From 0a839d27be0e8352ab53189188a6a5da16789905 Mon Sep 17 00:00:00 2001
From: Andrey Arapov <107317698+andy108369@users.noreply.github.com>
Date: Thu, 22 Aug 2024 13:11:25 +0200
Subject: [PATCH] fix(base-ssh,ssh-ubuntu): use tini for zombie reaping and
 signal handling (#565) (#566)

Use tini as an init system to manage orphaned child processes, ensuring they
don't become zombie (defunct) processes by reaping (cleaning up) them when
their parent process doesn't.

Tini will also correctly handle signals like SIGTERM (15), allowing child
processes to terminate gracefully within the allotted time, rather than
being forcefully killed with SIGKILL after a 15-second timeout.
---
 base-ssh/Dockerfile.centos   | 12 ++++++++++--
 base-ssh/Dockerfile.debian   | 12 ++++++++++--
 base-ssh/Dockerfile.suse     | 12 ++++++++++--
 base-ssh/Dockerfile.ubuntu   | 12 ++++++++++--
 ssh-ubuntu/Dockerfile.ubuntu | 12 ++++++++++--
 5 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/base-ssh/Dockerfile.centos b/base-ssh/Dockerfile.centos
index c43db92d..41edce77 100644
--- a/base-ssh/Dockerfile.centos
+++ b/base-ssh/Dockerfile.centos
@@ -13,8 +13,16 @@ RUN dnf -y update && \
 COPY ssh-entrypoint.sh /usr/local/bin/init.sh
 RUN chmod +x /usr/local/bin/init.sh
 
-ENTRYPOINT ["/usr/local/bin/init.sh"]
+# Use tini as an init system to manage orphaned child processes, ensuring they
+# don't become zombie (defunct) processes by reaping (cleaning up) them when
+# their parent process doesn't.
+# Tini will also correctly handle signals like SIGTERM (15), allowing child
+# processes to terminate gracefully within the allotted time, rather than
+# being forcefully killed with SIGKILL after a 15-second timeout.
+ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini
+RUN chmod +x /tini
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"]
 
 CMD ["tail", "-f", "/dev/null"]
 
-EXPOSE 22
\ No newline at end of file
+EXPOSE 22
diff --git a/base-ssh/Dockerfile.debian b/base-ssh/Dockerfile.debian
index 28a99d25..4a11f9c7 100644
--- a/base-ssh/Dockerfile.debian
+++ b/base-ssh/Dockerfile.debian
@@ -10,8 +10,16 @@ RUN apt-get update; \
 COPY ssh-entrypoint.sh /usr/local/bin/init.sh
 RUN chmod +x /usr/local/bin/init.sh
 
-ENTRYPOINT ["/usr/local/bin/init.sh"]
+# Use tini as an init system to manage orphaned child processes, ensuring they
+# don't become zombie (defunct) processes by reaping (cleaning up) them when
+# their parent process doesn't.
+# Tini will also correctly handle signals like SIGTERM (15), allowing child
+# processes to terminate gracefully within the allotted time, rather than
+# being forcefully killed with SIGKILL after a 15-second timeout.
+ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini
+RUN chmod +x /tini
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"]
 
 CMD ["tail", "-f", "/dev/null"]
 
-EXPOSE 22
\ No newline at end of file
+EXPOSE 22
diff --git a/base-ssh/Dockerfile.suse b/base-ssh/Dockerfile.suse
index aa0f452a..eef9b2c9 100644
--- a/base-ssh/Dockerfile.suse
+++ b/base-ssh/Dockerfile.suse
@@ -14,8 +14,16 @@ RUN mkdir -p /run/sshd && \
 COPY ssh-entrypoint.sh /usr/local/bin/init.sh
 RUN chmod +x /usr/local/bin/init.sh
 
-ENTRYPOINT ["/usr/local/bin/init.sh"]
+# Use tini as an init system to manage orphaned child processes, ensuring they
+# don't become zombie (defunct) processes by reaping (cleaning up) them when
+# their parent process doesn't.
+# Tini will also correctly handle signals like SIGTERM (15), allowing child
+# processes to terminate gracefully within the allotted time, rather than
+# being forcefully killed with SIGKILL after a 15-second timeout.
+ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini
+RUN chmod +x /tini
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"]
 
 CMD ["tail", "-f", "/dev/null"]
 
-EXPOSE 22
\ No newline at end of file
+EXPOSE 22
diff --git a/base-ssh/Dockerfile.ubuntu b/base-ssh/Dockerfile.ubuntu
index 8ad2d8f7..1ea53c19 100644
--- a/base-ssh/Dockerfile.ubuntu
+++ b/base-ssh/Dockerfile.ubuntu
@@ -10,8 +10,16 @@ RUN apt-get update; \
 COPY ssh-entrypoint.sh /usr/local/bin/init.sh
 RUN chmod +x /usr/local/bin/init.sh
 
-ENTRYPOINT ["/usr/local/bin/init.sh"]
+# Use tini as an init system to manage orphaned child processes, ensuring they
+# don't become zombie (defunct) processes by reaping (cleaning up) them when
+# their parent process doesn't.
+# Tini will also correctly handle signals like SIGTERM (15), allowing child
+# processes to terminate gracefully within the allotted time, rather than
+# being forcefully killed with SIGKILL after a 15-second timeout.
+ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini
+RUN chmod +x /tini
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"]
 
 CMD ["tail", "-f", "/dev/null"]
 
-EXPOSE 22
\ No newline at end of file
+EXPOSE 22
diff --git a/ssh-ubuntu/Dockerfile.ubuntu b/ssh-ubuntu/Dockerfile.ubuntu
index 8ad2d8f7..1ea53c19 100644
--- a/ssh-ubuntu/Dockerfile.ubuntu
+++ b/ssh-ubuntu/Dockerfile.ubuntu
@@ -10,8 +10,16 @@ RUN apt-get update; \
 COPY ssh-entrypoint.sh /usr/local/bin/init.sh
 RUN chmod +x /usr/local/bin/init.sh
 
-ENTRYPOINT ["/usr/local/bin/init.sh"]
+# Use tini as an init system to manage orphaned child processes, ensuring they
+# don't become zombie (defunct) processes by reaping (cleaning up) them when
+# their parent process doesn't.
+# Tini will also correctly handle signals like SIGTERM (15), allowing child
+# processes to terminate gracefully within the allotted time, rather than
+# being forcefully killed with SIGKILL after a 15-second timeout.
+ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini
+RUN chmod +x /tini
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"]
 
 CMD ["tail", "-f", "/dev/null"]
 
-EXPOSE 22
\ No newline at end of file
+EXPOSE 22