Language/python/3.11/Dockerfile index b0b04326..95738139 100644 --- a/Language/python/3.11/Dockerfile +++ b/Language/python/3.11/Dockerfile @@ -1,17 +1,17 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/python/project /home/devbox/project +USER root RUN apt-get update && \ apt-get install -y python3.11 python3-pip python3-venv && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - ln -s /usr/bin/python3 /usr/bin/python && \ - python -m venv /home/devbox/project && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh - -RUN mkdir /home/devbox/.devbox \ No newline at end of file + ln -s /usr/bin/python3 /usr/bin/python + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/python/project /home/devbox/project + +RUN python -m venv /home/devbox/project && chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From 0897ca06ca1173acfbd7b36c6f35fc8733a8a41f Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:10:14 +0800 Subject: [PATCH 07/49] fix: restructure gcc 12.2.0 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/c/gcc-12.2.0/Dockerfile | 20 ++++++++++---------- Language/cpp/gcc-12.2.0/Dockerfile | 21 +++++++++++---------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/Language/c/gcc-12.2.0/Dockerfile b/Language/c/gcc-12.2.0/Dockerfile index 16cd00a9..f2faddd4 100644 --- a/Language/c/gcc-12.2.0/Dockerfile +++ b/Language/c/gcc-12.2.0/Dockerfile @@ -1,16 +1,16 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 - -RUN cd /home/devbox/project && \ - rm -rf ./* - -COPY /Language/c/project /home/devbox/project +USER root RUN apt-get update && \ apt-get install -y gcc g++ make && \ apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh + rm -rf /var/lib/apt/lists/* + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/cpp/project /home/devbox/project -RUN mkdir /root/.devbox +RUN chmod +x /home/devbox/project/entrypoint.sh diff --git a/Language/cpp/gcc-12.2.0/Dockerfile b/Language/cpp/gcc-12.2.0/Dockerfile index 48a35cb2..f2faddd4 100644 --- a/Language/cpp/gcc-12.2.0/Dockerfile +++ b/Language/cpp/gcc-12.2.0/Dockerfile @@ -1,15 +1,16 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/cpp/project /home/devbox/project +USER root RUN apt-get update && \ apt-get install -y gcc g++ make && \ apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh - -RUN mkdir /root/.devbox \ No newline at end of file + rm -rf /var/lib/apt/lists/* + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/cpp/project /home/devbox/project + +RUN chmod +x /home/devbox/project/entrypoint.sh From 476a0d8262517b7b21931d36052b9dce9ee75d60 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:20:47 +0800 Subject: [PATCH 08/49] fix: restructure go 12.2.5 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/go/1.22.5/Dockerfile | 37 +++++++++++++++++------------------ 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/Language/go/1.22.5/Dockerfile b/Language/go/1.22.5/Dockerfile index eb28c8f0..b1229635 100644 --- a/Language/go/1.22.5/Dockerfile +++ b/Language/go/1.22.5/Dockerfile @@ -1,24 +1,23 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/go/project /home/devbox/project +USER root RUN curl -O https://dl.google.com/go/go1.22.5.linux-amd64.tar.gz && \ - tar -xvf go1.22.5.linux-amd64.tar.gz && \ - mv go /usr/local && \ - rm go1.22.5.linux-amd64.tar.gz && \ - mkdir -p /go/bin && \ - echo 'export GOPATH=/go' >> /home/devbox/.bashrc && \ - echo 'export PATH=$PATH:/usr/local/go/bin:/go/bin' >> /home/devbox/.bashrc && \ - echo 'export GOPATH=/go' >> /root/.bashrc && \ - echo 'export PATH=$PATH:/usr/local/go/bin:/go/bin' >> /root/.bashrc && \ - chmod -R 777 /go && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh + rm -rf /usr/local/go && \ + tar -C /usr/local -xzf go1.22.5.linux-amd64.tar.gz && \ + rm go1.22.5.linux-amd64.tar.gz + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi && \ + mkdir -p /home/devbox/go && \ + echo 'export GOPATH=/home/devbox/go' >> /home/devbox/.bashrc && \ + echo 'export PATH=$PATH:/usr/local/go/bin:/home/devbox/go/bin' >> /home/devbox/.bashrc + +COPY --chown=devbox:devbox /Language/go/project /home/devbox/project + +ENV GOPATH=/home/devbox/go +ENV PATH=$PATH:/usr/local/go/bin:/home/devbox/go/bin -ENV GOPATH=/go -ENV PATH=$PATH:/usr/local/go/bin:/go/bin -RUN mkdir /root/.devbox \ No newline at end of file +RUN chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From 1c0b70a5ffb7101874c3558346a67be663d83d4c Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:21:00 +0800 Subject: [PATCH 09/49] fix: restructure go 1.23.0 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/go/1.23.0/Dockerfile | 39 +++++++++++++++++------------------ 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/Language/go/1.23.0/Dockerfile b/Language/go/1.23.0/Dockerfile index 3bb9c6a8..d1d65547 100644 --- a/Language/go/1.23.0/Dockerfile +++ b/Language/go/1.23.0/Dockerfile @@ -1,24 +1,23 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/go/project /home/devbox/project +USER root RUN curl -O https://dl.google.com/go/go1.23.0.linux-amd64.tar.gz && \ - tar -xvf go1.23.0.linux-amd64.tar.gz && \ - mv go /usr/local && \ - rm go1.23.0.linux-amd64.tar.gz && \ - mkdir -p /go/bin && \ - echo 'export GOPATH=/go' >> /home/devbox/.bashrc && \ - echo 'export PATH=$PATH:/usr/local/go/bin:/go/bin' >> /home/devbox/.bashrc && \ - echo 'export GOPATH=/go' >> /root/.bashrc && \ - echo 'export PATH=$PATH:/usr/local/go/bin:/go/bin' >> /root/.bashrc && \ - chmod -R 777 /go && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh - -ENV GOPATH=/go -ENV PATH=$PATH:/usr/local/go/bin:/go/bin -RUN mkdir /root/.devbox \ No newline at end of file + rm -rf /usr/local/go && \ + tar -C /usr/local -xzf go1.23.0.linux-amd64.tar.gz && \ + rm go1.23.0.linux-amd64.tar.gz + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi && \ + mkdir -p /home/devbox/go && \ + echo 'export GOPATH=/home/devbox/go' >> /home/devbox/.bashrc && \ + echo 'export PATH=$PATH:/usr/local/go/bin:/home/devbox/go/bin' >> /home/devbox/.bashrc + +COPY --chown=devbox:devbox /Language/go/project /home/devbox/project + +ENV GOPATH=/home/devbox/go +ENV PATH=$PATH:/usr/local/go/bin:/home/devbox/go/bin + +RUN chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From 7c24e7e307df9263a48dea50dc9f991b22f8d50e Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:23:22 +0800 Subject: [PATCH 10/49] fix: restructure java openjdk17 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/java/openjdk17/Dockerfile | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/Language/java/openjdk17/Dockerfile b/Language/java/openjdk17/Dockerfile index b294ea63..ba83f734 100644 --- a/Language/java/openjdk17/Dockerfile +++ b/Language/java/openjdk17/Dockerfile @@ -1,9 +1,6 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/java/project /home/devbox/project +USER root RUN apt-get update && \ apt-get install -y wget && \ @@ -19,14 +16,18 @@ RUN apt-get update && \ ln -s /opt/maven/latest/bin/mvn /usr/bin/mvn && \ rm /tmp/apache-maven-3.8.6-bin.tar.gz && \ apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ + rm -rf /var/lib/apt/lists/* + +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi && \ echo 'export PATH=$PATH:$JAVA_HOME/bin' >> /home/devbox/.bashrc && \ - echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64' >> /home/devbox/.bashrc && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh + echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64' >> /home/devbox/.bashrc + +COPY --chown=devbox:devbox /Language/java/project /home/devbox/project ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64 ENV PATH=$PATH:$JAVA_HOME/bin -RUN mkdir /root/.devbox \ No newline at end of file +RUN chmod +x /home/devbox/project/entrypoint.sh \ No newline at end of file From d72538676612bddbe797f0cce23d542dae33598a Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 18 Aug 2025 12:25:17 +0800 Subject: [PATCH 11/49] fix: restructure .net 8.0 Dockerfile to ensure proper user context and cleanup Signed-off-by: Yun Pan --- Language/net/8.0/Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Language/net/8.0/Dockerfile b/Language/net/8.0/Dockerfile index d81e8076..1b53fe0e 100644 --- a/Language/net/8.0/Dockerfile +++ b/Language/net/8.0/Dockerfile @@ -1,9 +1,6 @@ FROM ghcr.io/labring-actions/devbox/debian-ssh-12.6:a5f75b3 -RUN cd /home/devbox/project && \ -rm -rf ./* - -COPY /Language/net/project /home/devbox/project +USER root RUN apt update && \ apt install -y wget && \ @@ -12,10 +9,13 @@ RUN apt update && \ rm packages-microsoft-prod.deb && \ sudo apt-get update && \ sudo apt-get install -y dotnet-sdk-8.0 && \ - cd /home/devbox/project && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R u+rw /home/devbox/project && \ - chmod -R +x /home/devbox/project/entrypoint.sh && \ rm -rf /var/lib/apt/lists/* -RUN mkdir /root/.devbox +USER devbox + +RUN mkdir -p /home/devbox/.devbox && \ + if [ -d /home/devbox/project ]; then rm -rf /home/devbox/project/*; fi + +COPY --chown=devbox:devbox /Language/net/project /home/devbox/project + +RUN chmod +x /home/devbox/project/entrypoint.sh From 786181478ba40ced8abb4848d4b6607a24d85941 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Wed, 13 Aug 2025 19:12:34 +0800 Subject: [PATCH 12/49] fix: make building Chinese Docker images optional in workflow Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 062a2565..61fd77c7 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -7,6 +7,10 @@ on: description: 'tag for the Docker image' required: true default: 'latest' + build_cn_image: + description: 'Build the Chinese version of the Docker image' + required: false + default: 'false' push: branches: - 'main' @@ -69,6 +73,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Aliyun ACR uses: docker/login-action@v3 + if: ${{ inputs.build_cn_image == 'true' }} with: registry: ${{ secrets.ALIYUN_REGISTRY }} username: ${{ secrets.ALIYUN_USERNAME }} @@ -84,6 +89,7 @@ jobs: echo "Building and pushing both images..." is_cn="0" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$ghcr_image_name" "$acr_image_name" $is_cn - name: Build and push images_cn + if: ${{ inputs.build_cn_image == 'true' }} run: | echo "build_target=${{ matrix.build_target }}" echo "tag_cn=${{ needs.define-matrix.outputs.tag_cn }}" From f740f3bf570049887e67cf6e9a3f4f97d2c2c504 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 15:28:27 +0800 Subject: [PATCH 13/49] remove cluster-image.yml Signed-off-by: Yun Pan --- .github/workflows/cluster-image.yml | 76 ----------------------------- 1 file changed, 76 deletions(-) delete mode 100644 .github/workflows/cluster-image.yml diff --git a/.github/workflows/cluster-image.yml b/.github/workflows/cluster-image.yml deleted file mode 100644 index 853b94db..00000000 --- a/.github/workflows/cluster-image.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: Build Runtime Cluster Image -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - target: [ - "yaml/cn/Framework/flask/3.0.3/3.0.3.yaml", - "yaml/cn/Framework/vue/v3.4.29/v3.4.29.yaml", - "yaml/cn/Framework/next.js/14.2.5/14.2.5.yaml", - "yaml/cn/Framework/react/18.2.0/18.2.0.yaml", - "yaml/cn/Framework/gin/v1.10.0/v1.10.0.yaml", - "yaml/cn/Framework/spring-boot/3.3.2/3.3.2.yaml", - "yaml/cn/Language/go/1.22.5/1.22.5.yaml", - "yaml/cn/Language/go/1.23.0/1.23.0.yaml", - "yaml/cn/Language/python/3.10/3.10.yaml", - "yaml/cn/Language/python/3.11/3.11.yaml", - "yaml/cn/Language/python/3.12/3.12.yaml", - "yaml/cn/Language/rust/1.81.0/1.81.0.yaml", - "yaml/cn/Language/java/openjdk17/openjdk17.yaml", - "yaml/cn/Language/php/7.4/7.4.yaml", - "yaml/cn/Language/php/8.2.20/8.2.20.yaml", - "yaml/cn/Language/node.js/20/20.yaml", - "yaml/cn/Language/node.js/18/18.yaml", - "yaml/cn/Language/node.js/22/22.yaml", - "yaml/cn/OS/debian-ssh/12.6/12.6.yaml", - ] - fail-fast: false - env: - RUNTIME_PATH: ${{ matrix.target }} - permissions: - contents: read - packages: write - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set variables - id: set_vars - run: | - RUNTIME_NAME=$(echo $RUNTIME_PATH | sed -E 's/.*\/([^/]+)\/([^/]+)\/.*\.yaml/\1-\2/' | tr '.' '-') - COMMIT_ID=${{ github.sha }} - SHORT_COMMIT_ID=${COMMIT_ID::6} - CLUSTER_IMAGE_NAME=ghcr.io/${{ github.repository_owner }}/sealos-cloud-devbox-runtime-$RUNTIME_NAME:$SHORT_COMMIT_ID - echo "RUNTIME_NAME=$RUNTIME_NAME" >> $GITHUB_ENV - echo "SHORT_COMMIT_ID=$SHORT_COMMIT_ID" >> $GITHUB_ENV - echo "CLUSTER_IMAGE_NAME=$CLUSTER_IMAGE_NAME" >> $GITHUB_ENV - - name: Set up sealos - run: | - curl -sfL https://raw.githubusercontent.com/labring/sealos/main/scripts/install.sh | sh -s v5.0.0 labring/sealos - - name: Login to ghcr.io - run: | - sudo sealos login -u ${{ github.repository_owner }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io - - name: Build cluster image - run: | - echo "runtime_path: $RUNTIME_PATH" - echo "runtime_name: $RUNTIME_NAME" - echo "short_commit_id: $SHORT_COMMIT_ID" - echo "cluster_image_name: $CLUSTER_IMAGE_NAME" - sudo bash script/build_runtime_cluster_image.sh $RUNTIME_PATH $RUNTIME_NAME $CLUSTER_IMAGE_NAME - - name: Push and save cluster image - run: | - sudo sealos push $CLUSTER_IMAGE_NAME - sudo sealos save $CLUSTER_IMAGE_NAME -o $RUNTIME_NAME.tar - - name: Upload cluster image tar - run: | - sudo -v ; curl https://gosspublic.alicdn.com/ossutil/install.sh | sudo bash - ossutil64 cp -e ${{ secrets.OSS_ENDPOINT }} \ - -i ${{ secrets.OSS_ACCESS_KEY_ID }} \ - -k ${{ secrets.OSS_ACCESS_KEY_SECRET }} \ - $RUNTIME_NAME.tar \ - oss://${{ secrets.OSS_BUCKET }}/cloud/devbox/runtime/$RUNTIME_NAME.tar From ab9f08a06a1bc6103a5962b295218244c617cfbd Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 16:55:17 +0800 Subject: [PATCH 14/49] feat: refactor Docker image build process and remove deprecated files Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 76 ++++++++++++--------------- OS/debian-ssh/12.6-cn/Dockerfile | 57 ++++++++++++++++++++ OS/debian-ssh/12.6/Dockerfile | 4 +- OS/debian-ssh/debian.sources | 25 --------- OS/debian-ssh/update_cn_dockerfile.sh | 10 ---- script/build_and_push_images.sh | 42 +++++++++------ 6 files changed, 118 insertions(+), 96 deletions(-) create mode 100644 OS/debian-ssh/12.6-cn/Dockerfile delete mode 100644 OS/debian-ssh/debian.sources delete mode 100755 OS/debian-ssh/update_cn_dockerfile.sh diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 61fd77c7..4897a939 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1,16 +1,6 @@ name: Build Docker Images on: - workflow_dispatch: - inputs: - tag: - description: 'tag for the Docker image' - required: true - default: 'latest' - build_cn_image: - description: 'Build the Chinese version of the Docker image' - required: false - default: 'false' push: branches: - 'main' @@ -19,7 +9,6 @@ jobs: runs-on: ubuntu-latest outputs: tag: ${{ steps.set_tag.outputs.tag }} - tag_cn: ${{ steps.set_tag.outputs.tag_cn }} build_targets: ${{ steps.get_build_matrix.outputs.build_targets }} steps: - name: Checkout code @@ -28,27 +17,31 @@ jobs: fetch-depth: 0 - name: Set up tag id: set_tag - run: | - if [ -n "${{ inputs.tag }}" ]; then - tag=${{ inputs.tag }} - else - tag=$(echo "${{ github.sha }}" | cut -c1-7) - fi - tag_cn=$tag-cn - echo "tag=$tag" >> $GITHUB_OUTPUT - echo "tag_cn=$tag_cn" >> $GITHUB_OUTPUT + run: | # Use custom tag if it's been given + echo "tag=$(echo "${{ github.sha }}" | cut -c1-7)" >> $GITHUB_OUTPUT + - name: Detect changed Dockerfiles + id: filter + uses: dorny/paths-filter@v3 + with: + list-files: json + filters: | + dockerfiles: + - '**/Dockerfile' - name: Get build matrix id: get_build_matrix run: | - if [ -n "${{ inputs.tag }}" ]; then - build_targets=$(bash script/get_all_dockerfile.sh) + changed='${{ steps.filter.outputs.changed_files }}' + if [ -z "$changed" ] || [ "$changed" = "[]" ]; then + build_targets="[]" else - build_targets=$(bash script/get_changed_dockerfile.sh $(echo "${{ github.event.before }}" | cut -c1-7) $(echo "${{ github.sha }}" | cut -c1-7)) + build_targets="$changed" fi + echo "Filtered build_targets=$build_targets" echo "build_targets=$build_targets" >> $GITHUB_OUTPUT build: runs-on: ubuntu-latest - needs: define-matrix + env: + PUSH_TO_ACR: ${{ vars.PUSH_TO_ACR }} # make repo variable available to steps strategy: fail-fast: false matrix: @@ -71,32 +64,29 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push image to ghcr.io + run: | + set -euo pipefail + echo "build_target=${{ matrix.build_target }}" + echo "tag=${{ needs.define-matrix.outputs.tag }}" + ghcr_image_name=$(bash script/get_image_name.sh "ghcr.io" "${{ github.repository_owner }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag }}" | tr '[:upper:]' '[:lower:]') + image_tags=("$ghcr_image_name") + printf 'Final tag list:\n'; printf ' %s\n' "${image_tags[@]}" + bash script/build_and_push_images.sh "${{ matrix.build_target }}" "${image_tags[@]}" - name: Login to Aliyun ACR uses: docker/login-action@v3 - if: ${{ inputs.build_cn_image == 'true' }} + if: ${{ env.PUSH_TO_ACR == 'true' }} with: registry: ${{ secrets.ALIYUN_REGISTRY }} username: ${{ secrets.ALIYUN_USERNAME }} password: ${{ secrets.ALIYUN_PASSWORD }} - - name: Build and push images + - name: Build and push image to ACR + if: ${{ env.PUSH_TO_ACR == 'true' }} run: | + set -euo pipefail echo "build_target=${{ matrix.build_target }}" echo "tag=${{ needs.define-matrix.outputs.tag }}" - ghcr_image_name=$(bash script/get_image_name.sh "ghcr.io" "${{ github.repository_owner }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag }}" | tr '[:upper:]' '[:lower:]') acr_image_name=$(bash script/get_image_name.sh "${{ secrets.ALIYUN_REGISTRY }}" "${{ secrets.ALIYUN_NAMESPACE }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag }}" | tr '[:upper:]' '[:lower:]') - echo "ghcr_image_name=$ghcr_image_name" >> $GITHUB_OUTPUT - echo "acr_image_name=$acr_image_name" >> $GITHUB_OUTPUT - echo "Building and pushing both images..." - is_cn="0" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$ghcr_image_name" "$acr_image_name" $is_cn - - name: Build and push images_cn - if: ${{ inputs.build_cn_image == 'true' }} - run: | - echo "build_target=${{ matrix.build_target }}" - echo "tag_cn=${{ needs.define-matrix.outputs.tag_cn }}" - ghcr_image_name_cn=$(bash script/get_image_name.sh "ghcr.io" "${{ github.repository_owner }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag_cn }}" | tr '[:upper:]' '[:lower:]') - acr_image_name_cn=$(bash script/get_image_name.sh "${{ secrets.ALIYUN_REGISTRY }}" "${{ secrets.ALIYUN_NAMESPACE }}" "${{ matrix.build_target }}" "${{ needs.define-matrix.outputs.tag_cn }}" | tr '[:upper:]' '[:lower:]') - echo "ghcr_image_name_cn=$ghcr_image_name_cn" >> $GITHUB_OUTPUT - echo "acr_image_name_cn=$acr_image_name_cn" >> $GITHUB_OUTPUT - echo "Building and pushing both images..." - is_cn="1" bash script/build_and_push_images.sh "${{ matrix.build_target }}" "$ghcr_image_name_cn" "$acr_image_name_cn" $is_cn - # TODO: generate runtime yaml and json + image_tags=("$acr_image_name") + printf 'Final tag list:\n'; printf ' %s\n' "${image_tags[@]}" + bash script/build_and_push_images.sh "${{ matrix.build_target }}" "${image_tags[@]}" \ No newline at end of file diff --git a/OS/debian-ssh/12.6-cn/Dockerfile b/OS/debian-ssh/12.6-cn/Dockerfile new file mode 100644 index 00000000..a319d55e --- /dev/null +++ b/OS/debian-ssh/12.6-cn/Dockerfile @@ -0,0 +1,57 @@ +FROM debian:12.6-slim + +COPY /script/startup.sh /usr/start/startup.sh + +RUN chmod +x /usr/start/startup.sh && \ + apt-get update && \ + apt-get install -y \ + dumb-init \ + wget \ + sudo \ + net-tools \ + iproute2 \ + iputils-ping \ + curl \ + netcat-openbsd \ + vim \ + openssl \ + make \ + git \ + openssh-client \ + openssh-server && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + mkdir -p /run/sshd && \ + chmod 755 /run/sshd && \ + echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config && \ + echo 'GatewayPorts yes' >> /etc/ssh/sshd_config && \ + echo 'X11Forwarding yes' >> /etc/ssh/sshd_config && \ + echo 'Port 22' >> /etc/ssh/sshd_config && \ + echo 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' >> /etc/ssh/sshd_config && \ + echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config && \ + echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config && \ + useradd -m -s /bin/bash devbox && \ + usermod -aG sudo devbox && \ + echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ + rm -rf /tmp/* && \ + mkdir -p /home/devbox/.ssh && \ + PASS=$(openssl rand -base64 16) && \ + echo "devbox:$PASS" | sudo chpasswd && \ + chown -R devbox:devbox /home/devbox/.ssh && \ + chmod -R 770 /home/devbox/.ssh + +USER devbox +COPY /OS/debian-ssh/project /home/devbox/project +RUN sudo chown -R devbox:devbox /home/devbox/project && \ + sudo chmod -R 777 /home/devbox/project + +# Default to the official Debian mirror if none is provided +ARG APT_MIRROR=https://mirrors.tuna.tsinghua.edu.cn/debian + +RUN sed -i "s|http://deb.debian.org/debian|${APT_MIRROR}|g" /etc/apt/sources.list.d/debian.sources + +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["sudo", "-E", "/usr/start/startup.sh"] + +WORKDIR /home/devbox/project +EXPOSE 22 diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 419d245e..6c0b7f76 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -39,7 +39,7 @@ RUN chmod +x /usr/start/startup.sh && \ echo "devbox:$PASS" | sudo chpasswd && \ chown -R devbox:devbox /home/devbox/.ssh && \ chmod -R 770 /home/devbox/.ssh - + USER devbox COPY /OS/debian-ssh/project /home/devbox/project RUN sudo chown -R devbox:devbox /home/devbox/project && \ @@ -47,6 +47,6 @@ RUN sudo chown -R devbox:devbox /home/devbox/project && \ ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["sudo", "-E", "/usr/start/startup.sh"] - + WORKDIR /home/devbox/project EXPOSE 22 \ No newline at end of file diff --git a/OS/debian-ssh/debian.sources b/OS/debian-ssh/debian.sources deleted file mode 100644 index da58c0cf..00000000 --- a/OS/debian-ssh/debian.sources +++ /dev/null @@ -1,25 +0,0 @@ -Types: deb -URIs: https://mirrors.tuna.tsinghua.edu.cn/debian -Suites: stable stable-updates -Components: main -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释 -# Types: deb-src -# URIs: https://mirrors.tuna.tsinghua.edu.cn/debian -# Suites: bookworm bookworm-updates bookworm-backports -# Components: main -# Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -# 以下安全更新软件源包含了官方源与镜像站配置,如有需要可自行修改注释切换 -Types: deb -URIs: https://security.debian.org/debian-security -Suites: stable-security -Components: main -Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg - -# Types: deb-src -# URIs: https://security.debian.org/debian-security -# Suites: bookworm-security -# Components: main -# Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg \ No newline at end of file diff --git a/OS/debian-ssh/update_cn_dockerfile.sh b/OS/debian-ssh/update_cn_dockerfile.sh deleted file mode 100755 index 9a3ffa09..00000000 --- a/OS/debian-ssh/update_cn_dockerfile.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -DOCKERFILE=$1 -echo "DOCKERFILE: $DOCKERFILE" -TMP_DOCKERFILE="${DOCKERFILE}tmp" -cp $DOCKERFILE $TMP_DOCKERFILE - -# 修正sed命令 -sed -i '$i\ -COPY /OS/debian-ssh/debian.sources /etc/apt/sources.list.d/debian.sources' "$TMP_DOCKERFILE" \ No newline at end of file diff --git a/script/build_and_push_images.sh b/script/build_and_push_images.sh index 6b77e2c1..f7bd5ee0 100644 --- a/script/build_and_push_images.sh +++ b/script/build_and_push_images.sh @@ -1,26 +1,36 @@ #!/bin/bash +set -euo pipefail -build_target=$1 -image_name1=$2 -image_name2=$3 -is_cn=$4 +build_target="$1" +shift 1 +image_tags=("$@") + +if [ "${#image_tags[@]}" -eq 0 ]; then + echo "No image tags provided. Abort." + exit 1 +fi + +echo "Building: $build_target" +echo "Tags:" +printf ' %s\n' "${image_tags[@]}" + +build_and_push_image() { + local tags_args=() + for t in "${image_tags[@]}"; do + tags_args+=( --tag "$t" ) + done + + local build_args=() + if [ -n "${APT_MIRROR:-}" ]; then + build_args+=( --build-arg "APT_MIRROR=$APT_MIRROR" ) + fi -function build_and_push_image() { docker buildx build --push \ --file "$build_target" \ --platform linux/amd64 \ - --tag "$image_name1" \ - --tag "$image_name2" \ + "${build_args[@]}" \ + "${tags_args[@]}" \ . } -function execute_cn_patch() { - script_dir=$(dirname "$(dirname "$build_target")") - bash "$script_dir/update_cn_dockerfile.sh" "$build_target" -} - -if [ "$is_cn" == "1" ]; then - execute_cn_patch -fi - build_and_push_image \ No newline at end of file From 6dc9b001a0b76de3945c997026940004cc04404e Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:13:33 +0800 Subject: [PATCH 15/49] fix: update APT mirror configuration in Dockerfile for consistency Signed-off-by: Yun Pan --- OS/debian-ssh/12.6-cn/Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/OS/debian-ssh/12.6-cn/Dockerfile b/OS/debian-ssh/12.6-cn/Dockerfile index a319d55e..baab2d98 100644 --- a/OS/debian-ssh/12.6-cn/Dockerfile +++ b/OS/debian-ssh/12.6-cn/Dockerfile @@ -40,16 +40,14 @@ RUN chmod +x /usr/start/startup.sh && \ chown -R devbox:devbox /home/devbox/.ssh && \ chmod -R 770 /home/devbox/.ssh +ARG APT_MIRROR=mirrors.tuna.tsinghua.edu.cn +RUN sed -i "s@//.*deb.debian.org@//${APT_MIRROR}@g" /etc/apt/sources.list.d/debian.sources + USER devbox COPY /OS/debian-ssh/project /home/devbox/project RUN sudo chown -R devbox:devbox /home/devbox/project && \ sudo chmod -R 777 /home/devbox/project -# Default to the official Debian mirror if none is provided -ARG APT_MIRROR=https://mirrors.tuna.tsinghua.edu.cn/debian - -RUN sed -i "s|http://deb.debian.org/debian|${APT_MIRROR}|g" /etc/apt/sources.list.d/debian.sources - ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["sudo", "-E", "/usr/start/startup.sh"] From 9cc1436e79d157cfdf9556300d265d7aaa1f3621 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:18:28 +0800 Subject: [PATCH 16/49] fix: correct syntax for setting custom tag and improve Dockerfile detection logic Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 4897a939..e1cae161 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -17,7 +17,7 @@ jobs: fetch-depth: 0 - name: Set up tag id: set_tag - run: | # Use custom tag if it's been given + run: | echo "tag=$(echo "${{ github.sha }}" | cut -c1-7)" >> $GITHUB_OUTPUT - name: Detect changed Dockerfiles id: filter @@ -25,12 +25,12 @@ jobs: with: list-files: json filters: | - dockerfiles: + changed: - '**/Dockerfile' - name: Get build matrix id: get_build_matrix run: | - changed='${{ steps.filter.outputs.changed_files }}' + changed="${{ steps.filter.outputs.changed_files }}" if [ -z "$changed" ] || [ "$changed" = "[]" ]; then build_targets="[]" else From 0e48433873b0459dda326ad72d8444d102b0c064 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:18:58 +0800 Subject: [PATCH 17/49] fix: remove unnecessary root user switch in Dockerfile Signed-off-by: Yun Pan --- OS/ubuntu/24.04-cn/Dockerfile | 63 +++++++++++++++++++++++++++++++++++ OS/ubuntu/24.04/Dockerfile | 5 +-- 2 files changed, 64 insertions(+), 4 deletions(-) create mode 100644 OS/ubuntu/24.04-cn/Dockerfile diff --git a/OS/ubuntu/24.04-cn/Dockerfile b/OS/ubuntu/24.04-cn/Dockerfile new file mode 100644 index 00000000..12a9524a --- /dev/null +++ b/OS/ubuntu/24.04-cn/Dockerfile @@ -0,0 +1,63 @@ +FROM ubuntu:24.04 + +COPY /script/startup.sh /usr/start/startup.sh + +RUN apt update && \ + apt install -y \ + net-tools \ + iproute2 \ + iputils-ping \ + curl \ + sudo \ + wget \ + netcat-openbsd \ + vim \ + openssl \ + make \ + git && \ + mkdir -p /usr/start && \ + apt clean + +RUN chmod +x /usr/start/startup.sh && \ + apt-get update && \ + apt-get install -y \ + dumb-init \ + openssh-client \ + openssh-server && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + mkdir -p /run/sshd && \ + chmod 755 /run/sshd && \ + echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config && \ + echo 'GatewayPorts yes' >> /etc/ssh/sshd_config && \ + echo 'X11Forwarding yes' >> /etc/ssh/sshd_config && \ + echo 'Port 22' >> /etc/ssh/sshd_config && \ + echo 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' >> /etc/ssh/sshd_config && \ + echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config && \ + echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config && \ + useradd -m -s /bin/bash devbox && \ + usermod -aG sudo devbox && \ + echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ + rm -rf /tmp/* && \ + mkdir -p /home/devbox/.ssh && \ + PASS=$(openssl rand -base64 16) && \ + echo "devbox:$PASS" | sudo chpasswd && \ + chown -R devbox:devbox /home/devbox/.ssh && \ + chmod -R 770 /home/devbox/.ssh + +ARG APT_MIRROR=mirrors.tuna.tsinghua.edu.cn +RUN sed -i "s@//.*archive.ubuntu.com@//${APT_MIRROR}@g" /etc/apt/sources.list.d/ubuntu.sources + +USER devbox +COPY /OS/debian-ssh/project /home/devbox/project +RUN sudo chown -R devbox:devbox /home/devbox/project && \ + sudo chmod -R 777 /home/devbox/project && \ + sudo chmod -R +x /home/devbox/project/entrypoint.sh + +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["sudo", "-E", "/usr/start/startup.sh"] + +WORKDIR /home/devbox/project +EXPOSE 22 + + diff --git a/OS/ubuntu/24.04/Dockerfile b/OS/ubuntu/24.04/Dockerfile index 70949a14..940ba1fb 100644 --- a/OS/ubuntu/24.04/Dockerfile +++ b/OS/ubuntu/24.04/Dockerfile @@ -51,11 +51,8 @@ RUN sudo chown -R devbox:devbox /home/devbox/project && \ sudo chmod -R 777 /home/devbox/project && \ sudo chmod -R +x /home/devbox/project/entrypoint.sh - -USER root - ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["sudo", "-E", "/usr/start/startup.sh"] - + WORKDIR /home/devbox/project EXPOSE 22 \ No newline at end of file From b7205a9ffc6497908e3934778afb0f95dc7f78a1 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:26:55 +0800 Subject: [PATCH 18/49] fix: update build_targets output to use changed files from filter step Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index e1cae161..94c0a4c6 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest outputs: tag: ${{ steps.set_tag.outputs.tag }} - build_targets: ${{ steps.get_build_matrix.outputs.build_targets }} + build_targets: ${{ steps.filter.outputs.changed_files }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -27,17 +27,6 @@ jobs: filters: | changed: - '**/Dockerfile' - - name: Get build matrix - id: get_build_matrix - run: | - changed="${{ steps.filter.outputs.changed_files }}" - if [ -z "$changed" ] || [ "$changed" = "[]" ]; then - build_targets="[]" - else - build_targets="$changed" - fi - echo "Filtered build_targets=$build_targets" - echo "build_targets=$build_targets" >> $GITHUB_OUTPUT build: runs-on: ubuntu-latest env: From 4e2588d92578061668fbe315a65231ced16b45ff Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:29:59 +0800 Subject: [PATCH 19/49] feat: add Dockerfile for CUDA 12.4.1 environment setup Signed-off-by: Yun Pan --- OS/ubuntu-cuda/24.04-cn/Dockerfile | 63 ++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 OS/ubuntu-cuda/24.04-cn/Dockerfile diff --git a/OS/ubuntu-cuda/24.04-cn/Dockerfile b/OS/ubuntu-cuda/24.04-cn/Dockerfile new file mode 100644 index 00000000..5102196b --- /dev/null +++ b/OS/ubuntu-cuda/24.04-cn/Dockerfile @@ -0,0 +1,63 @@ +FROM nvidia/cuda:12.4.1-devel-ubuntu22.04 + +COPY /script/startup.sh /usr/start/startup.sh + +RUN apt update && \ + apt install -y \ + net-tools \ + iproute2 \ + iputils-ping \ + curl \ + sudo \ + wget \ + netcat-openbsd \ + vim \ + openssl \ + make \ + git && \ + mkdir -p /usr/start && \ + apt clean + +RUN chmod +x /usr/start/startup.sh && \ + apt-get update && \ + apt-get install -y \ + dumb-init \ + openssh-client \ + openssh-server && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + mkdir -p /run/sshd && \ + chmod 755 /run/sshd && \ + echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config && \ + echo 'GatewayPorts yes' >> /etc/ssh/sshd_config && \ + echo 'X11Forwarding yes' >> /etc/ssh/sshd_config && \ + echo 'Port 22' >> /etc/ssh/sshd_config && \ + echo 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' >> /etc/ssh/sshd_config && \ + echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config && \ + echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config && \ + useradd -m -s /bin/bash devbox && \ + usermod -aG sudo devbox && \ + echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ + echo 'export PATH=/usr/local/cuda/bin:$PATH' >> /etc/profile && \ + echo 'export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH' >> /etc/profile && \ + rm -rf /tmp/* && \ + mkdir -p /home/devbox/.ssh && \ + PASS=$(openssl rand -base64 16) && \ + echo "devbox:$PASS" | sudo chpasswd && \ + chown -R devbox:devbox /home/devbox/.ssh && \ + chmod -R 770 /home/devbox/.ssh + +ARG APT_MIRROR=mirrors.tuna.tsinghua.edu.cn +RUN sed -i "s@//.*archive.ubuntu.com@//${APT_MIRROR}@g" /etc/apt/sources.list.d/ubuntu.sources + +USER devbox +COPY /OS/debian-ssh/project /home/devbox/project +RUN sudo chown -R devbox:devbox /home/devbox/project && \ + sudo chmod -R 777 /home/devbox/project && \ + sudo chmod -R +x /home/devbox/project/entrypoint.sh + +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["sudo", "-E", "/usr/start/startup.sh"] + +WORKDIR /home/devbox/project +EXPOSE 22 \ No newline at end of file From d9a224b96bf466a4758d71dfdfe29b1b14a4390b Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:39:46 +0800 Subject: [PATCH 20/49] fix: update build_targets output to use resolved changed files from filter step Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 94c0a4c6..294fa0d9 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest outputs: tag: ${{ steps.set_tag.outputs.tag }} - build_targets: ${{ steps.filter.outputs.changed_files }} + build_targets: ${{ steps.set_matrix.outputs.build_targets }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -27,7 +27,17 @@ jobs: filters: | changed: - '**/Dockerfile' + - name: Prepare build targets + id: set_matrix + run: | + files='${{ steps.filter.outputs.changed_files }}' + if [ -z "$files" ] || [ "$files" = "[]" ]; then + files='[]' + fi + echo "Resolved build_targets=$files" + echo "build_targets=$files" >> $GITHUB_OUTPUT build: + if: ${{ needs.define-matrix.outputs.build_targets != '[]' }} runs-on: ubuntu-latest env: PUSH_TO_ACR: ${{ vars.PUSH_TO_ACR }} # make repo variable available to steps From 3df2ee94287ded1decfd45c06c0b0897eb5c5f0b Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 17:42:51 +0800 Subject: [PATCH 21/49] fix: ensure build job depends on define-matrix job Signed-off-by: Yun Pan --- .github/workflows/docker-image.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 294fa0d9..7a89aaa2 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -38,6 +38,8 @@ jobs: echo "build_targets=$files" >> $GITHUB_OUTPUT build: if: ${{ needs.define-matrix.outputs.build_targets != '[]' }} + needs: + - define-matrix runs-on: ubuntu-latest env: PUSH_TO_ACR: ${{ vars.PUSH_TO_ACR }} # make repo variable available to steps From 4b7e3f09114c9694ee96bc3531957ad7896671e7 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 18:08:09 +0800 Subject: [PATCH 22/49] fix: update Dockerfile to use s6-overlay for process management and adjust startup script Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 18 +++++++++--------- OS/debian-ssh/12.6/etc/services.d/sshd/run | 3 +++ script/startup.sh | 9 +++------ 3 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 OS/debian-ssh/12.6/etc/services.d/sshd/run diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 6c0b7f76..7b748847 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -1,11 +1,10 @@ FROM debian:12.6-slim -COPY /script/startup.sh /usr/start/startup.sh +COPY /script/startup.sh /etc/services.d/startup/run -RUN chmod +x /usr/start/startup.sh && \ +RUN chmod +x /etc/services.d/startup/run && \ apt-get update && \ apt-get install -y \ - dumb-init \ wget \ sudo \ net-tools \ @@ -38,15 +37,16 @@ RUN chmod +x /usr/start/startup.sh && \ PASS=$(openssl rand -base64 16) && \ echo "devbox:$PASS" | sudo chpasswd && \ chown -R devbox:devbox /home/devbox/.ssh && \ - chmod -R 770 /home/devbox/.ssh + chmod -R 770 /home/devbox/.ssh && \ + wget -O /tmp/s6-overlay.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v3.2.1.0/s6-overlay-amd64.tar.gz && \ + tar Jxpf /tmp/s6-overlay.tar.gz -C / && \ + rm /tmp/s6-overlay.tar.gz -USER devbox COPY /OS/debian-ssh/project /home/devbox/project RUN sudo chown -R devbox:devbox /home/devbox/project && \ sudo chmod -R 777 /home/devbox/project -ENTRYPOINT ["/usr/bin/dumb-init", "--"] -CMD ["sudo", "-E", "/usr/start/startup.sh"] - WORKDIR /home/devbox/project -EXPOSE 22 \ No newline at end of file +EXPOSE 22 + +ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/OS/debian-ssh/12.6/etc/services.d/sshd/run b/OS/debian-ssh/12.6/etc/services.d/sshd/run new file mode 100644 index 00000000..8a4ee5ca --- /dev/null +++ b/OS/debian-ssh/12.6/etc/services.d/sshd/run @@ -0,0 +1,3 @@ +#!/usr/bin/execlineb -P +s6-setuidgid root +/usr/sbin/sshd -D diff --git a/script/startup.sh b/script/startup.sh index d6f12c7a..7df443a2 100644 --- a/script/startup.sh +++ b/script/startup.sh @@ -1,10 +1,7 @@ #!/bin/bash if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then - echo "${SEALOS_DEVBOX_NAME}">/etc/hostname -fi + echo "${SEALOS_DEVBOX_NAME}" >/etc/hostname +fi -echo "${SEALOS_DEVBOX_POD_UID}">/usr/start/pod_id -# Start the SSH daemon -/usr/sbin/sshd -sleep infinity \ No newline at end of file +echo "${SEALOS_DEVBOX_POD_UID}" >/usr/start/pod_id \ No newline at end of file From 296726e0e6ad633c3d5833dda810d4e5b95c3bd2 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 18:11:07 +0800 Subject: [PATCH 23/49] fix: update s6-overlay download link to use the correct architecture Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 7b748847..ee943d38 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -38,7 +38,7 @@ RUN chmod +x /etc/services.d/startup/run && \ echo "devbox:$PASS" | sudo chpasswd && \ chown -R devbox:devbox /home/devbox/.ssh && \ chmod -R 770 /home/devbox/.ssh && \ - wget -O /tmp/s6-overlay.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v3.2.1.0/s6-overlay-amd64.tar.gz && \ + wget -O /tmp/s6-overlay.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v3.2.1.0/s6-overlay-x86_64.tar.xz && \ tar Jxpf /tmp/s6-overlay.tar.gz -C / && \ rm /tmp/s6-overlay.tar.gz From e36d01092f5e001983e5281a98b48b53db7bdb2e Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 18:13:12 +0800 Subject: [PATCH 24/49] fix: add xz-utils to Dockerfile dependencies Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index ee943d38..9d8b6dff 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -16,6 +16,7 @@ RUN chmod +x /etc/services.d/startup/run && \ openssl \ make \ git \ + xz-utils \ openssh-client \ openssh-server && \ apt-get clean && \ From 95a1c929598d29732ecc657be099676a4a5fae27 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 18:26:17 +0800 Subject: [PATCH 25/49] fix: refactor Dockerfile to use ARG for s6-overlay version and streamline installation Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 9d8b6dff..e8de2c8b 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -1,5 +1,5 @@ FROM debian:12.6-slim - +ARG S6_OVERLAY_VERSION=3.2.1.0 COPY /script/startup.sh /etc/services.d/startup/run RUN chmod +x /etc/services.d/startup/run && \ @@ -38,10 +38,12 @@ RUN chmod +x /etc/services.d/startup/run && \ PASS=$(openssl rand -base64 16) && \ echo "devbox:$PASS" | sudo chpasswd && \ chown -R devbox:devbox /home/devbox/.ssh && \ - chmod -R 770 /home/devbox/.ssh && \ - wget -O /tmp/s6-overlay.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v3.2.1.0/s6-overlay-x86_64.tar.xz && \ - tar Jxpf /tmp/s6-overlay.tar.gz -C / && \ - rm /tmp/s6-overlay.tar.gz + chmod -R 770 /home/devbox/.ssh + +ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp +RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz +ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp +RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz COPY /OS/debian-ssh/project /home/devbox/project RUN sudo chown -R devbox:devbox /home/devbox/project && \ From 79477991c963274b022f37cff2d1769fde7b1c87 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 21:51:10 +0800 Subject: [PATCH 26/49] fix: add custom s6-overlay service definitions and scripts for SSHD Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 3 +++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base | 0 .../{12.6/etc/services.d => etc/s6-overlay/s6-rc.d}/sshd/run | 0 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/user/contents.d/sshd | 0 5 files changed, 4 insertions(+) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base rename OS/debian-ssh/{12.6/etc/services.d => etc/s6-overlay/s6-rc.d}/sshd/run (100%) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/user/contents.d/sshd diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index e8de2c8b..cbe3ad73 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -46,6 +46,9 @@ ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLA RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz COPY /OS/debian-ssh/project /home/devbox/project +# Copy custom s6-overlay service / rc definitions +COPY /OS/debian-ssh/etc/ /etc/ + RUN sudo chown -R devbox:devbox /home/devbox/project && \ sudo chmod -R 777 /home/devbox/project diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/12.6/etc/services.d/sshd/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run similarity index 100% rename from OS/debian-ssh/12.6/etc/services.d/sshd/run rename to OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/user/contents.d/sshd b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/user/contents.d/sshd new file mode 100644 index 00000000..e69de29b From 4f1017dfa0827821a0508176eb1f6f83ac2d6208 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 22:12:16 +0800 Subject: [PATCH 27/49] fix: update permissions for project directory and add SSHD service definition Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 5 +++-- .../etc/s6-overlay/s6-rc.d/{sshd => }/user/contents.d/sshd | 0 2 files changed, 3 insertions(+), 2 deletions(-) rename OS/debian-ssh/etc/s6-overlay/s6-rc.d/{sshd => }/user/contents.d/sshd (100%) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index cbe3ad73..910b1ba9 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -49,8 +49,9 @@ COPY /OS/debian-ssh/project /home/devbox/project # Copy custom s6-overlay service / rc definitions COPY /OS/debian-ssh/etc/ /etc/ -RUN sudo chown -R devbox:devbox /home/devbox/project && \ - sudo chmod -R 777 /home/devbox/project +RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ + chown -R devbox:devbox /home/devbox/project && \ + chmod -R 777 /home/devbox/project WORKDIR /home/devbox/project EXPOSE 22 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/user/contents.d/sshd b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd similarity index 100% rename from OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/user/contents.d/sshd rename to OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd From 9d2b5df0048b8e360a76f7daeb9747b51ee56eed Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 22:32:44 +0800 Subject: [PATCH 28/49] fix: add startup service scripts and permissions for s6-overlay Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 5 ++--- .../s6-rc.d/sshd/dependencies.d/{base => startup} | 0 .../etc/s6-overlay/s6-rc.d/startup/dependencies.d/base | 0 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run | 7 +++++++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type | 1 + .../etc/s6-overlay/s6-rc.d/user/contents.d/startup | 0 6 files changed, 10 insertions(+), 3 deletions(-) rename OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/{base => startup} (100%) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/dependencies.d/base create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/startup diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 910b1ba9..bdc91a65 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -1,9 +1,7 @@ FROM debian:12.6-slim ARG S6_OVERLAY_VERSION=3.2.1.0 -COPY /script/startup.sh /etc/services.d/startup/run -RUN chmod +x /etc/services.d/startup/run && \ - apt-get update && \ +RUN apt-get update && \ apt-get install -y \ wget \ sudo \ @@ -50,6 +48,7 @@ COPY /OS/debian-ssh/project /home/devbox/project COPY /OS/debian-ssh/etc/ /etc/ RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ + chmod 700 /etc/s6-overlay/s6-rc.d/startup/run && \ chown -R devbox:devbox /home/devbox/project && \ chmod -R 777 /home/devbox/project diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/startup similarity index 100% rename from OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base rename to OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/startup diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/dependencies.d/base new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run new file mode 100644 index 00000000..7df443a2 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then + echo "${SEALOS_DEVBOX_NAME}" >/etc/hostname +fi + +echo "${SEALOS_DEVBOX_POD_UID}" >/usr/start/pod_id \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type new file mode 100644 index 00000000..3d92b15f --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/startup b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/startup new file mode 100644 index 00000000..e69de29b From d787cc18167133134d12400e61a512df37af7510 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 22:47:53 +0800 Subject: [PATCH 29/49] fix: rename run script of startup to up Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 2 +- OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/{run => up} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/{run => up} (85%) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index bdc91a65..3e03e822 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -48,7 +48,7 @@ COPY /OS/debian-ssh/project /home/devbox/project COPY /OS/debian-ssh/etc/ /etc/ RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ - chmod 700 /etc/s6-overlay/s6-rc.d/startup/run && \ + chmod 700 /etc/s6-overlay/s6-rc.d/startup/up && \ chown -R devbox:devbox /home/devbox/project && \ chmod -R 777 /home/devbox/project diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up similarity index 85% rename from OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run rename to OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up index 7df443a2..d3cf25b4 100644 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/run +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/execlineb -P if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then echo "${SEALOS_DEVBOX_NAME}" >/etc/hostname From c642573f087fe871031d5a74be84d33998fd853f Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 23:11:57 +0800 Subject: [PATCH 30/49] fix: update startup script to use bash and create new startup.sh file Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 2 +- OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run | 4 ++-- OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh | 7 +++++++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up | 8 +------- 4 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 3e03e822..56aed047 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -48,7 +48,7 @@ COPY /OS/debian-ssh/project /home/devbox/project COPY /OS/debian-ssh/etc/ /etc/ RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ - chmod 700 /etc/s6-overlay/s6-rc.d/startup/up && \ + chmod 700 /etc/s6-overlay/s6-rc.d/startup/startup.sh && \ chown -R devbox:devbox /home/devbox/project && \ chmod -R 777 /home/devbox/project diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run index 8a4ee5ca..60af6eca 100644 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run @@ -1,3 +1,3 @@ -#!/usr/bin/execlineb -P +#!/usr/bin/env bash s6-setuidgid root -/usr/sbin/sshd -D +/usr/sbin/sshd -D -e > /var/log/sshd.log 2>&1 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh new file mode 100644 index 00000000..01d34760 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then + echo "${SEALOS_DEVBOX_NAME}" > /etc/hostname +fi +mkdir -p /usr/start +echo "${SEALOS_DEVBOX_POD_UID}" > /usr/start/pod_id \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up index d3cf25b4..2862310c 100644 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up @@ -1,7 +1 @@ -#!/usr/bin/execlineb -P - -if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then - echo "${SEALOS_DEVBOX_NAME}" >/etc/hostname -fi - -echo "${SEALOS_DEVBOX_POD_UID}" >/usr/start/pod_id \ No newline at end of file +./startup.sh \ No newline at end of file From 87b4a82376d792d572e4dc43804a2325ef7f82fe Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 23:20:30 +0800 Subject: [PATCH 31/49] fix: update path in startup script to use absolute reference for startup.sh Signed-off-by: Yun Pan --- OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up index 2862310c..7e2d664d 100644 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up @@ -1 +1 @@ -./startup.sh \ No newline at end of file +/etc/s6-overlay/s6-rc.d/startup/startup.sh \ No newline at end of file From 0f1ab5ab0e60772da38c7296c1b82bc823aeb51b Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Mon, 1 Sep 2025 23:20:45 +0800 Subject: [PATCH 32/49] docs add comment for s6-overlay retrieval Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 56aed047..1b0bb6fe 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -38,6 +38,7 @@ RUN apt-get update && \ chown -R devbox:devbox /home/devbox/.ssh && \ chmod -R 770 /home/devbox/.ssh +# Get s6-overlay ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp From ca12c32698b6d86c6b98408b29b15144a8dd5019 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 10:54:51 +0800 Subject: [PATCH 33/49] fix: add sshd-log service scripts and permissions for s6-overlay Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + OS/debian-ssh/12.6/etc/services.d/sshd/run | 0 .../s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base | 0 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up | 3 +++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run | 2 ++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run | 4 ++-- .../etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline | 0 12 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 OS/debian-ssh/12.6/etc/services.d/sshd/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 1b0bb6fe..725f0d0c 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -49,6 +49,7 @@ COPY /OS/debian-ssh/project /home/devbox/project COPY /OS/debian-ssh/etc/ /etc/ RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ + chmod 700 /etc/s6-overlay/s6-rc.d/sshd-log/run && \ chmod 700 /etc/s6-overlay/s6-rc.d/startup/startup.sh && \ chown -R devbox:devbox /home/devbox/project && \ chmod -R 777 /home/devbox/project diff --git a/OS/debian-ssh/12.6/etc/services.d/sshd/run b/OS/debian-ssh/12.6/etc/services.d/sshd/run new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type new file mode 100644 index 00000000..3d92b15f --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up new file mode 100644 index 00000000..e236fba5 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up @@ -0,0 +1,3 @@ +if { mkdir -p /var/log/sshd } +if { chown nobody:nogroup /var/log/sshd } +chmod 02755 /var/log/sshd \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for new file mode 100644 index 00000000..09920bc7 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for @@ -0,0 +1 @@ +sshd \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name new file mode 100644 index 00000000..a2207f26 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name @@ -0,0 +1 @@ +sshd-pipeline \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run new file mode 100644 index 00000000..12d7037d --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +exec logutil-service /var/log/sshd \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for new file mode 100644 index 00000000..363d3573 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for @@ -0,0 +1 @@ +sshd-log \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run index 60af6eca..b9b25e4e 100644 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run @@ -1,3 +1,3 @@ #!/usr/bin/env bash -s6-setuidgid root -/usr/sbin/sshd -D -e > /var/log/sshd.log 2>&1 +exec 2>&1 +exec /usr/sbin/sshd -D -e diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline new file mode 100644 index 00000000..e69de29b From c4b666c3adcc2441bd14366c62e9a058a2db3bd2 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 11:15:41 +0800 Subject: [PATCH 34/49] fix: add sshd-log-prepare file for service dependencies Signed-off-by: Yun Pan --- .../s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare new file mode 100644 index 00000000..e69de29b From 51f81f2eeaa9a711f1e94b8ef5e1daf530f3bb58 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 12:26:43 +0800 Subject: [PATCH 35/49] fix: add supercronic installation and crond-log service configuration Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 8 ++++++++ .../s6-rc.d/crond-log-prepare/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/crond-log-prepare/type | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up | 3 +++ .../etc/s6-overlay/s6-rc.d/crond-log/consumer-for | 1 + .../s6-rc.d/crond-log/dependencies.d/crond-log-prepare | 0 .../etc/s6-overlay/s6-rc.d/crond-log/pipeline-name | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run | 2 ++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type | 1 + .../etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup | 0 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run | 3 +++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type | 1 + .../etc/s6-overlay/s6-rc.d/user/contents.d/crond | 0 .../etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline | 0 15 files changed, 22 insertions(+) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/dependencies.d/base create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/dependencies.d/crond-log-prepare create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 725f0d0c..e4c973cd 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -1,5 +1,6 @@ FROM debian:12.6-slim ARG S6_OVERLAY_VERSION=3.2.1.0 +ARG SUPERCRONIC_VERSION=v0.2.34 RUN apt-get update && \ apt-get install -y \ @@ -17,6 +18,7 @@ RUN apt-get update && \ xz-utils \ openssh-client \ openssh-server && \ + anacron && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ mkdir -p /run/sshd && \ @@ -38,6 +40,10 @@ RUN apt-get update && \ chown -R devbox:devbox /home/devbox/.ssh && \ chmod -R 770 /home/devbox/.ssh +# Install supercronic +ADD https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-linux-amd64 /usr/sbin/supercronic +RUN chmod +x /usr/sbin/supercronic + # Get s6-overlay ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz @@ -50,6 +56,8 @@ COPY /OS/debian-ssh/etc/ /etc/ RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ chmod 700 /etc/s6-overlay/s6-rc.d/sshd-log/run && \ + chmod 700 /etc/s6-overlay/s6-rc.d/crond/run && \ + chmod 700 /etc/s6-overlay/s6-rc.d/crond-log/run && \ chmod 700 /etc/s6-overlay/s6-rc.d/startup/startup.sh && \ chown -R devbox:devbox /home/devbox/project && \ chmod -R 777 /home/devbox/project diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/dependencies.d/base new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type new file mode 100644 index 00000000..3d92b15f --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up new file mode 100644 index 00000000..e3a79829 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up @@ -0,0 +1,3 @@ +if { mkdir -p /var/log/crond } +if { chown nobody:nogroup /var/log/crond } +chmod 02755 /var/log/crond \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for new file mode 100644 index 00000000..e9d50809 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for @@ -0,0 +1 @@ +crond \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/dependencies.d/crond-log-prepare b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/dependencies.d/crond-log-prepare new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name new file mode 100644 index 00000000..f3333391 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name @@ -0,0 +1 @@ +crond-pipeline \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run new file mode 100644 index 00000000..e090baf2 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +exec logutil-service /var/log/crond \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for new file mode 100644 index 00000000..5718b544 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for @@ -0,0 +1 @@ +crond-log \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run new file mode 100644 index 00000000..163d19eb --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +exec 2>&1 +exec /usr/sbin/supercronic /etc/crontab diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline new file mode 100644 index 00000000..e69de29b From c891e4cb1cef75530a264abe62260a3186507757 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 15:08:55 +0800 Subject: [PATCH 36/49] fix: correct anacron installation order in Dockerfile Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index e4c973cd..fef9a28c 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -17,8 +17,8 @@ RUN apt-get update && \ git \ xz-utils \ openssh-client \ + anacron \ openssh-server && \ - anacron && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ mkdir -p /run/sshd && \ From b5e676fe81c76ea51b21374e1e12f58c367a7c8c Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 15:33:32 +0800 Subject: [PATCH 37/49] fix: add logrotate installation to Dockerfile Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index fef9a28c..7d87889b 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -18,6 +18,7 @@ RUN apt-get update && \ xz-utils \ openssh-client \ anacron \ + logrotate \ openssh-server && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ From c917dc129bf2543e50bee5de26b86b2f668c53c8 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 16:06:32 +0800 Subject: [PATCH 38/49] fix: update logrotate policies for btmp and wtmp to run daily with max size limits Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 7d87889b..0fbec552 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -41,6 +41,28 @@ RUN apt-get update && \ chown -R devbox:devbox /home/devbox/.ssh && \ chmod -R 770 /home/devbox/.ssh +# Override logrotate policy for /var/log/btmp to run daily and set max size to 10MiB +RUN cat > /etc/logrotate.d/btmp <<'EOF' +/var/log/btmp { + missingok + daily + create 0664 root utmp + rotate 1 + maxsize 10M +} +EOF + +# Override logrotate policy for /var/log/wtmp to run daily and set max size to 10MiB +RUN cat > /etc/logrotate.d/wtmp <<'EOF' +/var/log/wtmp { + missingok + daily + create 0660 root utmp + rotate 1 + maxsize 10M +} +EOF + # Install supercronic ADD https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-linux-amd64 /usr/sbin/supercronic RUN chmod +x /usr/sbin/supercronic From db51399cb74d672afc5ff40f3cc47351fc5a0bdf Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 16:18:20 +0800 Subject: [PATCH 39/49] fix: enable log compression in logrotate configuration Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 0fbec552..3074e722 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -24,6 +24,7 @@ RUN apt-get update && \ rm -rf /var/lib/apt/lists/* && \ mkdir -p /run/sshd && \ chmod 755 /run/sshd && \ + sed -i '/^#.*compress/ s/^# *//; /compress/! s/^create/&\ncompress/' /etc/logrotate.conf && \ echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config && \ echo 'GatewayPorts yes' >> /etc/ssh/sshd_config && \ echo 'X11Forwarding yes' >> /etc/ssh/sshd_config && \ From a8d6de2632e1bf461f6ece8b948561ec7ce1ffb5 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 17:11:19 +0800 Subject: [PATCH 40/49] fix: refactor Dockerfile and add configuration script for SSH and logrotate Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 57 ++--------------------- OS/debian-ssh/configure.sh | 86 +++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 53 deletions(-) create mode 100644 OS/debian-ssh/configure.sh diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 3074e722..faccc431 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -2,6 +2,7 @@ FROM debian:12.6-slim ARG S6_OVERLAY_VERSION=3.2.1.0 ARG SUPERCRONIC_VERSION=v0.2.34 +# Install required packages RUN apt-get update && \ apt-get install -y \ wget \ @@ -19,50 +20,7 @@ RUN apt-get update && \ openssh-client \ anacron \ logrotate \ - openssh-server && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - mkdir -p /run/sshd && \ - chmod 755 /run/sshd && \ - sed -i '/^#.*compress/ s/^# *//; /compress/! s/^create/&\ncompress/' /etc/logrotate.conf && \ - echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config && \ - echo 'GatewayPorts yes' >> /etc/ssh/sshd_config && \ - echo 'X11Forwarding yes' >> /etc/ssh/sshd_config && \ - echo 'Port 22' >> /etc/ssh/sshd_config && \ - echo 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' >> /etc/ssh/sshd_config && \ - echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config && \ - echo 'PermitRootLogin prohibit-password' >> /etc/ssh/sshd_config && \ - useradd -m -s /bin/bash devbox && \ - usermod -aG sudo devbox && \ - echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - rm -rf /tmp/* && \ - mkdir -p /home/devbox/.ssh && \ - PASS=$(openssl rand -base64 16) && \ - echo "devbox:$PASS" | sudo chpasswd && \ - chown -R devbox:devbox /home/devbox/.ssh && \ - chmod -R 770 /home/devbox/.ssh - -# Override logrotate policy for /var/log/btmp to run daily and set max size to 10MiB -RUN cat > /etc/logrotate.d/btmp <<'EOF' -/var/log/btmp { - missingok - daily - create 0664 root utmp - rotate 1 - maxsize 10M -} -EOF - -# Override logrotate policy for /var/log/wtmp to run daily and set max size to 10MiB -RUN cat > /etc/logrotate.d/wtmp <<'EOF' -/var/log/wtmp { - missingok - daily - create 0660 root utmp - rotate 1 - maxsize 10M -} -EOF + openssh-server # Install supercronic ADD https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-linux-amd64 /usr/sbin/supercronic @@ -77,16 +35,9 @@ RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz COPY /OS/debian-ssh/project /home/devbox/project # Copy custom s6-overlay service / rc definitions COPY /OS/debian-ssh/etc/ /etc/ +COPY /OS/debian-ssh/configure.sh /tmp/configure.sh -RUN chmod 700 /etc/s6-overlay/s6-rc.d/sshd/run && \ - chmod 700 /etc/s6-overlay/s6-rc.d/sshd-log/run && \ - chmod 700 /etc/s6-overlay/s6-rc.d/crond/run && \ - chmod 700 /etc/s6-overlay/s6-rc.d/crond-log/run && \ - chmod 700 /etc/s6-overlay/s6-rc.d/startup/startup.sh && \ - chown -R devbox:devbox /home/devbox/project && \ - chmod -R 777 /home/devbox/project - +RUN chmod +x /tmp/configure.sh && /tmp/configure.sh && rm -rf /tmp/* WORKDIR /home/devbox/project EXPOSE 22 - ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh new file mode 100644 index 00000000..715169b4 --- /dev/null +++ b/OS/debian-ssh/configure.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Remove apt cache +apt-get clean && rm -rf /var/lib/apt/lists/* + +# Configure sshd +SSHD_CONFIG=/etc/ssh/sshd_config + +set_sshd_config() { + local key value + key="$(echo "$1" | awk '{print $1}')" + value="$(echo "$1" | cut -d' ' -f2-)" + if grep -q "^$key " "$SSHD_CONFIG"; then + sed -i "s|^$key .*|$key $value|" "$SSHD_CONFIG" + else + echo "$key $value" >> "$SSHD_CONFIG" + fi +} + +set_sshd_config 'X11Forwarding no' +set_sshd_config 'IgnoreRhosts yes' +set_sshd_config 'Port 2222' +set_sshd_config 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' +set_sshd_config 'PasswordAuthentication no' +set_sshd_config 'PublicKeyAuthentication yes' +set_sshd_config 'PermitRootLogin prohibit-password' +set_sshd_config 'PermitEmptyPasswords no' +mkdir -p /run/sshd && chmod 755 /run/sshd + +# Enable compression in global logrotate.conf +if ! grep -q '^compress' /etc/logrotate.conf; then + if grep -q '^#.*compress' /etc/logrotate.conf; then + sed -i '/^#.*compress/ s/^# *//' /etc/logrotate.conf + else + # insert after first 'create' or at end + if grep -q '^create ' /etc/logrotate.conf; then + sed -i '/^create /a compress' /etc/logrotate.conf + else + echo 'compress' >> /etc/logrotate.conf + fi + fi +fi + +# Override btmp rotation +cat > /etc/logrotate.d/btmp <<'EOF' +/var/log/btmp { + missingok + daily + create 0664 root utmp + rotate 1 + maxsize 10M +} +EOF + +# Override wtmp rotation +cat > /etc/logrotate.d/wtmp <<'EOF' +/var/log/wtmp { + missingok + daily + create 0660 root utmp + rotate 1 + maxsize 10M +} +EOF + +# Ensure s6 service scripts have correct permissions if they already exist (idempotent) +for f in \ + /etc/s6-overlay/s6-rc.d/sshd/run \ + /etc/s6-overlay/s6-rc.d/sshd-log/run \ + /etc/s6-overlay/s6-rc.d/crond/run \ + /etc/s6-overlay/s6-rc.d/crond-log/run \ + /etc/s6-overlay/s6-rc.d/startup/startup.sh; do + [ -f "$f" ] && chmod 700 "$f" || true +done + +# Add user devbox +useradd -m -s /bin/bash devbox && usermod -aG sudo devbox && echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers +# Change the password of user devbox +PASS=$(openssl rand -base64 16) && echo "devbox:$PASS" | chpasswd +# Change the home directory ownership +chown -R devbox:devbox /home/devbox/ && chmod -R 770 /home/devbox/ +# Create SSH directory for user devbox +mkdir -p /home/devbox/.ssh && chmod -R 700 /home/devbox/.ssh && chown -R devbox:devbox /home/devbox/.ssh + +echo "Configuration applied." >&2 \ No newline at end of file From 43a7de821521864755cd10972a02d0f755c7ef43 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 18:01:24 +0800 Subject: [PATCH 41/49] feat: add sshproxy service and logging configuration to Dockerfile and scripts Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 5 +++++ OS/debian-ssh/configure.sh | 3 +++ .../s6-rc.d/sshproxy-log-prepare/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up | 3 +++ .../etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for | 1 + .../s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare | 0 .../etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run | 2 ++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type | 1 + .../etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd | 0 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for | 1 + OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run | 3 +++ OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type | 1 + 14 files changed, 22 insertions(+) create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/dependencies.d/base create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run create mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index faccc431..d36973c1 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -1,6 +1,7 @@ FROM debian:12.6-slim ARG S6_OVERLAY_VERSION=3.2.1.0 ARG SUPERCRONIC_VERSION=v0.2.34 +ARG SSHPROXY_VERSION=v0.0.0-alpha # Install required packages RUN apt-get update && \ @@ -32,6 +33,10 @@ RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz +# Install sshproxy +ADD https://github.com/dinoallo/devbox-connect/releases/download/${SSHPROXY_VERSION}/sshproxy-linux-amd64 /usr/sbin/sshproxy +RUN chmod +x /usr/sbin/sshproxy + COPY /OS/debian-ssh/project /home/devbox/project # Copy custom s6-overlay service / rc definitions COPY /OS/debian-ssh/etc/ /etc/ diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh index 715169b4..45494ab6 100644 --- a/OS/debian-ssh/configure.sh +++ b/OS/debian-ssh/configure.sh @@ -20,6 +20,7 @@ set_sshd_config() { set_sshd_config 'X11Forwarding no' set_sshd_config 'IgnoreRhosts yes' +set_sshd_config 'ListenAddress localhost' set_sshd_config 'Port 2222' set_sshd_config 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' set_sshd_config 'PasswordAuthentication no' @@ -70,6 +71,8 @@ for f in \ /etc/s6-overlay/s6-rc.d/sshd-log/run \ /etc/s6-overlay/s6-rc.d/crond/run \ /etc/s6-overlay/s6-rc.d/crond-log/run \ + /etc/s6-overlay/s6-rc.d/sshproxy/run \ + /etc/s6-overlay/s6-rc.d/sshproxy-log/run \ /etc/s6-overlay/s6-rc.d/startup/startup.sh; do [ -f "$f" ] && chmod 700 "$f" || true done diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/dependencies.d/base new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type new file mode 100644 index 00000000..3d92b15f --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up new file mode 100644 index 00000000..3356c830 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up @@ -0,0 +1,3 @@ +if { mkdir -p /var/log/sshproxy } +if { chown nobody:nogroup /var/log/sshproxy } +chmod 02755 /var/log/sshproxy \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for new file mode 100644 index 00000000..1d233982 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for @@ -0,0 +1 @@ +sshproxy \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name new file mode 100644 index 00000000..bc3bc746 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name @@ -0,0 +1 @@ +sshproxy-pipeline \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run new file mode 100644 index 00000000..420db981 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +exec logutil-service /var/log/sshproxy \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd new file mode 100644 index 00000000..e69de29b diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for new file mode 100644 index 00000000..510738dc --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for @@ -0,0 +1 @@ +sshproxy-log \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run new file mode 100644 index 00000000..23275808 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +exec 2>&1 +exec SSHPROXY_AUTH_LOG=/var/log/sshd/auth.log /usr/sbin/sshproxy :22 localhost:2222 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type @@ -0,0 +1 @@ +longrun \ No newline at end of file From e31226e6e91d5c8493d13b3e7a2a061ce4638ce7 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 18:24:05 +0800 Subject: [PATCH 42/49] refactor: remove obsolete s6-overlay service definitions and scripts Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 4 +- OS/debian-ssh/12.6/etc/services.d/sshd/run | 0 OS/debian-ssh/configure.sh | 84 +++++++++++++++++++ .../crond-log-prepare/dependencies.d/base | 0 .../s6-overlay/s6-rc.d/crond-log-prepare/type | 1 - .../s6-overlay/s6-rc.d/crond-log-prepare/up | 3 - .../s6-overlay/s6-rc.d/crond-log/consumer-for | 1 - .../dependencies.d/crond-log-prepare | 0 .../s6-rc.d/crond-log/pipeline-name | 1 - .../etc/s6-overlay/s6-rc.d/crond-log/run | 2 - .../etc/s6-overlay/s6-rc.d/crond-log/type | 1 - .../s6-rc.d/crond/dependencies.d/startup | 0 .../etc/s6-overlay/s6-rc.d/crond/producer-for | 1 - .../etc/s6-overlay/s6-rc.d/crond/run | 3 - .../etc/s6-overlay/s6-rc.d/crond/type | 1 - .../sshd-log-prepare/dependencies.d/base | 0 .../s6-overlay/s6-rc.d/sshd-log-prepare/type | 1 - .../s6-overlay/s6-rc.d/sshd-log-prepare/up | 3 - .../s6-overlay/s6-rc.d/sshd-log/consumer-for | 1 - .../sshd-log/dependencies.d/sshd-log-prepare | 0 .../s6-overlay/s6-rc.d/sshd-log/pipeline-name | 1 - .../etc/s6-overlay/s6-rc.d/sshd-log/run | 2 - .../etc/s6-overlay/s6-rc.d/sshd-log/type | 1 - .../s6-rc.d/sshd/dependencies.d/startup | 0 .../etc/s6-overlay/s6-rc.d/sshd/producer-for | 1 - OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run | 3 - .../etc/s6-overlay/s6-rc.d/sshd/type | 1 - .../sshproxy-log-prepare/dependencies.d/base | 0 .../s6-rc.d/sshproxy-log-prepare/type | 1 - .../s6-rc.d/sshproxy-log-prepare/up | 3 - .../s6-rc.d/sshproxy-log/consumer-for | 1 - .../dependencies.d/sshproxy-log-prepare | 0 .../s6-rc.d/sshproxy-log/pipeline-name | 1 - .../etc/s6-overlay/s6-rc.d/sshproxy-log/run | 2 - .../etc/s6-overlay/s6-rc.d/sshproxy-log/type | 1 - .../s6-rc.d/sshproxy/dependencies.d/sshd | 0 .../s6-overlay/s6-rc.d/sshproxy/producer-for | 1 - .../etc/s6-overlay/s6-rc.d/sshproxy/run | 3 - .../etc/s6-overlay/s6-rc.d/sshproxy/type | 1 - .../s6-rc.d/startup/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/startup/startup.sh | 7 -- .../etc/s6-overlay/s6-rc.d/startup/type | 1 - .../etc/s6-overlay/s6-rc.d/startup/up | 1 - .../s6-overlay/s6-rc.d/user/contents.d/crond | 0 .../s6-rc.d/user/contents.d/crond-pipeline | 0 .../s6-overlay/s6-rc.d/user/contents.d/sshd | 0 .../s6-rc.d/user/contents.d/sshd-pipeline | 0 .../s6-rc.d/user/contents.d/startup | 0 48 files changed, 85 insertions(+), 54 deletions(-) delete mode 100644 OS/debian-ssh/12.6/etc/services.d/sshd/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/dependencies.d/base delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/dependencies.d/crond-log-prepare delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/startup delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/dependencies.d/base delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/dependencies.d/base delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline delete mode 100644 OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/startup diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index d36973c1..83e020c2 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -38,10 +38,8 @@ ADD https://github.com/dinoallo/devbox-connect/releases/download/${SSHPROXY_VERS RUN chmod +x /usr/sbin/sshproxy COPY /OS/debian-ssh/project /home/devbox/project -# Copy custom s6-overlay service / rc definitions -COPY /OS/debian-ssh/etc/ /etc/ COPY /OS/debian-ssh/configure.sh /tmp/configure.sh - +# Run the configuration script RUN chmod +x /tmp/configure.sh && /tmp/configure.sh && rm -rf /tmp/* WORKDIR /home/devbox/project EXPOSE 22 diff --git a/OS/debian-ssh/12.6/etc/services.d/sshd/run b/OS/debian-ssh/12.6/etc/services.d/sshd/run deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh index 45494ab6..5898e59b 100644 --- a/OS/debian-ssh/configure.sh +++ b/OS/debian-ssh/configure.sh @@ -77,6 +77,90 @@ for f in \ [ -f "$f" ] && chmod 700 "$f" || true done +# Dynamically (re)create s6-rc.d service definitions if missing +S6_DIR=/etc/s6-overlay/s6-rc.d +mkdir -p "$S6_DIR" + +make_longrun() { # name cmd... + local name="$1"; shift + mkdir -p "$S6_DIR/$name" "$S6_DIR/$name/dependencies.d" + { echo '#!/usr/bin/env bash'; echo 'exec 2>&1'; echo "exec $*"; } >"$S6_DIR/$name/run" + echo longrun >"$S6_DIR/$name/type" + chmod 700 "$S6_DIR/$name/run" +} + +make_oneshot_up() { # name lines... + local name="$1"; shift + mkdir -p "$S6_DIR/$name" "$S6_DIR/$name/dependencies.d" + echo oneshot >"$S6_DIR/$name/type" + printf '%s\n' "$@" >"$S6_DIR/$name/up" + chmod 644 "$S6_DIR/$name/up" +} + +# startup oneshot referencing existing script +mkdir -p "$S6_DIR/startup" "$S6_DIR/startup/dependencies.d" +# Create startup.sh first (idempotent overwrite) +cat >"$S6_DIR/startup/startup.sh" <<'STARTUP' +#!/usr/bin/env bash +set -euo pipefail + +if [ -n "${SEALOS_DEVBOX_NAME:-}" ]; then + echo "${SEALOS_DEVBOX_NAME}" > /etc/hostname +fi +mkdir -p /usr/start +if [ -n "${SEALOS_DEVBOX_POD_UID:-}" ]; then + echo "${SEALOS_DEVBOX_POD_UID}" > /usr/start/pod_id +fi +STARTUP +chmod 700 "$S6_DIR/startup/startup.sh" +echo oneshot >"$S6_DIR/startup/type" +echo '/etc/s6-overlay/s6-rc.d/startup/startup.sh' >"$S6_DIR/startup/up" +chmod 644 "$S6_DIR/startup/up" + +# sshd service +make_longrun sshd /usr/sbin/sshd -D -e +touch "$S6_DIR/sshd/dependencies.d/startup" + +# sshd logging +make_oneshot_up sshd-log-prepare \ + 'if { mkdir -p /var/log/sshd }' \ + 'if { chown nobody:nogroup /var/log/sshd }' \ + 'chmod 02755 /var/log/sshd' +touch "$S6_DIR/sshd-log-prepare/dependencies.d/base" +make_longrun sshd-log logutil-service /var/log/sshd +touch "$S6_DIR/sshd-log/dependencies.d/sshd-log-prepare" + +# sshproxy +make_longrun sshproxy SSHPROXY_AUTH_LOG=/var/log/sshd/auth.log /usr/sbin/sshproxy :22 localhost:2222 +touch "$S6_DIR/sshproxy/dependencies.d/sshd" + +make_oneshot_up sshproxy-log-prepare \ + 'if { mkdir -p /var/log/sshproxy }' \ + 'if { chown nobody:nogroup /var/log/sshproxy }' \ + 'chmod 02755 /var/log/sshproxy' +touch "$S6_DIR/sshproxy-log-prepare/dependencies.d/base" +make_longrun sshproxy-log logutil-service /var/log/sshproxy +touch "$S6_DIR/sshproxy-log/dependencies.d/sshproxy-log-prepare" + +# crond via supercronic +make_longrun crond /usr/sbin/supercronic /etc/crontab +touch "$S6_DIR/crond/dependencies.d/startup" +make_oneshot_up crond-log-prepare \ + 'if { mkdir -p /var/log/crond }' \ + 'if { chown nobody:nogroup /var/log/crond }' \ + 'chmod 02755 /var/log/crond' +touch "$S6_DIR/crond-log-prepare/dependencies.d/base" +make_longrun crond-log logutil-service /var/log/crond +touch "$S6_DIR/crond-log/dependencies.d/crond-log-prepare" + +# user bundle contents +mkdir -p "$S6_DIR/user/contents.d" +for svc in startup sshd sshd-log-prepare sshd-log sshproxy sshproxy-log-prepare sshproxy-log crond crond-log-prepare crond-log; do + : >"$S6_DIR/user/contents.d/$svc" +done + +echo "s6-rc.d services ensured." >&2 + # Add user devbox useradd -m -s /bin/bash devbox && usermod -aG sudo devbox && echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers # Change the password of user devbox diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/dependencies.d/base deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type deleted file mode 100644 index 3d92b15f..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up deleted file mode 100644 index e3a79829..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log-prepare/up +++ /dev/null @@ -1,3 +0,0 @@ -if { mkdir -p /var/log/crond } -if { chown nobody:nogroup /var/log/crond } -chmod 02755 /var/log/crond \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for deleted file mode 100644 index e9d50809..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/consumer-for +++ /dev/null @@ -1 +0,0 @@ -crond \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/dependencies.d/crond-log-prepare b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/dependencies.d/crond-log-prepare deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name deleted file mode 100644 index f3333391..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/pipeline-name +++ /dev/null @@ -1 +0,0 @@ -crond-pipeline \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run deleted file mode 100644 index e090baf2..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -exec logutil-service /var/log/crond \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type deleted file mode 100644 index 1780f9f4..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond-log/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/dependencies.d/startup deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for deleted file mode 100644 index 5718b544..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/producer-for +++ /dev/null @@ -1 +0,0 @@ -crond-log \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run deleted file mode 100644 index 163d19eb..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -exec 2>&1 -exec /usr/sbin/supercronic /etc/crontab diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type deleted file mode 100644 index 1780f9f4..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/crond/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/dependencies.d/base deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type deleted file mode 100644 index 3d92b15f..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up deleted file mode 100644 index e236fba5..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log-prepare/up +++ /dev/null @@ -1,3 +0,0 @@ -if { mkdir -p /var/log/sshd } -if { chown nobody:nogroup /var/log/sshd } -chmod 02755 /var/log/sshd \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for deleted file mode 100644 index 09920bc7..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/consumer-for +++ /dev/null @@ -1 +0,0 @@ -sshd \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/dependencies.d/sshd-log-prepare deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name deleted file mode 100644 index a2207f26..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/pipeline-name +++ /dev/null @@ -1 +0,0 @@ -sshd-pipeline \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run deleted file mode 100644 index 12d7037d..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -exec logutil-service /var/log/sshd \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type deleted file mode 100644 index 1780f9f4..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd-log/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/startup b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/startup deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for deleted file mode 100644 index 363d3573..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/producer-for +++ /dev/null @@ -1 +0,0 @@ -sshd-log \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run deleted file mode 100644 index b9b25e4e..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -exec 2>&1 -exec /usr/sbin/sshd -D -e diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type deleted file mode 100644 index 1780f9f4..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshd/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/dependencies.d/base deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type deleted file mode 100644 index 3d92b15f..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up deleted file mode 100644 index 3356c830..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log-prepare/up +++ /dev/null @@ -1,3 +0,0 @@ -if { mkdir -p /var/log/sshproxy } -if { chown nobody:nogroup /var/log/sshproxy } -chmod 02755 /var/log/sshproxy \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for deleted file mode 100644 index 1d233982..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/consumer-for +++ /dev/null @@ -1 +0,0 @@ -sshproxy \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/dependencies.d/sshproxy-log-prepare deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name deleted file mode 100644 index bc3bc746..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/pipeline-name +++ /dev/null @@ -1 +0,0 @@ -sshproxy-pipeline \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run deleted file mode 100644 index 420db981..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -exec logutil-service /var/log/sshproxy \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type deleted file mode 100644 index 1780f9f4..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy-log/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/dependencies.d/sshd deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for deleted file mode 100644 index 510738dc..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/producer-for +++ /dev/null @@ -1 +0,0 @@ -sshproxy-log \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run deleted file mode 100644 index 23275808..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -exec 2>&1 -exec SSHPROXY_AUTH_LOG=/var/log/sshd/auth.log /usr/sbin/sshproxy :22 localhost:2222 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type deleted file mode 100644 index 1780f9f4..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/sshproxy/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/dependencies.d/base b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/dependencies.d/base deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh deleted file mode 100644 index 01d34760..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/startup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then - echo "${SEALOS_DEVBOX_NAME}" > /etc/hostname -fi -mkdir -p /usr/start -echo "${SEALOS_DEVBOX_POD_UID}" > /usr/start/pod_id \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type deleted file mode 100644 index 3d92b15f..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up deleted file mode 100644 index 7e2d664d..00000000 --- a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/startup/up +++ /dev/null @@ -1 +0,0 @@ -/etc/s6-overlay/s6-rc.d/startup/startup.sh \ No newline at end of file diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/crond-pipeline deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/sshd-pipeline deleted file mode 100644 index e69de29b..00000000 diff --git a/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/startup b/OS/debian-ssh/etc/s6-overlay/s6-rc.d/user/contents.d/startup deleted file mode 100644 index e69de29b..00000000 From 51de3ce2d728f41db74695a64a2fef4554046a03 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 18:41:38 +0800 Subject: [PATCH 43/49] fix: correct sshproxy auth log path and ensure s6 service scripts have proper permissions Signed-off-by: Yun Pan --- OS/debian-ssh/configure.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh index 5898e59b..7582691a 100644 --- a/OS/debian-ssh/configure.sh +++ b/OS/debian-ssh/configure.sh @@ -24,7 +24,7 @@ set_sshd_config 'ListenAddress localhost' set_sshd_config 'Port 2222' set_sshd_config 'AuthorizedKeysFile /usr/start/.ssh/authorized_keys' set_sshd_config 'PasswordAuthentication no' -set_sshd_config 'PublicKeyAuthentication yes' +set_sshd_config 'PubKeyAuthentication yes' set_sshd_config 'PermitRootLogin prohibit-password' set_sshd_config 'PermitEmptyPasswords no' mkdir -p /run/sshd && chmod 755 /run/sshd @@ -65,18 +65,6 @@ cat > /etc/logrotate.d/wtmp <<'EOF' } EOF -# Ensure s6 service scripts have correct permissions if they already exist (idempotent) -for f in \ - /etc/s6-overlay/s6-rc.d/sshd/run \ - /etc/s6-overlay/s6-rc.d/sshd-log/run \ - /etc/s6-overlay/s6-rc.d/crond/run \ - /etc/s6-overlay/s6-rc.d/crond-log/run \ - /etc/s6-overlay/s6-rc.d/sshproxy/run \ - /etc/s6-overlay/s6-rc.d/sshproxy-log/run \ - /etc/s6-overlay/s6-rc.d/startup/startup.sh; do - [ -f "$f" ] && chmod 700 "$f" || true -done - # Dynamically (re)create s6-rc.d service definitions if missing S6_DIR=/etc/s6-overlay/s6-rc.d mkdir -p "$S6_DIR" @@ -112,7 +100,6 @@ if [ -n "${SEALOS_DEVBOX_POD_UID:-}" ]; then echo "${SEALOS_DEVBOX_POD_UID}" > /usr/start/pod_id fi STARTUP -chmod 700 "$S6_DIR/startup/startup.sh" echo oneshot >"$S6_DIR/startup/type" echo '/etc/s6-overlay/s6-rc.d/startup/startup.sh' >"$S6_DIR/startup/up" chmod 644 "$S6_DIR/startup/up" @@ -131,7 +118,7 @@ make_longrun sshd-log logutil-service /var/log/sshd touch "$S6_DIR/sshd-log/dependencies.d/sshd-log-prepare" # sshproxy -make_longrun sshproxy SSHPROXY_AUTH_LOG=/var/log/sshd/auth.log /usr/sbin/sshproxy :22 localhost:2222 +make_longrun sshproxy SSHPROXY_AUTH_LOG=/var/log/sshd/current /usr/sbin/sshproxy :22 localhost:2222 touch "$S6_DIR/sshproxy/dependencies.d/sshd" make_oneshot_up sshproxy-log-prepare \ @@ -159,6 +146,19 @@ for svc in startup sshd sshd-log-prepare sshd-log sshproxy sshproxy-log-prepare : >"$S6_DIR/user/contents.d/$svc" done + +# Ensure s6 service scripts have correct permissions if they already exist (idempotent) +for f in \ + /etc/s6-overlay/s6-rc.d/sshd/run \ + /etc/s6-overlay/s6-rc.d/sshd-log/run \ + /etc/s6-overlay/s6-rc.d/crond/run \ + /etc/s6-overlay/s6-rc.d/crond-log/run \ + /etc/s6-overlay/s6-rc.d/sshproxy/run \ + /etc/s6-overlay/s6-rc.d/sshproxy-log/run \ + /etc/s6-overlay/s6-rc.d/startup/startup.sh; do + [ -f "$f" ] && chmod 700 "$f" || true +done + echo "s6-rc.d services ensured." >&2 # Add user devbox From 2848023eb272bc95985096d1b913d5a922d5dfa5 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 18:41:50 +0800 Subject: [PATCH 44/49] fix: update comment for s6-overlay installation in Dockerfile Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 83e020c2..940641c6 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -27,7 +27,7 @@ RUN apt-get update && \ ADD https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-linux-amd64 /usr/sbin/supercronic RUN chmod +x /usr/sbin/supercronic -# Get s6-overlay +# Install s6-overlay ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp From a6d17ff0727303f8291d12e7ae545ad9cb2b3e43 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 18:59:00 +0800 Subject: [PATCH 45/49] fix: update sshproxy service definition to include env variable for auth log Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + OS/debian-ssh/configure.sh | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 940641c6..96feeb18 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -39,6 +39,7 @@ RUN chmod +x /usr/sbin/sshproxy COPY /OS/debian-ssh/project /home/devbox/project COPY /OS/debian-ssh/configure.sh /tmp/configure.sh + # Run the configuration script RUN chmod +x /tmp/configure.sh && /tmp/configure.sh && rm -rf /tmp/* WORKDIR /home/devbox/project diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh index 7582691a..37314dfc 100644 --- a/OS/debian-ssh/configure.sh +++ b/OS/debian-ssh/configure.sh @@ -118,8 +118,8 @@ make_longrun sshd-log logutil-service /var/log/sshd touch "$S6_DIR/sshd-log/dependencies.d/sshd-log-prepare" # sshproxy -make_longrun sshproxy SSHPROXY_AUTH_LOG=/var/log/sshd/current /usr/sbin/sshproxy :22 localhost:2222 -touch "$S6_DIR/sshproxy/dependencies.d/sshd" +make_longrun sshproxy env SSHPROXY_AUTH_LOG=/var/log/sshd/current /usr/sbin/sshproxy :22 localhost:2222 +touch "$S6_DIR/sshproxy/dependencies.d/sshd-log" make_oneshot_up sshproxy-log-prepare \ 'if { mkdir -p /var/log/sshproxy }' \ From 7fbf4355963fc2930bd5242ad89a924d406ffeef Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Tue, 2 Sep 2025 19:15:57 +0800 Subject: [PATCH 46/49] fix: add logging configuration for sshd and sshproxy services in configure.sh Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 1 + OS/debian-ssh/configure.sh | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index 96feeb18..c7d66de9 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -1,4 +1,5 @@ FROM debian:12.6-slim + ARG S6_OVERLAY_VERSION=3.2.1.0 ARG SUPERCRONIC_VERSION=v0.2.34 ARG SSHPROXY_VERSION=v0.0.0-alpha diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh index 37314dfc..884d2d4a 100644 --- a/OS/debian-ssh/configure.sh +++ b/OS/debian-ssh/configure.sh @@ -77,6 +77,14 @@ make_longrun() { # name cmd... chmod 700 "$S6_DIR/$name/run" } +make_log_longrun() { # name cmd... + local name="$1"; shift + mkdir -p "$S6_DIR/$name" "$S6_DIR/$name/dependencies.d" + { echo '#!/usr/bin/env bash'; echo "exec $*"; } >"$S6_DIR/$name/run" + echo longrun >"$S6_DIR/$name/type" + chmod 700 "$S6_DIR/$name/run" +} + make_oneshot_up() { # name lines... local name="$1"; shift mkdir -p "$S6_DIR/$name" "$S6_DIR/$name/dependencies.d" @@ -107,6 +115,7 @@ chmod 644 "$S6_DIR/startup/up" # sshd service make_longrun sshd /usr/sbin/sshd -D -e touch "$S6_DIR/sshd/dependencies.d/startup" +echo 'sshd-log' > "$S6_DIR/sshd/producer-for" # sshd logging make_oneshot_up sshd-log-prepare \ @@ -114,31 +123,39 @@ make_oneshot_up sshd-log-prepare \ 'if { chown nobody:nogroup /var/log/sshd }' \ 'chmod 02755 /var/log/sshd' touch "$S6_DIR/sshd-log-prepare/dependencies.d/base" -make_longrun sshd-log logutil-service /var/log/sshd +make_log_longrun sshd-log logutil-service /var/log/sshd touch "$S6_DIR/sshd-log/dependencies.d/sshd-log-prepare" +echo 'sshd' > "$S6_DIR/sshd-log/consumer-for" +echo 'sshd-pipeline' > "$S6_DIR/sshd-log/pipeline-name" # sshproxy make_longrun sshproxy env SSHPROXY_AUTH_LOG=/var/log/sshd/current /usr/sbin/sshproxy :22 localhost:2222 touch "$S6_DIR/sshproxy/dependencies.d/sshd-log" +echo 'sshproxy-log' > "$S6_DIR/sshproxy/producer-for" make_oneshot_up sshproxy-log-prepare \ 'if { mkdir -p /var/log/sshproxy }' \ 'if { chown nobody:nogroup /var/log/sshproxy }' \ 'chmod 02755 /var/log/sshproxy' touch "$S6_DIR/sshproxy-log-prepare/dependencies.d/base" -make_longrun sshproxy-log logutil-service /var/log/sshproxy +make_log_longrun sshproxy-log logutil-service /var/log/sshproxy touch "$S6_DIR/sshproxy-log/dependencies.d/sshproxy-log-prepare" +echo 'sshproxy' > "$S6_DIR/sshproxy-log/consumer-for" +echo 'sshproxy-pipeline' > "$S6_DIR/sshproxy-log/pipeline-name" # crond via supercronic make_longrun crond /usr/sbin/supercronic /etc/crontab touch "$S6_DIR/crond/dependencies.d/startup" +echo 'crond-log' > "$S6_DIR/crond/producer-for" make_oneshot_up crond-log-prepare \ 'if { mkdir -p /var/log/crond }' \ 'if { chown nobody:nogroup /var/log/crond }' \ 'chmod 02755 /var/log/crond' touch "$S6_DIR/crond-log-prepare/dependencies.d/base" -make_longrun crond-log logutil-service /var/log/crond +make_log_longrun crond-log logutil-service /var/log/crond touch "$S6_DIR/crond-log/dependencies.d/crond-log-prepare" +echo 'crond' > "$S6_DIR/crond-log/consumer-for" +echo 'crond-pipeline' > "$S6_DIR/crond-log/pipeline-name" # user bundle contents mkdir -p "$S6_DIR/user/contents.d" From a9328dc4ba2bce3bf4d3dad7439a00d70ff142e3 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Wed, 3 Sep 2025 16:57:21 +0800 Subject: [PATCH 47/49] fix: ensure /run/utmp exists with secure permissions in configure.sh Signed-off-by: Yun Pan --- OS/debian-ssh/configure.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/configure.sh index 884d2d4a..7e4da2e8 100644 --- a/OS/debian-ssh/configure.sh +++ b/OS/debian-ssh/configure.sh @@ -187,4 +187,12 @@ chown -R devbox:devbox /home/devbox/ && chmod -R 770 /home/devbox/ # Create SSH directory for user devbox mkdir -p /home/devbox/.ssh && chmod -R 700 /home/devbox/.ssh && chown -R devbox:devbox /home/devbox/.ssh + +# Ensure /run/utmp exists with secure permissions (some tools expect it) +if [ ! -e /run/utmp ]; then + : > /run/utmp + chmod 664 /run/utmp + chown root:utmp /run/utmp +fi + echo "Configuration applied." >&2 \ No newline at end of file From 6c7764618cd246e908e31ee27df101ea950ac9bc Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Wed, 3 Sep 2025 17:13:41 +0800 Subject: [PATCH 48/49] feat: add GitHub Actions workflow for building and releasing OS images Signed-off-by: Yun Pan --- .../workflows/build-and-release-os-images.yml | 105 ++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 .github/workflows/build-and-release-os-images.yml diff --git a/.github/workflows/build-and-release-os-images.yml b/.github/workflows/build-and-release-os-images.yml new file mode 100644 index 00000000..6b3f1b57 --- /dev/null +++ b/.github/workflows/build-and-release-os-images.yml @@ -0,0 +1,105 @@ +name: Build and Release OS Images + +on: + workflow_dispatch: + inputs: + publish: + description: 'Push images to registry' + type: boolean + default: true + ref: + description: 'Git ref (tag/branch/SHA) to build' + required: false + +permissions: + contents: read + packages: write + +concurrency: + group: os-images-${{ github.ref }} + cancel-in-progress: false + +env: + REGISTRY: ghcr.io + OWNER: ${{ github.repository_owner }} + REPO: ${{ github.event.repository.name || github.repository }} + PUBLISH: ${{ github.event_name == 'workflow_dispatch' && inputs.publish == 'false' && 'false' || 'true' }} + +jobs: + build: + name: Build ${{ matrix.image }} + strategy: + fail-fast: false + matrix: + include: + - image: debian-ssh-12.6 + context: OS/debian-ssh/12.6 + dockerfile: OS/debian-ssh/12.6/Dockerfile + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU (multi-arch) + uses: docker/setup-qemu-action@v3 + with: + platforms: linux/amd64,linux/arm64 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GHCR + if: env.PUBLISH == 'true' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Derive image tags + id: meta + run: | + set -euo pipefail + IMAGE="${REGISTRY}/${OWNER}/${REPO}/${{ matrix.image }}" + sha_tag=${GITHUB_SHA::7} + if [[ "${GITHUB_REF}" == refs/tags/* ]]; then + ref_tag=${GITHUB_REF#refs/tags/} + elif [[ "${GITHUB_REF}" == refs/heads/main ]]; then + ref_tag=latest + else + ref_tag=${GITHUB_REF##*/} + fi + TAGS=("${IMAGE}:${ref_tag}" "${IMAGE}:${sha_tag}") + if [[ "${GITHUB_REF}" == refs/tags/* ]]; then + version_tag=${GITHUB_REF#refs/tags/} + TAGS+=("${IMAGE}:v${version_tag}") + fi + printf 'tags=%s\n' "$(IFS=,; echo "${TAGS[*]}")" >> "$GITHUB_OUTPUT" + echo "Computed tags: ${TAGS[*]}" + + - name: Build and (optionally) push + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.context }} + file: ${{ matrix.dockerfile }} + push: ${{ env.PUBLISH == 'true' }} + tags: ${{ steps.meta.outputs.tags }} + platforms: linux/amd64,linux/arm64 + provenance: false + sbom: false + cache-from: type=gha,scope=${{ matrix.image }} + cache-to: type=gha,scope=${{ matrix.image }},mode=max + + - name: Summary + run: | + echo "Built image ${{ matrix.image }} with tags: ${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY + + summary: + name: Build Summary + needs: [build] + runs-on: ubuntu-latest + if: always() + steps: + - name: Report + run: | + echo "Build matrix completed" >> $GITHUB_STEP_SUMMARY From 553a6659127db6f6f1f4e274112fc95136bbb5c9 Mon Sep 17 00:00:00 2001 From: Yun Pan Date: Wed, 3 Sep 2025 17:26:36 +0800 Subject: [PATCH 49/49] refactor: maintain project directory in debian-ssh Signed-off-by: Yun Pan --- OS/debian-ssh/12.6/Dockerfile | 4 ++-- OS/debian-ssh/{ => 12.6}/configure.sh | 0 OS/debian-ssh/12.6/project/entrypoint.sh | 3 +++ OS/debian-ssh/12.6/project/hello.sh | 5 +++++ 4 files changed, 10 insertions(+), 2 deletions(-) rename OS/debian-ssh/{ => 12.6}/configure.sh (100%) create mode 100644 OS/debian-ssh/12.6/project/entrypoint.sh create mode 100755 OS/debian-ssh/12.6/project/hello.sh diff --git a/OS/debian-ssh/12.6/Dockerfile b/OS/debian-ssh/12.6/Dockerfile index c7d66de9..12a01b2e 100644 --- a/OS/debian-ssh/12.6/Dockerfile +++ b/OS/debian-ssh/12.6/Dockerfile @@ -38,8 +38,8 @@ RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz ADD https://github.com/dinoallo/devbox-connect/releases/download/${SSHPROXY_VERSION}/sshproxy-linux-amd64 /usr/sbin/sshproxy RUN chmod +x /usr/sbin/sshproxy -COPY /OS/debian-ssh/project /home/devbox/project -COPY /OS/debian-ssh/configure.sh /tmp/configure.sh +COPY ./project /home/devbox/project +COPY ./configure.sh /tmp/configure.sh # Run the configuration script RUN chmod +x /tmp/configure.sh && /tmp/configure.sh && rm -rf /tmp/* diff --git a/OS/debian-ssh/configure.sh b/OS/debian-ssh/12.6/configure.sh similarity index 100% rename from OS/debian-ssh/configure.sh rename to OS/debian-ssh/12.6/configure.sh diff --git a/OS/debian-ssh/12.6/project/entrypoint.sh b/OS/debian-ssh/12.6/project/entrypoint.sh new file mode 100644 index 00000000..4c5199e5 --- /dev/null +++ b/OS/debian-ssh/12.6/project/entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +./hello.sh diff --git a/OS/debian-ssh/12.6/project/hello.sh b/OS/debian-ssh/12.6/project/hello.sh new file mode 100755 index 00000000..2b2fb28f --- /dev/null +++ b/OS/debian-ssh/12.6/project/hello.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +while :; do + { echo -ne "HTTP/1.1 200 OK\r\nContent-Length: $(echo -n "Hello, World!")\r\n\r\nHello, World!"; } | nc -l -p 8080 -q 1 +done