kitchen-docker 2.9.0 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a62c9e97edfb2215e2ad0f991eb88da0d9629e833af0165a78ebf7899894a81
-  data.tar.gz: be82c57778795e8d4b0866ff0b7451eaf499ff81f71703cd3d92cdd2ec92f562
+  metadata.gz: df5438ae1f2f9b74072ba1c53c9b0c7876dd4abdd6e5cb864fddfa62c2bda75f
+  data.tar.gz: 4e7531d5e26a6c7bceeb7cd14779e256cf2ebf21a866d1ea66f18957567c6623
 SHA512:
-  metadata.gz: 68bba42a990ad9335cc62be341448857a7c53312ff210366876f569a42f90e53f1a05fdb80aa263d26e4e2daaeea29fb2a79348fbdefe130ba4d53949aae2ecc
-  data.tar.gz: 886d05137ffe4d7898f1865b7c03d4f504e9c1da7516b920685a32d5592d234cbd0c01d8a222ee266edb6504a85f95b6d2aef590c15131cdd8f89ac452e6f5a1
+  metadata.gz: cafda9489c84bbbe7848ca36f777c33910a0696f52b78a1333cfe1ea9c1a7c9a89a9ec0ad1b674dc38141e03929886653bbe39424789294dc84d99d9a333c93f
+  data.tar.gz: b5b121d05430ff88899cefe3d2754c00142f508237de92a9694919a5559227196b4d6d48651de6d7c620328207bea423e889671218c428e690fb59226e91e6c4

data/.gitignore

@@ -18,3 +18,4 @@ tmp
 .kitchen/
 .kitchen.local.yml
 Dockerfile*
+.DS_Store

data/.kitchen.windows.yml

@@ -0,0 +1,33 @@
+<% # Make sure the local copy of the driver is loaded %>
+<% lib = File.expand_path('../lib', __FILE__) %>
+<% $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) %>
+---
+driver:
+  name: docker
+  provision_command: 
+    - powershell -ExecutionPolicy Bypass -NoLogo -Command . { iwr -useb https://omnitruck.chef.io/install.ps1 } ^| iex; install
+    - powershell -Command $path=$env:Path + ';c:\opscode\chef\embedded\bin'; Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\' -Name Path -Value $path
+
+transport:
+  name: docker
+  socket: tcp://localhost:2375
+
+provisioner:
+  name: dummy
+
+platforms:
+- name: windows
+  driver_config:
+    image: mcr.microsoft.com/windows/servercore:1803
+    platform: windows
+
+suites:
+- name: default
+- name: context
+  driver:
+    build_context: false
+- name: inspec
+  driver:
+    provision_command: echo 1
+  verifier:
+    name: inspec

data/.kitchen.yml

@@ -6,6 +6,9 @@ driver:
   name: docker
   provision_command: curl -L https://www.chef.io/chef/install.sh | bash
 
+transport:
+  name: docker
+
 provisioner:
   name: dummy
 
@@ -14,6 +17,10 @@ platforms:
 - name: ubuntu-16.04
 - name: ubuntu-18.04
 - name: fedora-latest
+  driver:
+    provision_command:
+    - yum install libxcrypt-compat.x86_64 -y
+    - curl -L https://www.chef.io/chef/install.sh | bash
 - name: centos-6
 - name: centos-7
 - name: oraclelinux-6
@@ -22,7 +29,7 @@ platforms:
 - name: debian-9
 - name: opensuse-42.3
   driver:
-    image: opensuse:42.3
+    image: opensuse/leap:42.3
 - name: opensuse/leap-42
 # - name: arch
 #   driver:

data/.travis.yml

@@ -1,18 +1,52 @@
-dist: xenial
-language: ruby
-cache: bundler
-
-rvm:
-- 2.3.8
-- 2.4.5
-- 2.5.4
-- 2.6.2
+matrix:
+  include:
+    - os: linux
+      rvm: 2.4.9
+      dist: xenial
+      language: ruby
+      cache: bundler
+      script:
+        - bundle exec docker version
+        - bundle exec kitchen --version
+        - bundle exec rake spec
+        - bundle exec kitchen test -d always
+    - os: linux
+      rvm: 2.5.7
+      dist: xenial
+      language: ruby
+      cache: bundler
+      script:
+        - bundle exec docker version
+        - bundle exec kitchen --version
+        - bundle exec rake spec
+        - bundle exec kitchen test -d always
+    - os: linux
+      rvm: 2.6.5
+      dist: xenial
+      language: ruby
+      cache: bundler
+      script:
+        - bundle exec docker version
+        - bundle exec kitchen --version
+        - bundle exec rake spec
+        - bundle exec kitchen test -d always
+    - os: windows
+      language: bash
+      install:
+        - choco install mingw
+        - choco install msys2
+        - ridk.cmd exec pacman -S --noconfirm --needed base-devel mingw-w64-x86_64-toolchain
+      script:
+        - taskkill -IM "gpg-agent.exe" -F
+        - powershell -ExecutionPolicy Bypass -NoLogo -File docker.ps1
+        - export KITCHEN_YAML=.kitchen.windows.yml
+        - ruby -v
+        - gem install bundler
+        - bundle install
+        - bundle exec docker version
+        - bundle exec kitchen --version
+        - bundle exec rake spec
+        - bundle exec kitchen test -d always
 
 services:
 - docker
-
-script:
-- bundle exec docker version
-- bundle exec kitchen --version
-- bundle exec rake spec
-- bundle exec kitchen test -d always

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Kitchen-Docker Changelog
 
+## 2.10.0 - Mar 28, 2020
+
+* Switched from require to require_relative to slightly improve load time performance
+* Allow for train gem 3.x
+* Refactor driver to include Windows support (includes new transport for all supported platforms)
+
 ## 2.9.0 - Mar 15, 2019
 
 * Add automatic OS detection for amazonlinux, opensuse/leap, and opensuse/tumbleweed

data/README.md

@@ -5,7 +5,7 @@
 [![Coverage](https://img.shields.io/codecov/c/github/test-kitchen/kitchen-docker.svg)](https://codecov.io/github/test-kitchen/kitchen-docker)
 [![License](https://img.shields.io/badge/license-Apache_2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 
-A Test Kitchen Driver for Docker.
+A Test Kitchen Driver and Transport for Docker.
 
 ## Requirements
 
@@ -15,13 +15,15 @@ A Test Kitchen Driver for Docker.
 
 Please read the Test Kitchen [docs][test_kitchen_docs] for more details.
 
-Example `.kitchen.local.yml`:
+Example (Linux) `.kitchen.local.yml`:
 
 ```yaml
 ---
 driver:
   name: docker
-
+  env_variables:
+    TEST_KEY: TEST_VALUE
+    
 platforms:
 - name: ubuntu
   run_list:
@@ -32,6 +34,30 @@ platforms:
     platform: rhel
   run_list:
   - recipe[yum]
+
+transport:
+  name: docker
+```
+
+Example (Windows) `.kitchen.local.yml`:
+
+```yaml
+---
+driver:
+  name: docker
+
+platforms:
+- name: windows
+  driver_config:
+    image: mcr.microsoft.com/windows/servercore:1607
+    platform: windows
+  run_list:
+  - recipe[chef_client]
+
+transport:
+  name: docker
+  env_variables:
+    TEST_KEY: TEST_VALUE
 ```
 
 ## Default Configuration
@@ -83,11 +109,9 @@ Examples:
 
 ### socket
 
-The Docker daemon socket to use. By default, Docker will listen on
-`unix:///var/run/docker.sock`, and no configuration here is required. If
-Docker is binding to another host/port or Unix socket, you will need to set
-this option. If a TCP socket is set, its host will be used for SSH access
-to suite containers.
+The Docker daemon socket to use. By default, Docker will listen on `unix:///var/run/docker.sock` (On Windows, `npipe:////./pipe/docker_engine`), 
+and no configuration here is required. If Docker is binding to another host/port or Unix socket, you will need to set this option. 
+If a TCP socket is set, its host will be used for SSH access to suite containers.
 
 Examples:
 
@@ -99,10 +123,27 @@ Examples:
   socket: tcp://docker.example.com:4242
 ```
 
-If you use [Docker for Windows](https://docs.docker.com/docker-for-windows/)
-
+If you are using the InSpec verifier on Windows, using named pipes for the Docker engine will not work with the Docker transport.
+Set the socket option with the TCP socket address of the Docker engine as shown below:
 ```yaml
-socket: npipe:////./pipe/docker_engine
+socket: tcp://localhost:2375
+```
+
+The Docker engine must be configured to listen on a TCP port (default port is 2375). This can be configured by editing the configuration file
+(usually located in `C:\ProgramData\docker\config\daemon.json`) and adding the hosts value:
+```
+"hosts": ["tcp://0.0.0.0:2375"]
+```
+
+Example configuration is shown below:
+```
+{
+  "registry-mirrors": [],
+  "insecure-registries": [],
+  "debug": true,
+  "experimental": false,
+  "hosts": ["tcp://0.0.0.0:2375"]
+}
 ```
 
 If you use [Boot2Docker](https://github.com/boot2docker/boot2docker)
@@ -115,7 +156,6 @@ $MACHINE)"` then use the following:
 socket: tcp://192.168.59.103:2375
 ```
 
-
 ### image
 
 The Docker image to use as the base for the suite containers. You can find
@@ -134,6 +174,7 @@ suite container for Test Kitchen. Kitchen Docker currently supports:
 * `amazonlinux`, `rhel`, `centos`, `fedora` or `oraclelinux`
 * `gentoo` or `gentoo-paludis`
 * `opensuse/tumbleweed`, `opensuse/leap`, `opensuse` or `sles`
+* `windows`
 
 The default will be computed, using the platform name (see the Default
 Configuration section for more details).
@@ -182,6 +223,17 @@ driver_config:
   provision_command: curl -L https://www.opscode.com/chef/install.sh | bash
   require_chef_omnibus: false
 ```
+### env_variables
+
+Adds environment variables to Docker container
+
+Examples:
+
+```yaml
+  env_variables:
+    TEST_KEY_1: TEST_VALUE
+    SOME_VAR: SOME_VALUE
+```
 
 ### use\_cache
 

data/docker.ps1

@@ -0,0 +1,9 @@
+# This script is used to configure the Docker service for Windows builds in Travis CI
+Write-Host "Configuring Docker service to listen on TCP port 2375..."
+$dockerSvcArgs = (Get-WmiObject Win32_Service | ?{$_.Name -eq 'docker'} | Select PathName).PathName
+$dockerSvcArgs = "$dockerSvcArgs -H tcp://0.0.0.0:2375 -H npipe:////./pipe/docker_engine"
+Write-Host "Docker Service Args: $dockerSvcArgs"
+
+Get-WmiObject Win32_Service -Filter "Name='docker'" | Invoke-WmiMethod -Name Change -ArgumentList @($null,$null,$null,$null,$null, $dockerSvcArgs) | Out-Null
+
+Restart-Service docker -Force -Verbose

data/kitchen-docker.gemspec

@@ -1,11 +1,10 @@
-# coding: utf-8
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'kitchen/driver/docker_version'
+require 'kitchen/docker/docker_version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'kitchen-docker'
-  spec.version       = Kitchen::Driver::DOCKER_VERSION
+  spec.version       = Kitchen::Docker::DOCKER_VERSION
   spec.authors       = ['Sean Porter']
   spec.email         = ['portertech@gmail.com']
   spec.description   = %q{A Docker Driver for Test Kitchen}
@@ -14,7 +13,6 @@ Gem::Specification.new do |spec|
   spec.license       = 'Apache 2.0'
 
   spec.files         = `git ls-files`.split($/)
-  spec.executables   = []
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
@@ -36,5 +34,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'codecov', '~> 0.0', '>= 0.0.2'
 
   # Integration testing gems.
-  spec.add_development_dependency 'kitchen-inspec', '~> 0.14'
+  spec.add_development_dependency 'kitchen-inspec', '~> 1.1'
+  spec.add_development_dependency 'train', '>= 2.1', '< 4.0' # validate 4.x when it's released
 end

data/lib/docker/version.rb

@@ -0,0 +1,25 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+begin
+  require 'docker'
+
+  # Override API_VERSION constant in docker-api gem to use version 1.24 of the Docker API
+  # This override is for the docker-api gem to communicate to the Docker engine on Windows
+  module Docker
+    VERSION = '0.0.0'
+    API_VERSION = '1.24'
+  end
+rescue LoadError => e
+  logger.debug("[Docker] docker-api gem not found for InSpec verifier. #{e}")
+end

data/lib/kitchen/docker/container.rb

@@ -0,0 +1,70 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'helpers/cli_helper'
+require_relative 'helpers/container_helper'
+require_relative 'helpers/file_helper'
+require_relative 'helpers/image_helper'
+
+module Kitchen
+  module Docker
+    class Container
+      include Kitchen::Docker::Helpers::CliHelper
+      include Kitchen::Docker::Helpers::ContainerHelper
+      include Kitchen::Docker::Helpers::FileHelper
+      include Kitchen::Docker::Helpers::ImageHelper
+
+      def initialize(config)
+        @config = config
+      end
+
+      def create(state)
+        if container_exists?(state)
+          info("Container ID #{state[:container_id]} already exists.")
+        elsif !container_exists?(state) && state[:container_id]
+          raise ActionFailed, "Container ID #{state[:container_id]} was found in the kitchen state data, "\
+                              'but the container does not exist.'
+        end
+
+        state[:username] = @config[:username]
+        state[:hostname] = 'localhost'
+
+        if remote_socket?
+          state[:hostname] = socket_uri.host
+        elsif config[:use_internal_docker_network]
+          state[:hostname] = container_ip_address(state)
+        end
+      end
+
+      def upload(locals, remote)
+        files = locals
+        files = Array(locals) unless locals.is_a?(Array)
+
+        files.each do |file|
+          copy_file_to_container(@config, file, remote)
+        end
+
+        files
+      end
+
+      def destroy(state)
+        info("[Docker] Destroying Docker container #{state[:container_id]}") if state[:container_id]
+        remove_container(state) if container_exists?(state)
+
+        if @config[:remove_images] && state[:image_id]
+          remove_image(state) if image_exists?(state)
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/docker/container/linux.rb

@@ -0,0 +1,211 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'base64'
+require 'openssl'
+require 'securerandom'
+require 'shellwords'
+
+require_relative '../container'
+
+module Kitchen
+  module Docker
+    class Container
+      class Linux < Kitchen::Docker::Container
+        MUTEX_FOR_SSH_KEYS = Mutex.new
+
+        def initialize(config)
+          super
+        end
+
+        def create(state)
+          super
+
+          debug('Creating Linux container')
+          generate_keys
+
+          state[:ssh_key] = @config[:private_key]
+          state[:image_id] = build_image(state, dockerfile) unless state[:image_id]
+          state[:container_id] = run_container(state, 22) unless state[:container_id]
+          state[:hostname] = 'localhost'
+          state[:port] = container_ssh_port(state)
+        end
+
+        def execute(command)
+          # Create temp script file and upload files to container
+          debug("Executing command on Linux container (Platform: #{@config[:platform]})")
+          filename = "docker-#{::SecureRandom.uuid}.sh"
+          temp_file = "./.kitchen/temp/#{filename}"
+          create_temp_file(temp_file, command)
+
+          remote_path = @config[:temp_dir]
+          debug("Creating directory #{remote_path} on container")
+          create_dir_on_container(@config, remote_path)
+
+          debug("Uploading temp file #{temp_file} to #{remote_path} on container")
+          upload(temp_file, remote_path)
+
+          debug('Deleting temp file from local filesystem')
+          ::File.delete(temp_file)
+
+          # Replace any environment variables used in the path and execute script file
+          debug("Executing temp script #{remote_path}/#{filename} on container")
+          remote_path = replace_env_variables(@config, remote_path)
+
+          container_exec(@config, "/bin/bash #{remote_path}/#{filename}")
+        rescue => e
+          raise "Failed to execute command on Linux container. #{e}"
+        end
+
+        protected
+
+        def generate_keys
+          MUTEX_FOR_SSH_KEYS.synchronize do
+            if !File.exist?(@config[:public_key]) || !File.exist?(@config[:private_key])
+              private_key = OpenSSL::PKey::RSA.new(2048)
+              blobbed_key = Base64.encode64(private_key.to_blob).gsub("\n", '')
+              public_key = "ssh-rsa #{blobbed_key} kitchen_docker_key"
+              File.open(@config[:private_key], 'w') do |file|
+                file.write(private_key)
+                file.chmod(0600)
+              end
+              File.open(@config[:public_key], 'w') do |file|
+                file.write(public_key)
+                file.chmod(0600)
+              end
+            end
+          end
+        end
+
+        def parse_container_ssh_port(output)
+          _host, port = output.split(':')
+          port.to_i
+        rescue => e
+          raise ActionFailed, "Could not parse Docker port output for container SSH port. #{e}"
+        end
+
+        def container_ssh_port(state)
+          return 22 if @config[:use_internal_docker_network]
+
+          output = docker_command("port #{state[:container_id]} 22/tcp")
+          parse_container_ssh_port(output)
+        rescue => e
+          raise ActionFailed, "Docker reports container has no ssh port mapped. #{e}"
+        end
+
+        def dockerfile
+          return dockerfile_template if @config[:dockerfile]
+
+          from = "FROM #{@config[:image]}"
+
+          platform = case @config[:platform]
+                     when 'debian', 'ubuntu'
+                       disable_upstart = <<-CODE
+                         RUN [ ! -f "/sbin/initctl" ] || dpkg-divert --local --rename --add /sbin/initctl && ln -sf /bin/true /sbin/initctl
+                       CODE
+                       packages = <<-CODE
+                         ENV DEBIAN_FRONTEND noninteractive
+                         ENV container docker
+                         RUN apt-get update
+                         RUN apt-get install -y sudo openssh-server curl lsb-release
+                       CODE
+                       @config[:disable_upstart] ? disable_upstart + packages : packages
+                     when 'rhel', 'centos', 'oraclelinux', 'amazonlinux'
+                       <<-CODE
+                         ENV container docker
+                         RUN yum clean all
+                         RUN yum install -y sudo openssh-server openssh-clients which curl
+                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+                       CODE
+                     when 'fedora'
+                       <<-CODE
+                         ENV container docker
+                         RUN dnf clean all
+                         RUN dnf install -y sudo openssh-server openssh-clients which curl
+                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+                       CODE
+                     when 'opensuse/tumbleweed', 'opensuse/leap', 'opensuse', 'sles'
+                       <<-CODE
+                         ENV container docker
+                         RUN zypper install -y sudo openssh which curl
+                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+                       CODE
+                     when 'arch'
+                       # See https://bugs.archlinux.org/task/47052 for why we
+                       # blank out limits.conf.
+                       <<-CODE
+                         RUN pacman --noconfirm -Sy archlinux-keyring
+                         RUN pacman-db-upgrade
+                         RUN pacman --noconfirm -Syu openssl openssh sudo curl
+                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+                         RUN echo >/etc/security/limits.conf
+                       CODE
+                     when 'gentoo'
+                       <<-CODE
+                         RUN emerge --sync
+                         RUN emerge net-misc/openssh app-admin/sudo
+                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+                       CODE
+                     when 'gentoo-paludis'
+                       <<-CODE
+                         RUN cave sync
+                         RUN cave resolve -zx net-misc/openssh app-admin/sudo
+                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+                       CODE
+                     else
+                       raise ActionFailed, "Unknown platform '#{@config[:platform]}'"
+                     end
+
+          username = @config[:username]
+          public_key = IO.read(@config[:public_key]).strip
+          homedir = username == 'root' ? '/root' : "/home/#{username}"
+
+          base = <<-CODE
+            RUN if ! getent passwd #{username}; then \
+                  useradd -d #{homedir} -m -s /bin/bash -p '*' #{username}; \
+                fi
+            RUN echo "#{username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+            RUN echo "Defaults !requiretty" >> /etc/sudoers
+            RUN mkdir -p #{homedir}/.ssh
+            RUN chown -R #{username} #{homedir}/.ssh
+            RUN chmod 0700 #{homedir}/.ssh
+            RUN touch #{homedir}/.ssh/authorized_keys
+            RUN chown #{username} #{homedir}/.ssh/authorized_keys
+            RUN chmod 0600 #{homedir}/.ssh/authorized_keys
+            RUN mkdir -p /run/sshd
+          CODE
+
+          custom = ''
+          Array(@config[:provision_command]).each do |cmd|
+            custom << "RUN #{cmd}\n"
+          end
+
+          ssh_key = "RUN echo #{Shellwords.escape(public_key)} >> #{homedir}/.ssh/authorized_keys"
+
+          # Empty string to ensure the file ends with a newline.
+          output = [from, dockerfile_proxy_config, platform, base, custom, ssh_key, ''].join("\n")
+          debug('--- Start Dockerfile ---')
+          debug(output.strip)
+          debug('--- End Dockerfile ---')
+          output
+        end
+      end
+    end
+  end
+end