MQ container 9.2.0.0-r2

Updated to latest UBI version
Updated to go 1.13.15, switched to community goloang image
2020-09-28 10:49:36 +01:00 · 2020-09-28 10:49:36 +01:00 · 2020-09-28 10:49:36 +01:00 · 2020-09-28 10:49:36 +01:00 · 2020-09-28 10:49:36 +01:00 · 2020-09-28 10:49:36 +01:00
464 changed files with 107927 additions and 3132 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ vendor/github.com/prometheus/client_model/.classpath
 vendor/github.com/prometheus/client_model/.project
 vendor/github.com/prometheus/client_model/.settings*
 gosec_results.json
 internal/qmgrauth/qmgroam/patch
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2018, 2019
+# © Copyright IBM Corporation 2018, 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,69 +12,77 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-dist: xenial
+# Temporarily removing dist tag as not supported by power build
 # dist: xenial
 sudo: required
 language: go
 go:
-  - "1.10"
+  - "1.13.15"
 services:
  - docker
 go_import_path: "github.com/ibm-messaging/mq-container"
-cache:
+# cache:
-  directories:
+#   directories:
-    - downloads
+#     - downloads
 env:
  global:
    - RELEASE="r2"
 jobs:
  include:
-    - stage: build and test
+    - stage: basic-build
      if: branch != private-master AND tag IS blank
      name: "Basic AMD64 build"
      os: linux
      env:
-        - BASE_IMAGE=ubuntu:16.04
+        - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_AMD64
-        - DOCKER_DOWNGRADE="echo nothing to be done"
+      script: bash -e travis-build-scripts/run.sh
-    - env:
+    - stage: build
-        - BASE_IMAGE=centos:7
+      if: branch = private-master OR tag =~ ^release-candidate*
-        - DOCKER_DOWNGRADE="echo nothing to be done"
+      name: "Multi-Arch AMD64 build"
-    - if: type IN (pull_request) OR tag IS present
+      os: linux
-      env: 
+      env:
-        - BASE_IMAGE=ubuntu:16.04
+        - BUILD_ALL=true
-        - DOCKER_DOWNGRADE="docker save -o images.tar mqadvanced-server-dev mq-dev-jms-test &&
+        - MQ_ARCHIVE_REPOSITORY=$MQ_920_ARCHIVE_REPOSITORY_AMD64
-          sudo apt-get autoremove -y docker-ce &&
+        - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_AMD64
-          curl -fsSL \"https://apt.dockerproject.org/gpg\" | sudo apt-key add - &&
+      script: bash -e travis-build-scripts/run.sh
-          sudo apt-add-repository \"deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main\" &&
+    # - if: branch = private-master OR tag =~ ^release-candidate*
-          sudo apt-get update &&
+    #   name: "Multi-Arch PPC64LE build"
-          sudo apt-get install docker-engine=1.12.6-0~ubuntu-$(lsb_release -cs) &&
+    #   os: linux-ppc64le
-          docker load -q -i images.tar &&
+    #   env:
-          export DOCKER_API_VERSION=\"1.24\""
+    #     - BUILD_ALL=true
-
+    #     - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics"
    #     # - MQ_ARCHIVE_REPOSITORY=$MQ_920_ARCHIVE_REPOSITORY_PPC64LE
    #     - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_PPC64LE
    #   script: bash -e travis-build-scripts/run.sh
    - stage: build
      if: branch = private-master OR tag =~ ^release-candidate*
      name: "Multi-Arch S390X build"
      os: linux-s390
      env:
        - BUILD_ALL=true
        - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics"
        - MQ_ARCHIVE_REPOSITORY=$MQ_920_ARCHIVE_REPOSITORY_S390X
        - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_S390X
      script: bash -e travis-build-scripts/run.sh
    - stage: push-manifest
      if: branch = private-master OR tag =~ ^release-candidate*
      name: "Push Manifest-list to registry"
      script: make push-manifest
 before_install:
-  - ./install-build-deps-ubuntu.sh
+  - make install-build-deps
  - make install-credential-helper
 install:
  - echo nothing
-before_script:
+before_script: echo nothing
  - echo 'Downloading Go dependencies...' && echo -en 'travis_fold:start:deps\\r'
  - make deps
  - echo -en 'travis_fold:end:deps\\r'
  - echo 'Building Developer image...' && echo -en 'travis_fold:start:build-devserver\\r'
  # Use the containerized build explicitly
  - make build-devserver-ctr
  - echo -en 'travis_fold:end:build-devserver\\r'
  - echo 'Building Developer JMS test image...' && echo -en 'travis_fold:start:build-devjmstest\\r'
  - make build-devjmstest
  - echo -en 'travis_fold:end:build-devjmstest\\r'
 script:
  - echo 'Downgrading Docker (if necessary)...' && echo -en 'travis_fold:start:docker-downgrade\\r'
  - eval "$DOCKER_DOWNGRADE"
  - echo -en 'travis_fold:end:docker-downgrade\\r'
  - echo 'Testing Developer image...' && echo -en 'travis_fold:start:test-devserver\\r'
  - make test-devserver
  - echo -en 'travis_fold:end:test-devserver\\r'
 after_success:
  - make lint
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Change log
 ## 9.2.0.0 (2020-07-23)
 * Updated to [MQ version 9.2.0.0](https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.2.0/com.ibm.mq.pro.doc/q113110_.htm)
 * Use `-ic` arguments with `crtmqm` to process MQSC files in `/etc/mqm`. Replaces previous use of "runmqsc" commands
 ## 9.1.5.0 (2020-04-02)
 * Updated to MQ version 9.1.5.0
 * Can now run as a random user, instead of the "mqm" user, which has now been removed. This adds compatability for the [Red Hat OpenShift restricted SCC](https://docs.openshift.com/container-platform/4.3/authentication/managing-security-context-constraints.html#security-context-constraints-about_configuring-internal-oauth). The default image UID is `1001`.
 ## 9.1.4.0 (2019-12-06)
 * Updated to MQ version 9.1.4.0
 * Updated to use UBI8 as base image
 * Added required security settings to self signed certificates to align with macOS Catalina requirements
 ## 9.1.3.0 (2019-07-19)
 * Updated to MQ version 9.1.3.0
--- a/103
+++ b/103
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2015, 2019
+# © Copyright IBM Corporation 2015, 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,40 +12,45 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-ARG BASE_IMAGE=registry.access.redhat.com/ubi7/ubi-minimal
+ARG BASE_IMAGE=registry.redhat.io/ubi8/ubi-minimal
-ARG BASE_TAG=7.6-237
+ARG BASE_TAG=8.2-349
 ARG GO_WORKDIR=/go/src/github.com/ibm-messaging/mq-container
 ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/9.2.0.0-IBM-MQ-Advanced-for-Developers-Non-Install-LinuxX64.tar.gz"
 ###############################################################################
 # Build stage to build Go code
 ###############################################################################
-FROM registry.access.redhat.com/devtools/go-toolset-7-rhel7 as builder
+FROM golang:1.13.15 as builder
 # FROM docker.io/centos/go-toolset-7-centos7 as builder
 # The URL to download the MQ installer from in tar.gz format
-# This assumes an archive containing the MQ RPM install packages
+# This assumes an archive containing the MQ Non-Install packages
-ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
+ARG MQ_URL
 ARG IMAGE_REVISION="Not specified"
 ARG IMAGE_SOURCE="Not specified"
 ARG IMAGE_TAG="Not specified"
-ARG MQM_UID=888
+ARG GO_WORKDIR
 USER 0
 COPY install-mq.sh /usr/local/bin/
-RUN chmod a+x /usr/local/bin/install-mq.sh \
+RUN mkdir /opt/mqm \
  && chmod a+x /usr/local/bin/install-mq.sh \
  && sleep 1 \
-  && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm" install-mq.sh $MQM_UID
+  && INSTALL_SDK=1 install-mq.sh \
-WORKDIR /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/
+  && chown -R 1001:root /opt/mqm/*
 WORKDIR $GO_WORKDIR/
 COPY cmd/ ./cmd
 COPY internal/ ./internal
 COPY pkg/ ./pkg
 COPY vendor/ ./vendor
-ENV PATH="${PATH}:/opt/rh/go-toolset-7/root/usr/bin" \
+ENV CGO_CFLAGS="-I/opt/mqm/inc/" \
    CGO_CFLAGS="-I/opt/mqm/inc/" \
    CGO_LDFLAGS_ALLOW="-Wl,-rpath.*"
 RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\" -X \"main.ImageTag=$IMAGE_TAG\"" ./cmd/runmqserver/
 RUN go build ./cmd/chkmqready/
 RUN go build ./cmd/chkmqhealthy/
 RUN go build ./cmd/runmqdevserver/
 RUN go build -buildmode=c-shared -o amqpasdev.so ./internal/qmgrauth/pas.go
 RUN go test -v ./cmd/runmqdevserver/...
 RUN go test -v ./cmd/runmqserver/
 RUN go test -v ./cmd/chkmqready/
 RUN go test -v ./cmd/chkmqhealthy/
 RUN go test -v ./pkg/...
 RUN go test -v ./internal/...
 RUN go vet ./cmd/... ./internal/...
@@ -54,15 +59,14 @@ RUN go vet ./cmd/... ./internal/...
 ###############################################################################
 FROM $BASE_IMAGE:$BASE_TAG AS mq-server
 # The MQ packages to install - see install-mq.sh for default value
-ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
+ARG MQ_URL
 ARG MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm"
 #ARG MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-web ibmmq-ams"
 ARG MQM_UID=888
 ARG BASE_IMAGE
 ARG BASE_TAG
 ARG GO_WORKDIR
 LABEL summary="IBM MQ Advanced Server"
 LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises"
 LABEL vendor="IBM"
 LABEL maintainer="IBM"
 LABEL distribution-scope="private"
 LABEL authoritative-source-url="https://www.ibm.com/software/passportadvantage/"
 LABEL url="https://www.ibm.com/products/mq/advanced"
@@ -74,44 +78,51 @@ LABEL base-image-release=$BASE_TAG
 COPY install-mq.sh /usr/local/bin/
 COPY install-mq-server-prereqs.sh /usr/local/bin/
 # Install MQ.  To avoid a "text file busy" error here, we sleep before installing.
-RUN env && chmod u+x /usr/local/bin/install-*.sh \
+RUN env \
  && mkdir /opt/mqm \
  && chmod u+x /usr/local/bin/install-*.sh \
  && sleep 1 \
-  && install-mq-server-prereqs.sh $MQM_UID \
+  && install-mq-server-prereqs.sh \
-  && install-mq.sh $MQM_UID
+  && install-mq.sh \
  && /opt/mqm/bin/security/amqpamcf \
  && chown -R 1001:root /opt/mqm/*
 # Create a directory for runtime data from runmqserver
 RUN mkdir -p /run/runmqserver \
-  && chown mqm:mqm /run/runmqserver
+  && chown 1001:root /run/runmqserver
-COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/
+COPY --from=builder $GO_WORKDIR/runmqserver /usr/local/bin/
-COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/chkmq* /usr/local/bin/
+COPY --from=builder $GO_WORKDIR/chkmq* /usr/local/bin/
 COPY NOTICES.txt /opt/mqm/licenses/notices-container.txt
 # Copy web XML files
 COPY web /etc/mqm/web
 COPY etc/mqm/*.tpl /etc/mqm/
 RUN chmod ug+x /usr/local/bin/runmqserver \
-  && chown mqm:mqm /usr/local/bin/*mq* \
+  && chown 1001:root /usr/local/bin/*mq* \
  && chmod ug+xs /usr/local/bin/chkmq* \
-  && chown -R mqm:mqm /etc/mqm/* \
+  && chown -R 1001:root /etc/mqm/* \
-  && install --directory --mode 0775 --owner mqm --group root /run/runmqserver \
+  && install --directory --mode 2775 --owner 1001 --group root /run/runmqserver \
  && touch /run/termination-log \
-  && chown mqm:root /run/termination-log \
+  && chown 1001:root /run/termination-log \
-  && chmod 0660 /run/termination-log
+  && chmod 0660 /run/termination-log \
  && chmod -R g+w /etc/mqm/web
 # Always use port 1414 for MQ & 9157 for the metrics
 EXPOSE 1414 9157 9443
 ENV MQ_OVERRIDE_DATA_PATH=/mnt/mqm/data MQ_OVERRIDE_INSTALLATION_NAME=Installation1 MQ_USER_NAME="mqm" PATH="${PATH}:/opt/mqm/bin"
 ENV MQ_GRACE_PERIOD=30
 ENV LANG=en_US.UTF-8 AMQ_DIAGNOSTIC_MSG_SEVERITY=1 AMQ_ADDITIONAL_JSON_LOG=1 LOG_FORMAT=basic
-USER $MQM_UID
+# We can run as any UID
 USER 1001
 ENV MQ_CONNAUTH_USE_HTP=false
 ENTRYPOINT ["runmqserver"]
 ###############################################################################
 # Add default developer config
 ###############################################################################
 FROM mq-server AS mq-dev-server
 ARG MQM_UID=888
 ARG BASE_IMAGE
 ARG BASE_TAG
 ARG GO_WORKDIR
 # Enable MQ developer default configuration
 ENV MQ_DEV=true
 # Default administrator password
 ENV MQ_ADMIN_PASSWORD=passw0rd
 LABEL summary="IBM MQ Advanced for Developers Server"
 LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises"
 LABEL vendor="IBM"
@@ -124,29 +135,29 @@ LABEL io.k8s.description="Simplify, accelerate and facilitate the reliable excha
 LABEL base-image=$BASE_IMAGE
 LABEL base-image-release=$BASE_TAG
 USER 0
 COPY --from=builder $GO_WORKDIR/amqpas* /opt/mqm/lib64/
 COPY etc/mqm/*.ini /etc/mqm/
 COPY etc/mqm/mq.htpasswd /etc/mqm/
 RUN chmod 0660 /etc/mqm/mq.htpasswd
 COPY incubating/mqadvanced-server-dev/install-extra-packages.sh /usr/local/bin/
 RUN chmod u+x /usr/local/bin/install-extra-packages.sh \
  && sleep 1 \
  && install-extra-packages.sh
 # WARNING: This is what allows the mqm user to change the password of any other user
 # It's used by runmqdevserver to change the admin/app passwords.
 RUN echo "mqm    ALL = NOPASSWD: /usr/sbin/chpasswd" > /etc/sudoers.d/mq-dev-config
 ## Add admin and app users, and set a default password for admin
 RUN useradd admin -G mqm \
  && groupadd mqclient \
  && useradd app -G mqclient \
  && echo admin:$MQ_ADMIN_PASSWORD | chpasswd
 # Create a directory for runtime data from runmqserver
 RUN mkdir -p /run/runmqdevserver \
-  && chown mqm:mqm /run/runmqdevserver
+  && chown 1001:root /run/runmqdevserver
-COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/
+COPY --from=builder $GO_WORKDIR/runmqdevserver /usr/local/bin/
 # Copy template files
 COPY incubating/mqadvanced-server-dev/*.tpl /etc/mqm/
 # Copy web XML files for default developer configuration
 COPY incubating/mqadvanced-server-dev/web /etc/mqm/web
-RUN chown -R mqm:mqm /etc/mqm/* \
+RUN chown -R 1001:root /etc/mqm/* \
  && chmod -R g+w /etc/mqm/web \
  && chmod +x /usr/local/bin/runmq* \
-  && install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver
+  && install --directory --mode 2775 --owner 1001 --group root /run/runmqdevserver
-ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1
+ENV MQ_ENABLE_EMBEDDED_WEB_SERVER=1 MQ_GENERATE_CERTIFICATE_HOSTNAME=localhost
-USER $MQM_UID
+ENV LD_LIBRARY_PATH=/opt/mqm/lib64
 ENV MQS_PERMIT_UNKNOWN_ID=true
 ENV MQ_CONNAUTH_USE_HTP=true
 USER 1001
 ENTRYPOINT ["runmqdevserver"]
--- a/320
+++ b/320
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2017, 2019
+# © Copyright IBM Corporation 2017, 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,42 +16,59 @@
 # Conditional variables - you can override the values of these variables from
 # the command line
 ###############################################################################
 # MQ_VERSION is the fully qualified MQ version number to build
 MQ_VERSION ?= 9.1.3.0
 # RELEASE shows what release of the container code has been built
-RELEASE ?= 1
+RELEASE ?=
 # MQ_VERSION is the fully qualified MQ version number to build
 MQ_VERSION ?= 9.2.0.0
 # MQ_ARCHIVE_REPOSITORY is a remote repository from which to pull the MQ_ARCHIVE (if required)
 MQ_ARCHIVE_REPOSITORY ?=
 # MQ_ARCHIVE_REPOSITORY_DEV is a remote repository from which to pull the MQ_ARCHIVE_DEV (if required)
 MQ_ARCHIVE_REPOSITORY_DEV ?=
 # MQ_ARCHIVE_REPOSITORY_USER is the user for the remote repository (if required)
 MQ_ARCHIVE_REPOSITORY_USER ?=
 # MQ_ARCHIVE_REPOSITORY_CREDENTIAL is the password/API key for the remote repository (if required)
 MQ_ARCHIVE_REPOSITORY_CREDENTIAL ?=
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
-# be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
+# be installed. Does not apply to MQ Advanced for Developers
-# Does not apply to MQ Advanced for Developers.
+MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_$(MQ_ARCHIVE_TYPE)_$(MQ_ARCHIVE_ARCH)_NOINST.tar.gz
 MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_$(MQ_ARCHIVE_TYPE)_$(MQ_ARCHIVE_ARCH).tar.gz
 # MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced
 # for Developers can be installed
-MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
+MQ_ARCHIVE_DEV ?= $(MQ_VERSION)-IBM-MQ-Advanced-for-Developers-Non-Install-$(MQ_ARCHIVE_DEV_TYPE)$(MQ_ARCHIVE_DEV_ARCH).tar.gz
 # MQ_SDK_ARCHIVE specifies the archive to use for building the golang programs.  Defaults vary on developer or advanced.
 MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # Options to `go test` for the Docker tests
 TEST_OPTS_DOCKER ?=
 # MQ_IMAGE_ADVANCEDSERVER is the name of the built MQ Advanced image
-MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server
+MQ_IMAGE_ADVANCEDSERVER ?=ibm-mqadvanced-server
 # MQ_IMAGE_DEVSERVER is the name of the built MQ Advanced for Developers image
-MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev
+MQ_IMAGE_DEVSERVER ?=ibm-mqadvanced-server-dev
 # MQ_TAG is the tag of the built MQ Advanced image & MQ Advanced for Developers image
 MQ_TAG ?=$(MQ_VERSION)-$(ARCH)
-# DOCKER is the Docker command to run.  Defaults to "podman" if it's available, otherwise "docker"
+# COMMAND is the container command to run.  "podman" or "docker"
-DOCKER ?= $(shell type -p podman || echo docker)
+COMMAND ?=$(shell type -p podman 2>&1 >/dev/null && echo podman || echo docker)
-# MQ_PACKAGES specifies the MQ packages (.deb or .rpm) to install.  Defaults vary on base image.
+# MQ_DELIVERY_REGISTRY_HOSTNAME is a remote registry to push the MQ Image to (if required)
-MQ_PACKAGES ?=MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm
+MQ_DELIVERY_REGISTRY_HOSTNAME ?=
-# MQM_UID is the UID to use for the "mqm" user
+# MQ_DELIVERY_REGISTRY_NAMESPACE is the namespace/path on the delivery registry (if required)
-MQM_UID ?= 888
+MQ_DELIVERY_REGISTRY_NAMESPACE ?=
 # MQ_DELIVERY_REGISTRY_USER is the user for the remote registry (if required)
 MQ_DELIVERY_REGISTRY_USER ?=
 # MQ_DELIVERY_REGISTRY_CREDENTIAL is the password/API key for the remote registry (if required)
 MQ_DELIVERY_REGISTRY_CREDENTIAL ?=
 # REGISTRY_USER is the username used to login to the Red Hat registry
 REGISTRY_USER ?=
 # REGISTRY_PASS is the password used to login to the Red Hat registry
 REGISTRY_PASS ?=
 # ARCH is the platform architecture (e.g. amd64, ppc64le or s390x)
 ARCH ?= $(if $(findstring x86_64,$(shell uname -m)),amd64,$(shell uname -m))
 # Tag to use for fat-manifest 
 MQ_MANIFEST_TAG=$(MQ_VERSION)
 ###############################################################################
 # Other variables
 ###############################################################################
 GO_PKG_DIRS = ./cmd ./internal ./test
 MQ_ARCHIVE_TYPE=LINUX
-MQ_ARCHIVE_DEV_PLATFORM=linux
+MQ_ARCHIVE_DEV_TYPE=Linux
 # ARCH is the platform architecture (e.g. amd64, ppc64le or s390x)
 ARCH=$(if $(findstring x86_64,$(shell uname -m)),amd64,$(shell uname -m))
 # BUILD_SERVER_CONTAINER is the name of the web server container used at build time
 BUILD_SERVER_CONTAINER=build-server
 # NUM_CPU is the number of CPUs available to Docker.  Used to control how many
@@ -68,17 +85,9 @@ IMAGE_REVISION=$(shell git rev-parse HEAD)
 IMAGE_SOURCE=$(shell git config --get remote.origin.url)
 EMPTY:=
 SPACE:= $(EMPTY) $(EMPTY)
-# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.3 instead of 9.1.3.0
+# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.2.0 instead of 9.2.0.0
 MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION))))
 # Set variable if running on a Red Hat Enterprise Linux host
 ifneq ($(wildcard /etc/redhat-release),)
 REDHAT_RELEASE = $(shell cat /etc/redhat-release)
 ifeq "$(findstring Red Hat,$(REDHAT_RELEASE))" "Red Hat"
    RHEL_HOST = "true"
 endif
 endif
 ifneq (,$(findstring Microsoft,$(shell uname -r)))
 	DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/))
 else ifneq (,$(findstring Windows,$(shell echo ${OS})))
@@ -90,31 +99,40 @@ endif
 # Try to figure out which archive to use from the architecture
 ifeq "$(ARCH)" "amd64"
 	MQ_ARCHIVE_ARCH=X86-64
-	MQ_DEV_ARCH=x86-64
+	MQ_ARCHIVE_DEV_ARCH=X64
 else ifeq "$(ARCH)" "ppc64le"
-	MQ_ARCHIVE_ARCH=LE_POWER
+	MQ_ARCHIVE_ARCH=PPC64LE
 	MQ_DEV_ARCH=ppcle
 else ifeq "$(ARCH)" "s390x"
-	MQ_ARCHIVE_ARCH=SYSTEM_Z
+	MQ_ARCHIVE_ARCH=S390X
 	MQ_DEV_ARCH=s390x
 endif
-# Archive names for IBM MQ Advanced for Developers
+
-MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
+ifneq "$(MQ_DELIVERY_REGISTRY_NAMESPACE)" "$(EMPTY)"
-MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
+	MQ_DELIVERY_REGISTRY_FULL_PATH=$(MQ_DELIVERY_REGISTRY_HOSTNAME)/$(MQ_DELIVERY_REGISTRY_NAMESPACE)
-MQ_ARCHIVE_DEV_9.1.2.0=mqadv_dev912_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
+else
-MQ_ARCHIVE_DEV_9.1.3.0=mqadv_dev913_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
+	MQ_DELIVERY_REGISTRY_FULL_PATH=$(MQ_DELIVERY_REGISTRY_HOSTNAME)
 endif
 ifneq "$(RELEASE)" "$(EMPTY)"
 	MQ_TAG=$(MQ_VERSION)-$(RELEASE)-$(ARCH)
 	EXTRA_LABELS=--label release=$(RELEASE)
 	MQ_MANIFEST_TAG=$(MQ_VERSION)-$(RELEASE)
 endif
 MQ_IMAGE_FULL_RELEASE_NAME=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)
 MQ_IMAGE_DEV_FULL_RELEASE_NAME=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG)
 #setup variables for fat-manifests
 MQ_IMAGE_DEVSERVER_MANIFEST=$(MQ_IMAGE_DEVSERVER):$(MQ_MANIFEST_TAG)
 MQ_IMAGE_ADVANCEDSERVER_MANIFEST=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_MANIFEST_TAG)
 MQ_IMAGE_DEVSERVER_AMD64=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEVSERVER):$(MQ_MANIFEST_TAG)-amd64
 MQ_IMAGE_DEVSERVER_S390X=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEVSERVER):$(MQ_MANIFEST_TAG)-s390x
 MQ_IMAGE_ADVANCEDSERVER_AMD64=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_MANIFEST_TAG)-amd64
 MQ_IMAGE_ADVANCEDSERVER_S390X=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_MANIFEST_TAG)-s390x
 ###############################################################################
 # Build targets
 ###############################################################################
 .PHONY: vars
 vars:
 	@echo $(MQ_ARCHIVE_ARCH)
 	@echo $(MQ_ARCHIVE_TYPE)
 	@echo $(MQ_ARCHIVE)
 .PHONY: default
-default: build-devserver test
+default: build-devserver
 # Build all components (except incubating ones)
 .PHONY: all
@@ -126,6 +144,9 @@ test-all: build-devjmstest test-devserver test-advancedserver
 .PHONY: devserver
 devserver: build-devserver build-devjmstest test-devserver
 .PHONY: advancedserver
 advancedserver: build-advancedserver test-advancedserver
 # Build incubating components
 .PHONY: incubating
 incubating: build-explorer
@@ -133,12 +154,18 @@ incubating: build-explorer
 downloads/$(MQ_ARCHIVE_DEV):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
-	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV)
+ifneq "$(MQ_ARCHIVE_REPOSITORY_DEV)" "$(EMPTY)"
 	curl -u $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -X GET "$(MQ_ARCHIVE_REPOSITORY_DEV)" -o downloads/$(MQ_ARCHIVE_DEV)
 else
 	curl -L https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV) -o downloads/$(MQ_ARCHIVE_DEV)
 endif
-downloads/$(MQ_SDK_ARCHIVE):
+downloads/$(MQ_ARCHIVE):
-	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
+	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
-	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_SDK_ARCHIVE)
+ifneq "$(MQ_ARCHIVE_REPOSITORY)" "$(EMPTY)"
 	curl -u $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -X GET "$(MQ_ARCHIVE_REPOSITORY)" -o downloads/$(MQ_ARCHIVE)
 endif
 .PHONY: downloads
 downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE)
@@ -167,7 +194,7 @@ build-devjmstest:
 test-devserver: test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) on $(shell docker --version)"$(END)))
 	docker inspect $(MQ_IMAGE_DEVSERVER):$(MQ_TAG)
-	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER) 
+	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER)
 .PHONY: coverage
 coverage:
@@ -196,138 +223,174 @@ test-advancedserver-cover: test/docker/vendor coverage
 	tail -q -n +2 ./coverage/unit.cov ./coverage/docker.cov  >> ./coverage/combined.cov
 	go tool cover -html=./coverage/combined.cov -o ./coverage/combined.html
 # Build an MQ image.  The commands used are slightly different between Docker and Podman
 define build-mq
-	# Create a temporary network to use for the build
+	$(if $(findstring docker,$(COMMAND)), @docker network create build,)
-	$(DOCKER) network create build
+	$(if $(findstring docker,$(COMMAND)), @docker run --rm --name $(BUILD_SERVER_CONTAINER) --network build --network-alias build --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro --detach docker.io/nginx:alpine,)
-	# Start a web server to host the MQ downloadable (tar.gz) file
+	$(eval EXTRA_ARGS=$(if $(findstring docker,$(COMMAND)), --network build --build-arg MQ_URL=http://build:80/$4, --volume $(DOWNLOADS_DIR):/var/downloads --build-arg MQ_URL=file:///var/downloads/$4))
 	$(DOCKER) run \
 	  --rm \
 	  --name $(BUILD_SERVER_CONTAINER) \
 	  --network build \
 	  --network-alias build \
 	  --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro \
 	  --detach \
 	  docker.io/nginx:alpine
 	# Build the new image
-	$(DOCKER) build \
+	$(COMMAND) build \
 	  --tag $1:$2 \
 	  --file $3 \
-	  --network build \
+		$(EXTRA_ARGS) \
 	  --build-arg MQ_URL=http://build:80/$4 \
 	  --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \
 	  --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \
 	  --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \
 	  --build-arg IMAGE_TAG="$1:$2" \
 	  --build-arg MQM_UID=$(MQM_UID) \
 	  --label version=$(MQ_VERSION) \
 	  --label name=$1 \
 	  --label build-date=$(shell date +%Y-%m-%dT%H:%M:%S%z) \
 	  --label release="$(RELEASE)" \
 	  --label architecture="$(ARCH)" \
 	  --label run="docker run -d -e LICENSE=accept $1:$2" \
 	  --label vcs-ref=$(IMAGE_REVISION) \
 	  --label vcs-type=git \
 	  --label vcs-url=$(IMAGE_SOURCE) \
 	  $(EXTRA_LABELS) \
 	  --target $5 \
-	  . ; $(DOCKER) kill $(BUILD_SERVER_CONTAINER) && $(DOCKER) network rm build
+	  .
-endef
+	$(if $(findstring docker,$(COMMAND)), @docker kill $(BUILD_SERVER_CONTAINER))
-
+	$(if $(findstring docker,$(COMMAND)), @docker network rm build)
 define build-mq-ctr
 	buildah/mq-buildah $1 $2 \
 	  --file /src/Dockerfile-server \
 	  --build-arg MQ_URL="file:///src/downloads/$3" \
 	  --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \
 	  --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \
 	  --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \
 	  --build-arg IMAGE_TAG="$1:$2" \
 	  --build-arg MQM_UID=$(MQM_UID) \
 	  --label version=$(MQ_VERSION) \
 	  --label name=$1 \
 	  --label build-date=$(shell date +%Y-%m-%dT%H:%M:%S%z) \
 	  --label release="$(RELEASE)" \
 	  --label architecture="$(ARCH)" \
 	  --label run="docker run -d -e LICENSE=accept $1:$2" \
 	  --label vcs-ref=$(IMAGE_REVISION) \
 	  --label vcs-type=git \
 	  --label vcs-url=$(IMAGE_SOURCE) \
 	  --target $4
 endef
 DOCKER_SERVER_VERSION=$(shell docker version --format "{{ .Server.Version }}")
 DOCKER_CLIENT_VERSION=$(shell docker version --format "{{ .Client.Version }}")
-.PHONY: docker-version
+PODMAN_VERSION=$(shell podman version --format "{{ .Version }}")
-docker-version:
+.PHONY: command-version
 command-version:
 # If we're using Docker, then check it's recent enough to support multi-stage builds
 ifneq (,$(findstring docker,$(COMMAND)))
 	@test "$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker client 17.05 or greater is required" && exit 1)
 	@test "$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker server 17.05 or greater is required" && exit 1)
-
+endif
-.PHONY: build-advancedserver
+ifneq (,$(findstring podman,$(COMMAND)))
-ifdef RHEL_HOST
+	@test "$(word 1,$(subst ., ,$(PODMAN_VERSION)))" -ge "1" || (echo "Error: Podman version 1.0 or greater is required" && exit 1)
 # Build using Buildah inside a container on RHEL hosts
 build-advancedserver: build-advancedserver-ctr
 else
 build-advancedserver: build-advancedserver-host
 endif
 .PHONY: build-advancedserver-host
-build-advancedserver-host: downloads/$(MQ_ARCHIVE) docker-version
+build-advancedserver-host: build-advancedserver
 .PHONY: build-advancedserver
 build-advancedserver: registry-login log-build-env downloads/$(MQ_ARCHIVE) command-version
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)"$(END)))
 	$(call build-mq,$(MQ_IMAGE_ADVANCEDSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE),mq-server)
-.PHONY: build-advancedserver-ctr
+.PHONY: build-devserver-host
-build-advancedserver-ctr: downloads/$(MQ_ARCHIVE)
+build-devserver-host: build-devserver
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) in a container"$(END)))
 	$(call build-mq-ctr,$(MQ_IMAGE_ADVANCEDSERVER),$(MQ_TAG),$(MQ_ARCHIVE),mq-server)
 .PHONY: build-devserver
-ifdef RHEL_HOST
+build-devserver: registry-login log-build-env downloads/$(MQ_ARCHIVE_DEV) command-version
 # Build using Buildah inside a container on RHEL hosts
 build-devserver: build-devserver-ctr
 else
 build-devserver: build-devserver-host
 endif
 .PHONY: build-devserver-host
 build-devserver-host: downloads/$(MQ_ARCHIVE_DEV) docker-version
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER):$(MQ_TAG)"$(END)))
 	$(call build-mq,$(MQ_IMAGE_DEVSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE_DEV),mq-dev-server)
 .PHONY: build-devserver-ctr
 build-devserver-ctr: downloads/$(MQ_ARCHIVE_DEV)
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) in a container"$(END)))
 	$(call build-mq-ctr,$(MQ_IMAGE_DEVSERVER),$(MQ_TAG),$(MQ_ARCHIVE_DEV),mq-dev-server)
 .PHONY: build-advancedserver-cover
-build-advancedserver-cover: docker-version
+build-advancedserver-cover: registry-login command-version
-	$(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) -t $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover -f Dockerfile-server.cover .
+	$(COMMAND) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) -t $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover -f Dockerfile-server.cover .
 .PHONY: build-explorer
-build-explorer: downloads/$(MQ_ARCHIVE_DEV)
+build-explorer: registry-login downloads/$(MQ_ARCHIVE_DEV)
 	$(call build-mq,mq-explorer,latest-$(ARCH),incubating/mq-explorer/Dockerfile,$(MQ_ARCHIVE_DEV),mq-explorer)
 .PHONY: build-sdk
-build-sdk: downloads/$(MQ_ARCHIVE_DEV)
+build-sdk: registry-login downloads/$(MQ_ARCHIVE_DEV)
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_SDK)"$(END)))
 	$(call build-mq,mq-sdk,$(MQ_TAG),incubating/mq-sdk/Dockerfile,$(MQ_SDK_ARCHIVE),mq-sdk)
-.PHONY: debug-vars
+.PHONY: registry-login
-debug-vars:
+registry-login:
 ifneq ($(REGISTRY_USER),)
 	$(COMMAND) login -u $(REGISTRY_USER) -p $(REGISTRY_PASS) registry.redhat.io
 endif
 .PHONY: log-build-env
 log-build-vars:
 	$(info $(SPACER)$(shell printf $(TITLE)"Build environment"$(END)))
 	@echo ARCH=$(ARCH)
 	@echo MQ_VERSION=$(MQ_VERSION)
 	@echo MQ_VERSION_VRM=$(MQ_VERSION_VRM)
 	@echo MQ_ARCHIVE=$(MQ_ARCHIVE)
 	@echo MQ_ARCHIVE_DEV=$(MQ_ARCHIVE_DEV)
 	@echo MQ_IMAGE_DEVSERVER=$(MQ_IMAGE_DEVSERVER)
 	@echo MQ_IMAGE_ADVANCEDSERVER=$(MQ_IMAGE_ADVANCEDSERVER)
 	@echo COMMAND=$(COMMAND)
 	@echo REGISTRY_USER=$(REGISTRY_USER)
 .PHONY: log-build-env
 log-build-env: log-build-vars
 	$(info $(SPACER)$(shell printf $(TITLE)"Build environment - $(COMMAND) info"$(END)))
 	@echo Command version: $(shell $(COMMAND) --version)
 	$(COMMAND) info
 include formatting.mk
 .PHONY: pull-mq-archive
 pull-mq-archive:
 	curl -u $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -X GET "$(MQ_ARCHIVE_REPOSITORY)" -o downloads/$(MQ_ARCHIVE)
 .PHONY: pull-mq-archive-dev
 pull-mq-archive-dev:
 	curl -u $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -X GET "$(MQ_ARCHIVE_REPOSITORY_DEV)" -o downloads/$(MQ_ARCHIVE_DEV)
 .PHONY: push-advancedserver
 push-advancedserver:
 	$(info $(SPACER)$(shell printf $(TITLE)"Push production image to $(MQ_DELIVERY_REGISTRY_FULL_PATH)"$(END)))
 	$(COMMAND) login $(MQ_DELIVERY_REGISTRY_HOSTNAME) -u $(MQ_DELIVERY_REGISTRY_USER) -p $(MQ_DELIVERY_REGISTRY_CREDENTIAL)
 	$(COMMAND) tag $(MQ_IMAGE_ADVANCEDSERVER)\:$(MQ_TAG) $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_FULL_RELEASE_NAME)
 	$(COMMAND) push $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_FULL_RELEASE_NAME)
 .PHONY: push-devserver
 push-devserver:
 	$(info $(SPACER)$(shell printf $(TITLE)"Push developer image to $(MQ_DELIVERY_REGISTRY_FULL_PATH)"$(END)))
 	$(COMMAND) login $(MQ_DELIVERY_REGISTRY_HOSTNAME) -u $(MQ_DELIVERY_REGISTRY_USER) -p $(MQ_DELIVERY_REGISTRY_CREDENTIAL)
 	$(COMMAND) tag $(MQ_IMAGE_DEVSERVER)\:$(MQ_TAG) $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEV_FULL_RELEASE_NAME)
 	$(COMMAND) push $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEV_FULL_RELEASE_NAME)
 .PHONY: pull-advancedserver
 pull-advancedserver:
 	$(info $(SPACER)$(shell printf $(TITLE)"Pull production image from $(MQ_DELIVERY_REGISTRY_FULL_PATH)"$(END)))
 	$(COMMAND) login $(MQ_DELIVERY_REGISTRY_HOSTNAME) -u $(MQ_DELIVERY_REGISTRY_USER) -p $(MQ_DELIVERY_REGISTRY_CREDENTIAL)
 	$(COMMAND) pull $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_FULL_RELEASE_NAME)
 	$(COMMAND) tag $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_FULL_RELEASE_NAME) $(MQ_IMAGE_ADVANCEDSERVER)\:$(MQ_TAG)
 .PHONY: pull-devserver
 pull-devserver:
 	$(info $(SPACER)$(shell printf $(TITLE)"Pull developer image from $(MQ_DELIVERY_REGISTRY_FULL_PATH)"$(END)))
 	$(COMMAND) login $(MQ_DELIVERY_REGISTRY_HOSTNAME) -u $(MQ_DELIVERY_REGISTRY_USER) -p $(MQ_DELIVERY_REGISTRY_CREDENTIAL)
 	$(COMMAND) pull $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEV_FULL_RELEASE_NAME)
 	$(COMMAND) tag $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEV_FULL_RELEASE_NAME) $(MQ_IMAGE_DEVSERVER)\:$(MQ_TAG)
 .PHONY: push-manifest
 push-manifest: build-skopeo-container
 	$(info $(SPACER)$(shell printf $(TITLE)"** Determining the image digests **"$(END)))
 	$(eval MQ_IMAGE_DEVSERVER_AMD64_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux --override-arch s390x  inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_DEVSERVER_AMD64) | jq -r .Digest))
 	$(eval MQ_IMAGE_DEVSERVER_S390X_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_DEVSERVER_S390X) | jq -r .Digest))
 	$(eval MQ_IMAGE_ADVANCEDSERVER_AMD64_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_ADVANCEDSERVER_AMD64) | jq -r .Digest))
 	$(eval MQ_IMAGE_ADVANCEDSERVER_S390X_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_ADVANCEDSERVER_S390X) | jq -r .Digest))
 	$(info $(shell printf "** Determined the built $(MQ_IMAGE_DEVSERVER_AMD64) has a digest of $(MQ_IMAGE_DEVSERVER_AMD64_DIGEST)**"$(END)))
 	$(info $(shell printf "** Determined the built $(MQ_IMAGE_DEVSERVER_S390X) has a digest of $(MQ_IMAGE_DEVSERVER_S390X_DIGEST)**"$(END)))
 	$(info $(shell printf "** Determined the built $(MQ_IMAGE_ADVANCEDSERVER_AMD64) has a digest of $(MQ_IMAGE_ADVANCEDSERVER_AMD64_DIGEST)**"$(END)))
 	$(info $(shell printf "** Determined the built $(MQ_IMAGE_ADVANCEDSERVER_S390X) has a digest of $(MQ_IMAGE_ADVANCEDSERVER_S390X_DIGEST)**"$(END)))
 	$(info $(shell printf "** Calling script to create fat-manifest for $(MQ_IMAGE_DEVSERVER_MANIFEST)**"$(END)))
 	echo $(shell ./travis-build-scripts/create-manifest-list.sh -r $(MQ_DELIVERY_REGISTRY_HOSTNAME) -n $(MQ_DELIVERY_REGISTRY_NAMESPACE) -i $(MQ_IMAGE_DEVSERVER) -t $(MQ_MANIFEST_TAG) -u $(MQ_ARCHIVE_REPOSITORY_USER) -p $(MQ_ARCHIVE_REPOSITORY_CREDENTIAL)  -d "$(MQ_IMAGE_DEVSERVER_AMD64_DIGEST) $(MQ_IMAGE_DEVSERVER_S390X_DIGEST)" $(END))
 	$(info $(shell printf "** Calling script to create fat-manifest for $(MQ_IMAGE_ADVANCEDSERVER_MANIFEST)**"$(END)))
 	echo $(shell ./travis-build-scripts/create-manifest-list.sh -r $(MQ_DELIVERY_REGISTRY_HOSTNAME) -n $(MQ_DELIVERY_REGISTRY_NAMESPACE) -i $(MQ_IMAGE_ADVANCEDSERVER) -t $(MQ_MANIFEST_TAG) -u $(MQ_ARCHIVE_REPOSITORY_USER) -p $(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -d "$(MQ_IMAGE_ADVANCEDSERVER_AMD64_DIGEST) $(MQ_IMAGE_ADVANCEDSERVER_S390X_DIGEST)" $(END))
 .PHONY: build-skopeo-container
 build-skopeo-container:
 	$(COMMAND) images | grep -q "skopeo"; if [ $$? != 0 ]; then docker build -t skopeo:latest ./docker-builds/skopeo/; fi
 .PHONY: clean
 clean:
 	rm -rf ./coverage
 	rm -rf ./build
 	rm -rf ./deps
-.PHONY: deps
+.PHONY: install-build-deps
-deps:
+install-build-deps:
-	glide install --strip-vendor
+	ARCH=$(ARCH) ./install-build-deps.sh
 .PHONY: install-credential-helper
 install-credential-helper:
 ifeq ($(ARCH),amd64)
 	ARCH=$(ARCH) ./travis-build-scripts/install-credential-helper.sh
 endif
 .PHONY: build-cov
 build-cov:
@@ -348,7 +411,8 @@ lint: $(addsuffix /$(wildcard *.go), $(GO_PKG_DIRS))
 	golint -set_exit_status $(sort $(dir $(wildcard $(addsuffix /*/*.go, $(GO_PKG_DIRS)))))
 .PHONY: gosec
-gosec: $(info $(SPACER)$(shell printf "Running gosec test"$(END)))
+gosec:
 	$(info $(SPACER)$(shell printf "Running gosec test"$(END)))
 	@gosec -fmt=json -out=gosec_results.json cmd/... internal/... 2> /dev/null ;\
 	cat "gosec_results.json" ;\
 	cat gosec_results.json | grep HIGH | grep severity > /dev/null ;\
--- a/NOTICES.txt
+++ b/NOTICES.txt
--- a/README.md
+++ b/README.md
@@ -44,12 +44,11 @@ For issues relating specifically to the container image or Helm chart, please us
 The Dockerfiles and associated code and scripts are licensed under the [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0.html).
 Licenses for the products installed within the images are as follows:
- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BBZHCQ) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BMKG5H) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BBSHJL) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-BMJJBM) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
 - License information for Ubuntu packages may be found in `/usr/share/doc/${package}/copyright`
 Note: The IBM MQ Advanced for Developers license does not permit further distribution and the terms restrict usage to a developer machine.
 ## Copyright
-© Copyright IBM Corporation 2015, 2019
+© Copyright IBM Corporation 2015, 2020
--- a/buildah/Dockerfile
+++ b/buildah/Dockerfile
@@ -1,23 +0,0 @@
 # © Copyright IBM Corporation 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Fedora includes more recent versions of buildah (need buildah V1.7 to get 
 # multi-stage builds to work properly)
 FROM docker.io/fedora:29
 RUN yum install -y buildah
 COPY build.sh /usr/local/bin/build
 RUN chmod +x /usr/local/bin/build
 ENV STORAGE_DRIVER=vfs
 ENV BUILDAH_ISOLATION=chroot
 ENTRYPOINT ["build"]
--- a/buildah/build.sh
+++ b/buildah/build.sh
@@ -1,41 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a container image from a Dockerfile using Buildah
 # If the Docker socket is available, the image will be pushed to Docker once built.
 readonly IMAGE=$1:$2
 shift
 shift
 readonly SRC="/src"
 readonly OCI_DIR="/var/oci"
 echo "****************************************"
 echo " Inside the Buildah container"
 echo "****************************************"
 set -ex
 # Build using the supplied options.  Always pass the source directory in, and 
 # use it as the build context
 buildah build-using-dockerfile --tag ${IMAGE} --volume /src:/src "$@" /src
 if [ -e ${OCI_DIR} ]; then
  buildah push ${IMAGE} oci-archive:${OCI_DIR}/${IMAGE}
 fi
 if [ -e /var/run/docker.sock ]; then
  buildah push ${IMAGE} docker-daemon:${IMAGE}
 fi
--- a/buildah/mq-buildah
+++ b/buildah/mq-buildah
@@ -1,51 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build and run a container image with Buildah installed
 if [ $# -eq 0 ]; then
  echo "Usage: $0 imageName imageTag buildah-options"
  exit 1
 fi
 readonly SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
 readonly DIR=${SCRIPT_DIR}/..
 readonly BUILDAH_IMAGE=mq-buildah
 RUN_OPTS="--volume ${DIR}:/src --cap-add SYS_ADMIN --rm --interactive --tty"
 CMD="docker"
 # If Docker is installed, then map the Docker socket into the container, to
 # allow buildah to push the resulting image into Docker's image store
 # WARNING: This means that the buildah container can do anything the "docker"
 # can do.
 command -v docker
 if [[ $? == 0 && -e /var/run/docker.sock ]]; then
  RUN_OPTS="${RUN_OPTS} --volume /var/run/docker.sock:/var/run/docker.sock"
 fi
 command -v podman
 if [[ $? -eq 0 ]]; then
  CMD="podman"
  OCI_DIR="/tmp/mq-buildah"
  mkdir -p ${OCI_DIR}
  RUN_OPTS="${RUN_OPTS} --volume ${OCI_DIR}:/var/oci"
  echo "Image archives will be written to ${OCI_DIR}"
 fi
 ${CMD} build --tag ${BUILDAH_IMAGE} --file ${SCRIPT_DIR}/Dockerfile ${SCRIPT_DIR}
 set -x
 ${CMD} run ${RUN_OPTS} ${BUILDAH_IMAGE} "$@"
--- a/cmd/chkmqhealthy/main.go
+++ b/cmd/chkmqhealthy/main.go
@@ -23,7 +23,7 @@ import (
 	"os/exec"
 	"strings"
-	"github.com/ibm-messaging/mq-container/internal/name"
+	"github.com/ibm-messaging/mq-container/pkg/name"
 )
 func queueManagerHealthy() (bool, error) {
--- a/cmd/chkmqready/main.go
+++ b/cmd/chkmqready/main.go
@@ -22,8 +22,8 @@ import (
 	"net"
 	"os"
 	"github.com/ibm-messaging/mq-container/internal/name"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 	"github.com/ibm-messaging/mq-container/pkg/name"
 )
 func main() {
--- a/cmd/runmqdevserver/main.go
+++ b/cmd/runmqdevserver/main.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,11 +22,10 @@ import (
 	"os/exec"
 	"syscall"
-	"github.com/ibm-messaging/mq-container/internal/command"
+	"github.com/ibm-messaging/mq-container/internal/htpasswd"
-	"github.com/ibm-messaging/mq-container/internal/containerruntimelogger"
+	"github.com/ibm-messaging/mq-container/pkg/containerruntimelogger"
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
-	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
+	"github.com/ibm-messaging/mq-container/pkg/name"
 	"github.com/ibm-messaging/mq-container/internal/name"
 )
 var log *logger.Logger
@@ -43,7 +42,7 @@ func setPassword(user string, password string) error {
 	if err != nil {
 		log.Errorf("Error closing password stdin: %v", err)
 	}
-	out, _, err := command.RunCmd(cmd)
+	out, err := cmd.CombinedOutput()
 	if err != nil {
 		// Include the command output in the error
 		return fmt.Errorf("%v: %v", err.Error(), out)
@@ -90,11 +89,6 @@ func configureLogger() error {
 	return nil
 }
 func configureWeb(qmName string) error {
 	out := "/etc/mqm/web/installations/Installation1/angular.persistence/admin.json"
 	return mqtemplate.ProcessTemplateFile("/etc/mqm/admin.json.tpl", out, map[string]string{"QueueManagerName": qmName}, log)
 }
 func logTerminationf(format string, args ...interface{}) {
 	logTermination(fmt.Sprintf(format, args...))
 }
@@ -126,16 +120,23 @@ func doMain() error {
 	}
 	adminPassword, set := os.LookupEnv("MQ_ADMIN_PASSWORD")
-	if set {
+	if !set {
-		err = setPassword("admin", adminPassword)
+		adminPassword = "passw0rd"
 		err = os.Setenv("MQ_ADMIN_PASSWORD", adminPassword)
 		if err != nil {
-			logTerminationf("Error setting admin password: %v", err)
+			logTerminationf("Error setting admin password variable: %v", err)
 			return err
 		}
 	}
 	err = htpasswd.SetPassword("admin", adminPassword, false)
 	if err != nil {
 		logTerminationf("Error setting admin password: %v", err)
 		return err
 	}
 	appPassword, set := os.LookupEnv("MQ_APP_PASSWORD")
 	if set {
-		err = setPassword("app", appPassword)
+		err = htpasswd.SetPassword("app", appPassword, false)
 		if err != nil {
 			logTerminationf("Error setting app password: %v", err)
 			return err
@@ -148,18 +149,6 @@ func doMain() error {
 		return err
 	}
 	name, err := name.GetQueueManagerName()
 	if err != nil {
 		logTerminationf("Error getting queue manager name: %v", err)
 		return err
 	}
 	err = configureWeb(name)
 	if err != nil {
 		logTermination("Error configuring admin.json")
 		return err
 	}
 	return nil
 }
@@ -172,7 +161,7 @@ func main() {
 	} else {
 		// Replace this process with runmqserver
 		// #nosec G204
-		err = syscall.Exec("/usr/local/bin/runmqserver", []string{"runmqserver", "-dev"}, os.Environ())
+		err = syscall.Exec("/usr/local/bin/runmqserver", []string{"runmqserver", "-nologruntime", "-dev"}, os.Environ())
 		if err != nil {
 			log.Errorf("Error replacing this process with runmqserver: %v", err)
 		}
--- a/cmd/runmqserver/crtmqvol.go
+++ b/cmd/runmqserver/crtmqvol.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2019
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -17,14 +17,10 @@ package main
 import (
 	"os"
 	"runtime"
 	"syscall"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
 func createVolume(dataPath string) error {
-	fi, err := os.Stat(dataPath)
+	_, err := os.Stat(dataPath)
 	if err != nil {
 		if os.IsNotExist(err) {
 			// #nosec G301
@@ -36,25 +32,5 @@ func createVolume(dataPath string) error {
 			return err
 		}
 	}
 	fi, err = os.Stat(dataPath)
 	if err != nil {
 		return err
 	}
 	sys := fi.Sys()
 	if sys != nil && runtime.GOOS == "linux" {
 		stat := sys.(*syscall.Stat_t)
 		mqmUID, mqmGID, err := command.LookupMQM()
 		if err != nil {
 			return err
 		}
 		log.Debugf("mqm user is %v (%v)", mqmUID, mqmGID)
 		if int(stat.Uid) != mqmUID || int(stat.Gid) != mqmGID {
 			err = os.Chown(dataPath, mqmUID, mqmGID)
 			if err != nil {
 				log.Printf("Error: Unable to change ownership of %v", dataPath)
 				return err
 			}
 		}
 	}
 	return nil
 }
--- a/cmd/runmqserver/logging.go
+++ b/cmd/runmqserver/logging.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2019
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -23,12 +23,13 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
 	"github.com/ibm-messaging/mq-container/internal/command"
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
-	"github.com/ibm-messaging/mq-container/internal/mqini"
+	"github.com/ibm-messaging/mq-container/pkg/mqini"
 )
 // var debug = false
@@ -60,8 +61,25 @@ func getLogFormat() string {
 	return os.Getenv("LOG_FORMAT")
 }
-func formatSimple(datetime string, message string) string {
+// formatBasic formats a log message parsed from JSON, as "basic" text
-	return fmt.Sprintf("%v %v\n", datetime, message)
+func formatBasic(obj map[string]interface{}) string {
 	// Emulate the MQ "MessageDetail=Extended" option, by appending inserts to the message
 	// This is important for certain messages, where key details are only available in the extended message content
 	inserts := make([]string, 0)
 	for k, v := range obj {
 		if strings.HasPrefix(k, "ibm_commentInsert") {
 			inserts = append(inserts, fmt.Sprintf("%s(%v)", strings.Replace(k, "ibm_comment", "Comment", 1), obj[k]))
 		} else if strings.HasPrefix(k, "ibm_arithInsert") {
 			if v.(float64) != 0 {
 				inserts = append(inserts, fmt.Sprintf("%s(%v)", strings.Replace(k, "ibm_arith", "Arith", 1), obj[k]))
 			}
 		}
 	}
 	sort.Strings(inserts)
 	if len(inserts) > 0 {
 		return fmt.Sprintf("%s %s [%v]\n", obj["ibm_datetime"], obj["message"], strings.Join(inserts, ", "))
 	}
 	return fmt.Sprintf("%s %s\n", obj["ibm_datetime"], obj["message"])
 }
 // mirrorSystemErrorLogs starts a goroutine to mirror the contents of the MQ system error logs
@@ -126,7 +144,8 @@ func configureLogger(name string) (mirrorFunc, error) {
 			if err != nil {
 				log.Printf("Failed to unmarshall JSON - %v", err)
 			} else {
-				fmt.Printf(formatSimple(obj["ibm_datetime"].(string), obj["message"].(string)))
+				fmt.Printf(formatBasic(obj))
 				// fmt.Printf(formatSimple(obj["ibm_datetime"].(string), obj["message"].(string)))
 			}
 			return true
 		}, nil
@@ -154,41 +173,43 @@ func filterQMLogMessage(obj map[string]interface{}) bool {
 }
 func logDiagnostics() {
-	log.Debug("--- Start Diagnostics ---")
+	if getDebug() {
 		log.Debug("--- Start Diagnostics ---")
-	// show the directory ownership/permissions
+		// show the directory ownership/permissions
-	// #nosec G104
+		// #nosec G104
-	out, _, _ := command.Run("ls", "-l", "/mnt/")
+		out, _, _ := command.Run("ls", "-l", "/mnt/")
-	log.Debugf("/mnt/:\n%s", out)
+		log.Debugf("/mnt/:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/mnt/mqm")
+		out, _, _ = command.Run("ls", "-l", "/mnt/mqm")
-	log.Debugf("/mnt/mqm:\n%s", out)
+		log.Debugf("/mnt/mqm:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/mnt/mqm/data")
+		out, _, _ = command.Run("ls", "-l", "/mnt/mqm/data")
-	log.Debugf("/mnt/mqm/data:\n%s", out)
+		log.Debugf("/mnt/mqm/data:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/mnt/mqm-log/log")
+		out, _, _ = command.Run("ls", "-l", "/mnt/mqm-log/log")
-	log.Debugf("/mnt/mqm-log/log:\n%s", out)
+		log.Debugf("/mnt/mqm-log/log:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/mnt/mqm-data/qmgrs")
+		out, _, _ = command.Run("ls", "-l", "/mnt/mqm-data/qmgrs")
-	log.Debugf("/mnt/mqm-data/qmgrs:\n%s", out)
+		log.Debugf("/mnt/mqm-data/qmgrs:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/var/mqm")
+		out, _, _ = command.Run("ls", "-l", "/var/mqm")
-	log.Debugf("/var/mqm:\n%s", out)
+		log.Debugf("/var/mqm:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/var/mqm/errors")
+		out, _, _ = command.Run("ls", "-l", "/var/mqm/errors")
-	log.Debugf("/var/mqm/errors:\n%s", out)
+		log.Debugf("/var/mqm/errors:\n%s", out)
-	// #nosec G104
+		// #nosec G104
-	out, _, _ = command.Run("ls", "-l", "/etc/mqm")
+		out, _, _ = command.Run("ls", "-l", "/etc/mqm")
-	log.Debugf("/etc/mqm:\n%s", out)
+		log.Debugf("/etc/mqm:\n%s", out)
-	// Print out summary of any FDCs
+		// Print out summary of any FDCs
-	// #nosec G204
+		// #nosec G204
-	cmd := exec.Command("/opt/mqm/bin/ffstsummary")
+		cmd := exec.Command("/opt/mqm/bin/ffstsummary")
-	cmd.Dir = "/var/mqm/errors"
+		cmd.Dir = "/var/mqm/errors"
-	// #nosec G104
+		// #nosec G104
-	outB, _ := cmd.CombinedOutput()
+		outB, _ := cmd.CombinedOutput()
-	log.Debugf("ffstsummary:\n%s", string(outB))
+		log.Debugf("ffstsummary:\n%s", string(outB))
-	log.Debug("---  End Diagnostics  ---")
+		log.Debug("---  End Diagnostics  ---")
 	}
 }
--- a/cmd/runmqserver/logging_test.go
+++ b/cmd/runmqserver/logging_test.go
@@ -0,0 +1,55 @@
 /*
 © Copyright IBM Corporation 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"encoding/json"
 	"fmt"
 	"strings"
 	"testing"
 )
 var formatBasicTests = []struct {
 	in          []byte
 	outContains string
 }{
 	{
 		[]byte("{\"ibm_datetime\":\"2020/06/24 00:00:00\",\"message\":\"Hello world\"}"),
 		"Hello",
 	},
 	{
 		[]byte("{\"ibm_datetime\":\"2020/06/24 00:00:00\",\"message\":\"Hello world\", \"ibm_commentInsert1\":\"foo\"}"),
 		"CommentInsert1(foo)",
 	},
 	{
 		[]byte("{\"ibm_datetime\":\"2020/06/24 00:00:00\",\"message\":\"Hello world\", \"ibm_arithInsert1\":1}"),
 		"ArithInsert1(1)",
 	},
 }
 func TestFormatBasic(t *testing.T) {
 	for i, table := range formatBasicTests {
 		t.Run(fmt.Sprintf("%v", i), func(t *testing.T) {
 			var inObj map[string]interface{}
 			json.Unmarshal(table.in, &inObj)
 			t.Logf("Unmarshalled: %+v", inObj)
 			out := formatBasic(inObj)
 			if !strings.Contains(out, table.outContains) {
 				t.Errorf("formatBasic() with input=%v - expected output to contain %v, got %v", string(table.in), table.outContains, out)
 			}
 		})
 	}
 }
--- a/cmd/runmqserver/main.go
+++ b/cmd/runmqserver/main.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2019
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -24,18 +24,18 @@ import (
 	"os"
 	"sync"
 	"github.com/ibm-messaging/mq-container/internal/containerruntimelogger"
 	"github.com/ibm-messaging/mq-container/internal/metrics"
 	"github.com/ibm-messaging/mq-container/internal/name"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 	"github.com/ibm-messaging/mq-container/internal/tls"
-	"github.com/ibm-messaging/mq-container/internal/mqini"
+	"github.com/ibm-messaging/mq-container/pkg/containerruntimelogger"
 	"github.com/ibm-messaging/mq-container/pkg/name"
 )
 func doMain() error {
 	var initFlag = flag.Bool("i", false, "initialize volume only, then exit")
 	var infoFlag = flag.Bool("info", false, "Display debug info, then exit")
-	var devFlag = flag.Bool("dev", false, "used when running this program from runmqdevserver to control log output")
+	var noLogRuntimeFlag = flag.Bool("nologruntime", false, "used when running this program from another program, to control log output")
 	var devFlag = flag.Bool("dev", false, "used when running this program from runmqdevserver to control how TLS is configured")
 	flag.Parse()
 	name, nameErr := name.GetQueueManagerName()
@@ -88,7 +88,7 @@ func doMain() error {
 	// Enable diagnostic collecting on failure
 	collectDiagOnFail = true
-	if *devFlag == false {
+	if *noLogRuntimeFlag == false {
 		err = containerruntimelogger.LogContainerDetails(log)
 		if err != nil {
 			logTermination(err)
@@ -112,12 +112,29 @@ func doMain() error {
 		return err
 	}
 	enableTraceCrtmqdir := os.Getenv("MQ_ENABLE_TRACE_CRTMQDIR")
 	if enableTraceCrtmqdir == "true" || enableTraceCrtmqdir == "1" {
 		err = startMQTrace()
 		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
 	err = createDirStructure()
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	if enableTraceCrtmqdir == "true" || enableTraceCrtmqdir == "1" {
 		err = endMQTrace()
 		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
 	// If init flag is set, exit now
 	if *initFlag {
 		return nil
@@ -126,29 +143,30 @@ func doMain() error {
 	// Print out versioning information
 	logVersionInfo()
-	keylabel, cmsDB, p12Trust, _, err := tls.ConfigureTLSKeystores(keyDir, trustDir, keyStoreDir)
+	keyLabel, cmsKeystore, p12Truststore, err := tls.ConfigureTLSKeystores()
 	if err != nil {
 		logTermination(err)
 		return err
 	}
-	err = configureTLS(keylabel, cmsDB, *devFlag)
+	err = tls.ConfigureTLS(keyLabel, cmsKeystore, *devFlag, log)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
-	err = postInit(name, keylabel, p12Trust)
+	err = postInit(name, keyLabel, p12Truststore)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
-	newQM, err := createQueueManager(name)
+	newQM, err := createQueueManager(name, *devFlag)
 	if err != nil {
 		logTermination(err)
 		return err
 	}
 	var wg sync.WaitGroup
 	defer func() {
 		log.Debug("Waiting for log mirroring to complete")
@@ -176,10 +194,23 @@ func doMain() error {
 		return err
 	}
-	err = mqini.AddStanzas(name)
+	enableTraceStrmqm := os.Getenv("MQ_ENABLE_TRACE_STRMQM")
-	if err != nil {
+	if enableTraceStrmqm == "true" || enableTraceStrmqm == "1" {
-		logTermination(err)
+		err = startMQTrace()
-		return err
+		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
 	// This is a developer image only change
 	// This workaround should be removed and handled via <crtmqm -ii>, when inimerge is ready to handle stanza ordering
 	if *devFlag {
 		err = updateQMini(name)
 		if err != nil {
 			logTermination(err)
 			return err
 		}
 	}
 	err = startQueueManager(name)
@@ -187,8 +218,9 @@ func doMain() error {
 		logTermination(err)
 		return err
 	}
-	if standby, _ := ready.IsRunningAsStandbyQM(name); !standby {
+
-		err = configureQueueManager()
+	if enableTraceStrmqm == "true" || enableTraceStrmqm == "1" {
 		err = endMQTrace()
 		if err != nil {
 			logTermination(err)
 			return err
--- a/cmd/runmqserver/main_test.go
+++ b/cmd/runmqserver/main_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2018
+© Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ import (
 	"strconv"
 	"testing"
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
 )
 var test *bool
--- a/cmd/runmqserver/post_init.go
+++ b/cmd/runmqserver/post_init.go
@@ -22,18 +22,23 @@ import (
 )
 // postInit is run after /var/mqm is set up
-func postInit(name, keylabel string, p12Trust tls.KeyStoreData) error {
+func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error {
 	enableWebServer := os.Getenv("MQ_ENABLE_EMBEDDED_WEB_SERVER")
 	if enableWebServer == "true" || enableWebServer == "1" {
 		// Configure the web server (if enabled)
-		keystore, err := configureWebServer(keylabel, p12Trust)
+		webKeystore, err := configureWebServer(keyLabel, p12Truststore)
 		if err != nil {
 			return err
 		}
 		// If trust-store is empty, set reference to point to the keystore
 		webTruststoreRef := "MQWebTrustStore"
 		if len(p12Truststore.TrustedCerts) == 0 {
 			webTruststoreRef = "MQWebKeyStore"
 		}
 		// Start the web server, in the background (if installed)
 		// WARNING: No error handling or health checking available for the web server
 		go func() {
-			err = startWebServer(keystore, p12Trust.Password)
+			err = startWebServer(webKeystore, p12Truststore.Password, webTruststoreRef)
 			if err != nil {
 				log.Printf("Error starting web server: %v", err)
 			}
--- a/cmd/runmqserver/qmgr.go
+++ b/cmd/runmqserver/qmgr.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2019
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -16,12 +16,12 @@ limitations under the License.
 package main
 import (
 	"bytes"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
@@ -32,18 +32,25 @@ import (
 // createDirStructure creates the default MQ directory structure under /var/mqm
 func createDirStructure() error {
-	out, _, err := command.Run("/opt/mqm/bin/crtmqdir", "-f", "-a")
+	// log file diagnostics before and after crtmqdir if DEBUG=true
 	logDiagnostics()
 	out, rc, err := command.Run("/opt/mqm/bin/crtmqdir", "-f", "-a")
 	if err != nil {
-		log.Printf("Error creating directory structure: %v\n", string(out))
+		if rc == 10 {
-		return err
+			log.Printf("Warning creating directory structure: %v\n", string(out))
 		} else {
 			log.Printf("Error creating directory structure: %v\n", string(out))
 			return err
 		}
 	}
 	log.Println("Created directory structure under /var/mqm")
 	logDiagnostics()
 	return nil
 }
 // createQueueManager creates a queue manager, if it doesn't already exist.
 // It returns true if one was created (or a standby was created), or false if one already existed
-func createQueueManager(name string) (bool, error) {
+func createQueueManager(name string, devMode bool) (bool, error) {
 	log.Printf("Creating queue manager %v", name)
 	// Run 'dspmqinf' to check if 'mqs.ini' configuration file exists
@@ -66,7 +73,7 @@ func createQueueManager(name string) (bool, error) {
 	_, err = os.Stat(filepath.Join(dataDir, "qm.ini"))
 	if err != nil {
 		// If 'qm.ini' is not found - run 'crtmqm' to create a new queue manager
-		args := getCreateQueueManagerArgs(mounts, name)
+		args := getCreateQueueManagerArgs(mounts, name, devMode)
 		out, rc, err := command.Run("crtmqm", args...)
 		if err != nil {
 			log.Printf("Error %v creating queue manager: %v", rc, string(out))
@@ -116,74 +123,20 @@ func startQueueManager(name string) error {
 	return nil
 }
 func configureQueueManager() error {
 	const configDir string = "/etc/mqm"
 	files, err := ioutil.ReadDir(configDir)
 	if err != nil {
 		log.Println(err)
 		return err
 	}
 	for _, file := range files {
 		if strings.HasSuffix(file.Name(), ".mqsc") {
 			abs := filepath.Join(configDir, file.Name())
 			// #nosec G204
 			verify := exec.Command("runmqsc", "-v", "-e")
 			// #nosec G204 - command is fixed, no injection vector
 			cmd := exec.Command("runmqsc")
 			// Read mqsc file into variable
 			// #nosec G304 - filename variable is derived from contents of 'configDir' which is a defined constant
 			mqsc, err := ioutil.ReadFile(abs)
 			if err != nil {
 				log.Printf("Error reading file %v: %v", abs, err)
 				continue
 			}
 			// Write mqsc to buffer
 			var buffer bytes.Buffer
 			_, err = buffer.Write(mqsc)
 			if err != nil {
 				log.Printf("Error writing MQSC file %v to buffer: %v", abs, err)
 				continue
 			}
 			verifyBuffer := buffer
 			// Buffer mqsc to stdin of runmqsc
 			cmd.Stdin = &buffer
 			verify.Stdin = &verifyBuffer
 			// Verify the MQSC commands
 			out, err := verify.CombinedOutput()
 			if err != nil {
 				log.Errorf("Error verifying MQSC file %v (%v):\n\t%v", file.Name(), err, formatMQSCOutput(string(out)))
 				return fmt.Errorf("Error verifying MQSC file %v (%v):\n\t%v", file.Name(), err, formatMQSCOutput(string(out)))
 			}
 			// Run runmqsc command
 			out, err = cmd.CombinedOutput()
 			if err != nil {
 				log.Errorf("Error running MQSC file %v (%v):\n\t%v", file.Name(), err, formatMQSCOutput(string(out)))
 				continue
 			} else {
 				// Print the runmqsc output, adding tab characters to make it more readable as part of the log
 				log.Printf("Output for \"runmqsc\" with %v:\n\t%v", abs, formatMQSCOutput(string(out)))
 			}
 		}
 	}
 	return nil
 }
 func stopQueueManager(name string) error {
 	log.Println("Stopping queue manager")
 	qmGracePeriod := os.Getenv("MQ_GRACE_PERIOD")
 	isStandby, err := ready.IsRunningAsStandbyQM(name)
 	if err != nil {
-		log.Printf("Error getting status for queue manager %v: ", name, err.Error())
+		log.Printf("Error getting status for queue manager %v: %v", name, err.Error())
 		return err
 	}
-	args := []string{"-w", "-r", name}
+	args := []string{"-w", "-r", "-tp", qmGracePeriod, name}
 	if os.Getenv("MQ_MULTI_INSTANCE") == "true" {
 		if isStandby {
 			args = []string{"-x", name}
 		} else {
-			args = []string{"-s", "-w", "-r", name}
+			args = []string{"-s", "-w", "-r", "-tp", qmGracePeriod, name}
 		}
 	}
 	out, rc, err := command.Run("endmqm", args...)
@@ -199,6 +152,28 @@ func stopQueueManager(name string) error {
 	return nil
 }
 func startMQTrace() error {
 	log.Println("Starting MQ trace")
 	out, rc, err := command.Run("strmqtrc")
 	if err != nil {
 		log.Printf("Error %v starting trace: %v", rc, string(out))
 		return err
 	}
 	log.Println("Started MQ trace")
 	return nil
 }
 func endMQTrace() error {
 	log.Println("Ending MQ Trace")
 	out, rc, err := command.Run("endmqtrc")
 	if err != nil {
 		log.Printf("Error %v ending trace: %v", rc, string(out))
 		return err
 	}
 	log.Println("Ended MQ trace")
 	return nil
 }
 func formatMQSCOutput(out string) string {
 	// redact sensitive information
 	out, _ = mqscredact.Redact(out)
@@ -227,8 +202,11 @@ func getQueueManagerDataDir(mounts map[string]string, name string) string {
 	return dataDir
 }
-func getCreateQueueManagerArgs(mounts map[string]string, name string) []string {
+func getCreateQueueManagerArgs(mounts map[string]string, name string, devMode bool) []string {
-	args := []string{"-q", "-p", "1414"}
+	args := []string{"-ii", "/etc/mqm/", "-ic", "/etc/mqm/", "-q", "-p", "1414"}
 	if devMode {
 		args = append(args, "-oa", "user")
 	}
 	if _, ok := mounts["/mnt/mqm-log"]; ok {
 		args = append(args, "-ld", "/mnt/mqm-log/log")
 	}
@@ -247,3 +225,48 @@ func getCreateStandbyQueueManagerArgs(name string) []string {
 	args = append(args, "-v", fmt.Sprintf("DataPath=/mnt/mqm-data/qmgrs/%v", name))
 	return args
 }
 // updateQMini removes the original ServicecCmponent stanza so we can add a new one
 func updateQMini(qmname string) error {
 	val, set := os.LookupEnv("MQ_CONNAUTH_USE_HTP")
 	if !set {
 		//htpasswd mode not enabled.
 		return nil
 	}
 	bval, err := strconv.ParseBool(strings.ToLower(val))
 	if err != nil {
 		return err
 	}
 	if bval == false {
 		//htpasswd mode not enabled.
 		return nil
 	}
 	log.Printf("Removing existing ServiceComponent configuration")
 	mounts, err := containerruntime.GetMounts()
 	if err != nil {
 		log.Printf("Error getting mounts for queue manager")
 		return err
 	}
 	dataDir := getQueueManagerDataDir(mounts, qmname)
 	qmgrDir := filepath.Join(dataDir, "qm.ini")
 	//read the initial version.
 	// #nosec G304 - qmgrDir filepath is derived from dspmqinf
 	iniFileBytes, err := ioutil.ReadFile(qmgrDir)
 	if err != nil {
 		return err
 	}
 	qminiConfigStr := string(iniFileBytes)
 	if strings.Contains(qminiConfigStr, "ServiceComponent:") {
 		var re = regexp.MustCompile(`(?m)^.*ServiceComponent.*$\s^.*Service.*$\s^.*Name.*$\s^.*Module.*$\s^.*ComponentDataSize.*$`)
 		curFile := re.ReplaceAllString(qminiConfigStr, "")
 		// #nosec G304 - qmgrDir filepath is derived from dspmqinf
 		err := ioutil.WriteFile(qmgrDir, []byte(curFile), 0660)
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
--- a/cmd/runmqserver/tls.go
+++ b/cmd/runmqserver/tls.go
@@ -1,166 +0,0 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/keystore"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )
 // Location to store the keystores
 const keyStoreDir = "/run/runmqserver/tls/"
 // KeyDir is the location of the certificate keys to import
 const keyDir = "/etc/mqm/pki/keys"
 // TrustDir is the location of the Certifates to add
 const trustDir = "/etc/mqm/pki/trust"
 // configureWebTLS configures TLS for Web Console
 func configureWebTLS(label string) error {
 	// Return immediately if we have no certificate to use as identity
 	if label == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") == "" {
 		return nil
 	}
 	webConfigDir := "/etc/mqm/web/installations/Installation1/servers/mqweb"
 	tls := "tls.xml"
 	tlsConfig := filepath.Join(webConfigDir, tls)
 	newTLSConfig := filepath.Join(webConfigDir, tls+".tpl")
 	err := os.Remove(tlsConfig)
 	if err != nil {
 		return fmt.Errorf("Could not delete file %s: %v", tlsConfig, err)
 	}
 	// we symlink here to prevent issues on restart
 	err = os.Symlink(newTLSConfig, tlsConfig)
 	if err != nil {
 		return fmt.Errorf("Could not create symlink %s->%s: %v", newTLSConfig, tlsConfig, err)
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		return fmt.Errorf("Could not find mqm user or group: %v", err)
 	}
 	err = os.Chown(tlsConfig, mqmUID, mqmGID)
 	if err != nil {
 		return fmt.Errorf("Could change ownership of %s to mqm: %v", tlsConfig, err)
 	}
 	return nil
 }
 // configureTLSDev configures TLS for developer defaults
 func configureTLSDev() error {
 	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
 	const sslCipherSpec string = "TLS_RSA_WITH_AES_128_CBC_SHA256"
 	if os.Getenv("MQ_DEV") == "true" {
 		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
 			"SSLCipherSpec": sslCipherSpec,
 		}, log)
 		if err != nil {
 			return err
 		}
 	} else {
 		_, err := os.Stat(mqsc)
 		if !os.IsNotExist(err) {
 			err = os.Remove(mqsc)
 			if err != nil {
 				log.Errorf("Error removing file %s: %v", mqsc, err)
 				return err
 			}
 		}
 	}
 	return nil
 }
 // configureTLS configures TLS for queue manager
 func configureTLS(certLabel string, cmsKeystore tls.KeyStoreData, devmode bool) error {
 	log.Debug("Configuring TLS")
 	const mqsc string = "/etc/mqm/15-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
 	err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
 		"SSLKeyR":          strings.TrimSuffix(cmsKeystore.Keystore.Filename, ".kdb"),
 		"CertificateLabel": certLabel,
 	}, log)
 	if err != nil {
 		return err
 	}
 	if devmode && certLabel != "" {
 		err = configureTLSDev()
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
 // configureSSOTLS configures MQ Console TLS for Single Sign-On
 func configureSSOTLS(p12TrustStore tls.KeyStoreData) (string, error) {
 	// TODO find way to supply this
 	// Override the webstore variables to hard coded defaults
 	webKeyStoreName := tls.IntegrationDefaultLabel + ".p12"
 	// Check keystore exists
 	ks := filepath.Join(keyStoreDir, webKeyStoreName)
 	_, err := os.Stat(ks)
 	// Now we know if the file exists let's check whether we should have it or not.
 	// Check if we're being told to generate the certificate
 	genHostName := os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME")
 	if genHostName != "" {
 		// We've got to generate the certificate with the hostname given
 		if err == nil {
 			log.Printf("Replacing existing keystore %s - generating new certificate", ks)
 		}
 		// Keystore doesn't exist so create it and populate a certificate
 		newKS := keystore.NewPKCS12KeyStore(ks, p12TrustStore.Password)
 		err = newKS.Create()
 		if err != nil {
 			return "", fmt.Errorf("Failed to create keystore %s: %v", ks, err)
 		}
 		err = newKS.CreateSelfSignedCertificate("default", fmt.Sprintf("CN=%s", genHostName), genHostName)
 		if err != nil {
 			return "", fmt.Errorf("Failed to generate certificate in keystore %s with DN of 'CN=%s': %v", ks, genHostName, err)
 		}
 	} else {
 		// Keystore should already exist
 		if err != nil {
 			return "", fmt.Errorf("Failed to find existing keystore %s: %v", ks, err)
 		}
 	}
 	// Check truststore exists
 	_, err = os.Stat(p12TrustStore.Keystore.Filename)
 	if err != nil {
 		return "", fmt.Errorf("Failed to find existing truststore %s: %v", p12TrustStore.Keystore.Filename, err)
 	}
 	return webKeyStoreName, nil
 }
--- a/cmd/runmqserver/webserver.go
+++ b/cmd/runmqserver/webserver.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,19 +19,15 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"syscall"
 	"github.com/ibm-messaging/mq-container/internal/command"
 	"github.com/ibm-messaging/mq-container/internal/copy"
 	"github.com/ibm-messaging/mq-container/internal/mqtemplate"
 	"github.com/ibm-messaging/mq-container/internal/tls"
 )
-func startWebServer(keystore, keystorepw string) error {
+func startWebServer(webKeystore, webkeystorePW, webTruststoreRef string) error {
 	_, err := os.Stat("/opt/mqm/bin/strmqweb")
 	if err != nil && os.IsNotExist(err) {
 		log.Debug("Skipping web server, because it's not installed")
@@ -50,29 +46,13 @@ func startWebServer(keystore, keystorepw string) error {
 	}
 	// TLS enabled
-	if keystore != "" {
+	if webKeystore != "" {
-		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTORE="+keystore)
+		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTORE="+webKeystore)
-		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTOREPW="+keystorepw)
+		cmd.Env = append(cmd.Env, "AMQ_WEBKEYSTOREPW="+webkeystorePW)
 		cmd.Env = append(cmd.Env, "AMQ_WEBTRUSTSTOREREF="+webTruststoreRef)
 	}
-
+	out, err := cmd.CombinedOutput()
-	uid, gid, err := command.LookupMQM()
+	rc := cmd.ProcessState.ExitCode()
 	if err != nil {
 		return err
 	}
 	u, err := user.Current()
 	if err != nil {
 		return err
 	}
 	currentUID, err := strconv.Atoi(u.Uid)
 	if err != nil {
 		return fmt.Errorf("Error converting UID to string: %v", err)
 	}
 	// Add credentials to run as 'mqm', only if we aren't already 'mqm'
 	if currentUID != uid {
 		cmd.SysProcAttr = &syscall.SysProcAttr{}
 		cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
 	}
 	out, rc, err := command.RunCmd(cmd)
 	if err != nil {
 		log.Printf("Error %v starting web server: %v", rc, string(out))
 		return err
@@ -81,10 +61,9 @@ func startWebServer(keystore, keystorepw string) error {
 	return nil
 }
-func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
+func configureSSO(p12TrustStore tls.KeyStoreData, webKeystore string) (string, error) {
 	// Ensure all required environment variables are set for SSO
 	requiredEnvVars := []string{
 		"MQ_WEB_ADMIN_USERS",
 		"MQ_OIDC_CLIENT_ID",
 		"MQ_OIDC_CLIENT_SECRET",
 		"MQ_OIDC_UNIQUE_USER_IDENTIFIER",
@@ -117,46 +96,49 @@ func configureSSO(p12TrustStore tls.KeyStoreData) (string, error) {
 	}
 	// Configure SSO TLS
-	return configureSSOTLS(p12TrustStore)
+	return tls.ConfigureWebKeystore(p12TrustStore, webKeystore)
 }
-func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, error) {
+func configureWebServer(keyLabel string, p12Truststore tls.KeyStoreData) (string, error) {
-	var keystore string
+	var webKeystore string
 	// Configure TLS for Web Console first if we have a certificate to use
-	err := configureWebTLS(keyLabel)
+	err := tls.ConfigureWebTLS(keyLabel)
 	if err != nil {
-		return keystore, err
+		return "", err
 	}
 	if keyLabel != "" {
-		keystore = keyLabel + ".p12"
+		webKeystore = keyLabel + ".p12"
 	}
 	// Configure Single-Sign-On for the web server (if enabled)
 	enableSSO := os.Getenv("MQ_BETA_ENABLE_SSO")
 	if enableSSO == "true" || enableSSO == "1" {
-		keystore, err = configureSSO(p12Trust)
+		webKeystore, err = configureSSO(p12Truststore, webKeystore)
 		if err != nil {
-			return keystore, err
+			return "", err
 		}
 	} else if keyLabel == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") != "" {
 		webKeystore, err = tls.ConfigureWebKeystore(p12Truststore, webKeystore)
 		if err != nil {
 			return "", err
 		}
 	}
 	_, err = os.Stat("/opt/mqm/bin/strmqweb")
 	if err != nil {
 		if os.IsNotExist(err) {
-			return keystore, nil
+			return "", nil
 		}
-		return keystore, err
+		return "", err
 	}
 	const webConfigDir string = "/etc/mqm/web"
 	_, err = os.Stat(webConfigDir)
 	if err != nil {
 		if os.IsNotExist(err) {
-			return keystore, nil
+			return "", nil
 		}
-		return keystore, err
+		return "", err
 	}
 	uid, gid, err := command.LookupMQM()
 	if err != nil {
 		return keystore, err
 	}
 	const prefix string = "/etc/mqm/web"
 	err = filepath.Walk(prefix, func(from string, info os.FileInfo, err error) error {
@@ -194,11 +176,8 @@ func configureWebServer(keyLabel string, p12Trust tls.KeyStoreData) (string, err
 				return err
 			}
 		}
 		err = os.Chown(to, uid, gid)
 		if err != nil {
 			return err
 		}
 		return nil
 	})
-	return keystore, err
+
 	return webKeystore, err
 }
--- a/docker-builds/skopeo/Dockerfile
+++ b/docker-builds/skopeo/Dockerfile
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2015, 2017
+# © Copyright IBM Corporation 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM mqadvanced
+FROM fedora:32
-RUN useradd alice -G mqm && \
+RUN yum install skopeo -y -qq
-    echo alice:passw0rd | chpasswd
+ENTRYPOINT [ "skopeo" ]
 COPY *.mqsc /etc/mqm/
--- a/docs/building.md
+++ b/docs/building.md
@@ -4,26 +4,23 @@
 You need to have the following tools installed:
-* [Docker](https://www.docker.com/) V17.06.1 or later
+* [Docker](https://www.docker.com/) V17.06.1 or later, or [Podman](https://podman.io) V1.0 or later
 * [GNU make](https://www.gnu.org/software/make/)
 If you are working in the Windows Subsystem for Linux, follow [this guide by Microsoft to set up Docker](https://blogs.msdn.microsoft.com/commandline/2017/12/08/cross-post-wsl-interoperability-with-docker/) first.
 You will also need a [Red Hat Account](https://access.redhat.com) to be able to access the Red Hat Registry. 
 ## Building a production image
 This procedure works for building the MQ Continuous Delivery release, on `amd64`, `ppc64le` and `s390x` architectures.
 1. Create a `downloads` directory in the root of this repository
-2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.3_LINUX_X86-64.tar.gz`) in the `downloads` directory
+2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.2.0_LINUX_X86-64_NOINST.tar.gz`) in the `downloads` directory
-3. Run `make build-advancedserver`
+3. Login to the Red Hat Registry: `docker login registry.redhat.io` using your Customer Portal credentials.
 4. Run `make build-advancedserver`
-> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server.  The MQ container build uses a Red Hat Universal Base Image, so you need the "MQ for Linux" RPM files.
+> **Warning**: Note that from MQ 9.2.X, the MQ container build uses a 'No-Install' MQ Package, available under `IBM MQ V9.2.x Continuous Delivery Release components eAssembly, part no. CJ7CNML`
 You can build a different version of MQ by setting the `MQ_VERSION` environment variable, for example:
 ```bash
 MQ_VERSION=9.1.0.0 make build-advancedserver
 ```
 If you have an MQ archive file with a different file name, you can specify a particular file (which must be in the `downloads` directory).  You should also specify the MQ version, so that the resulting image is tagged correctly, for example:
@@ -32,15 +29,12 @@ MQ_ARCHIVE=mq-1.2.3.4.tar.gz MQ_VERSION=1.2.3.4 make build-advancedserver
 ```
 ## Building a developer image
 Login to the Red Hat Registry: `docker login registry.redhat.io` using your Customer Portal credentials.
 Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks.  This is currently only available on the `amd64` architecture.
 You can use the environment variable `MQ_ARCHIVE_DEV` to specify an alternative local file to install from (which must be in the `downloads` directory).
 ## Building from a Red Hat Enterprise Linux host
 Red Hat Enterprise Linux (RHEL) offers a suite of container tools, including Buildah for building container images, and Podman for running containers.  Buildah can accept input described in a [Dockerfile](https://docs.docker.com/engine/reference/builder/).  This MQ sample uses a multi-stage build, which requires a recent version of Podman, which is not yet available in Red Hat Enterprise Linux V7.  Therefore, if you are on a RHEL host, then the `build-devserver` and `build-advancedserver` targets are run using a more recent version of Buildah from inside a container.
 The containerized build process on a RHEL host will write an OCI compliant archive file to `/tmp/mq-buildah`.  If a version of Docker is installed on the host, it will also push the image into Docker's internal image registry.
 ## Installed components
-This image includes the core MQ server, Java, language packs, GSKit, and web server.  This can be configured by setting the `MQ_PACKAGES` argument to `make`.
+This image includes the core MQ server, Java, language packs, GSKit, and web server.  This is configured in the `Generate MQ package in INSTALLATION_DIR` section [here](../install-mq.sh), with the configured options being picked up at build time.
--- a/docs/developer-config.md
+++ b/docs/developer-config.md
@@ -9,14 +9,12 @@ The MQ Developer Defaults supports some customization options, these are all con
 * **MQ_DEV** - Set this to `false` to stop the default objects being created.
 * **MQ_ADMIN_PASSWORD** - Changes the password of the `admin` user. Must be at least 8 characters long.
 * **MQ_APP_PASSWORD** - Changes the password of the app user. If set, this will cause the `DEV.APP.SVRCONN` channel to become secured and only allow connections that supply a valid userid and password. Must be at least 8 characters long.
 * **MQ_TLS_KEYSTORE** - **DEPRECATED**. See section `Supplying TLS certificates` in [usage document](usage.md).  Allows you to supply the location of a PKCS#12 keystore containing a single certificate which you want to use in both the web console and the queue manager. Requires `MQ_TLS_PASSPHRASE`. When enabled the channels created will be secured using the `TLS_RSA_WITH_AES_128_CBC_SHA256` CipherSpec. *Note*: you will need to make the keystore available inside your container, this can be done by mounting a volume to your container.
 * **MQ_TLS_PASSPHRASE** - **DEPRECATED**. See section `Supplying TLS certificates` in [usage document](usage.md). Passphrase for the keystore referenced in `MQ_TLS_KEYSTORE`.
 ## Details of the default configuration
 The following users are created:
-* User **admin** for administration (in the `mqm` group).  Default password is **passw0rd**.
+* User **admin** for administration.  Default password is **passw0rd**.
 * User **app** for messaging (in a group called `mqclient`).  No password by default.
 Users in `mqclient` group have been given access connect to all queues and topics starting with `DEV.**` and have `put`, `get`, `pub`, `sub`, `browse` and `inq` permissions.
@@ -34,11 +32,6 @@ Two channels are created, one for administration, the other for normal messaging
 * DEV.ADMIN.SVRCONN - configured to only allow the `admin` user to connect into it.  A user and password must be supplied.
 * DEV.APP.SVRCONN - does not allow administrative users to connect.  Password is optional unless you choose a password for app users.
 A new listener is created (the SYSTEM listener is fine, but system objects are not shown by default in the web console):
 * DEV.LISTENER.TCP - listens on port 1414.
 ## Web Console
 By default the MQ Advanced for Developers image will start the IBM MQ Web Console that allows you to administer your Queue Manager running on your container. When the web console has been started, you can access it by opening a web browser and navigating to https://<Container IP>:9443/ibmmq/console. Where <Container IP> is replaced by the IP address of your running container.
@@ -50,6 +43,6 @@ If you choose to accept the security warning, you will be presented with the log
 * **User:** admin
 * **Password:** passw0rd
-If you wish to change the password for the admin user, this can be done using the `MQ_ADMIN_PASSWORD` environment variable. If you supply a PKCS#12 keystore using the `MQ_TLS_KEYSTORE` environment variable, then the web console will be configured to use the certificate inside the keystore for HTTPS operations.
+If you wish to change the password for the admin user, this can be done using the `MQ_ADMIN_PASSWORD` environment variable.
 If you do not wish the web console to run, you can disable it by setting the environment variable `MQ_ENABLE_EMBEDDED_WEB_SERVER` to `false`.
--- a/docs/pluggable-connauth.md
+++ b/docs/pluggable-connauth.md
@@ -0,0 +1,29 @@
 ### Queue Manager Connection Authentication using a htpasswd file
 This pluggable authentication mode is to allow developers using the mq-container developer image to define users and their credentials into a .htpasswd file.  This is in addition to the existing methods of MQ Connection Authentication (`CONNAUTH`) using Operating System or LDAP users.
 **Please note:**
 1. This new feature is enabled only when environment variable `--env MQ_CONNAUTH_USE_HTP=true` is set while creating a container.
 2. When enabled, the `AuthType` value of the ConnectionAuthentication (`CONNAUTH`) is ignored and htpasswd mode is used. However, the MQ authority records created using (`SETMQAUT` or `AUTHREC`) will be in effect while using the htpasswd mode.
 3. Channel Authentication records (`CHLAUTH`) will be in effect while using the htpasswd mode.
 4. Passwords should be encrypted using bcrypt (golang.org/x/crypto/bcrypt).
 5. This is developer only feature and not recommended for use in Production.
 ### Preparing htpasswd file
 1. A default `mq.htpasswd` file is provided and placed under /etc/mqm/ directory inside the container.
 2. You can set the password for user `admin` by setting the environment variable `MQ_ADMIN_PASSWORD`.
 3. You can add user `app` into mq.htpasswd file by setting the environment variable `MQ_APP_PASSWORD`. This user `app` can be used to access `DEV.*` objects of the queue manager.
 #### Next Steps:
 Use an administrative tool or your application to connect to queue manager using the credentials defined in the mq.htpasswd file.  
 **Please note**: When an authentication request is made with a userid that is not defined in the `mq.htpasswd` file, then the authentication process is delegated to queue manager to handle. This will then use `IDPWOS` or `LDAP` modes for further processing.
 #### Troubleshooting
 A log file named `amqpasdev.log` is generated under `/var/mqm/errors` directory path of the container.  This file will contain all the failed connection authentication requests.
 **Please note**: This log file is based on circular logging and the maximum size is restricted to 1MB.
--- a/docs/security.md
+++ b/docs/security.md
@@ -4,7 +4,7 @@
 ### User
-The MQ server image is run using the "mqm" user, with a fixed UID and GID of 888.
+The MQ server image is run using with UID 1001, though this can be any UID, with a fixed GID of 0 (root).
 ### Capabilities
@@ -16,7 +16,7 @@ docker run \
  --env LICENSE=accept \
  --env MQ_QMGR_NAME=QM1 \
  --detach \
-  mqadvanced-server:9.1.3.0-amd64
+  ibm-mqadvanced-server:9.2.0.0-amd64
 ```
 The MQ Advanced for Developers image does require the "chown", "setuid", "setgid" and "audit_write" capabilities (plus "dac_override" if you're using an image based on Red Hat Enterprise Linux).  This is because it uses the "sudo" command to change passwords inside the container.  For example, in Docker, you could do the following:
@@ -31,9 +31,5 @@ docker run \
  --env LICENSE=accept \
  --env MQ_QMGR_NAME=QM1 \
  --detach \
-  mqadvanced-server-dev:9.1.3.0-amd64
+  ibm-mqadvanced-server-dev:9.2.0.0-amd64
 ```
 ### SELinux
 The SELinux label "spc_t" (super-privileged container) is needed to run the MQ container on a host with SELinux enabled.  This is due to a current limitation in how MQ data is stored on volumes, which violates the usual policy applied when using the standard "container_t" label.
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -14,29 +14,30 @@ There are two main sets of tests:
 2. Docker tests, which test a complete Docker image, using the Docker API
 ### Running the Docker tests
-The Docker tests can be run locally on a machine with Docker.  For example:
+ 
 The Docker tests can be run locally on a machine with Docker. For example:
 ```
-make test-devserver
+make devserver
-make test-advancedserver
+make advancedserver
 ```
 You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example:
 ```
-MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.3.0-amd64 make test-advancedserver
+MQ_IMAGE_ADVANCEDSERVER=ibm-mqadvanced-server:9.2.0.0-amd64 make test-advancedserver
 ```
-You can pass parameters to `go test` with an environment variable.  For example, to run the "TestGoldenPath" test, run the following command::
+You can pass parameters to `go test` with an environment variable.  For example, to run the "TestGoldenPath" test, run the following command:
 ```
 TEST_OPTS_DOCKER="-run TestGoldenPath" make test-advancedserver
 ```
-You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.1.3.0-amd64`:
+You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `ibm-mqadvanced-server:9.2.0.0-amd64`:
 ```
-MQ_VERSION=9.1.3.0 make test-advancedserver
+MQ_VERSION=9.2.0.0 make test-advancedserver
 ```
 ### Running the Docker tests with code coverage
@@ -48,12 +49,3 @@ make test-advancedserver-cover
 ```
 In order to generate code coverage metrics from the Docker tests, the build step creates a new Docker image with an instrumented version of the code.  Each test is then run individually, producing a coverage report each under `test/docker/coverage/`.  These individual reports are then combined.  The combined report is written to the `coverage` directory.
 ### Running the Kubernetes tests
 For the Kubernetes tests, you need to have built the Docker image, and pushed it to the registry used by your Kubernetes cluster.  Most of the configuration used by the tests is picked up from your `kubectl` configuration, but you will typically need to specify the image details.  For example:
 ```bash
 MQ_IMAGE=mycluster.icp:8500/default/mq-devserver make test-kubernetes-devserver
 ```
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -2,6 +2,8 @@
 In order to use the image, it is necessary to accept the terms of the IBM MQ license.  This is achieved by specifying the environment variable `LICENSE` equal to `accept` when running the image.  You can also view the license terms by setting this variable to `view`. Failure to set the variable will result in the termination of the container with a usage statement.  You can view the license in a different language by also setting the `LANG` environment variable.
 > **Note**: You can use `podman` instead of `docker` in any of the examples on this page.
 ## Running with the default configuration
 You can run a queue manager with the default configuration and a listener on port 1414 using the following command.  For example, the following command creates and starts a queue manager called `QM1`, and maps port 1414 on the host to the MQ listener on port 1414 inside the container, as well as port 9443 on the host to the web console on port 9443 inside the container:
@@ -58,23 +60,18 @@ You can customize the configuration in several ways:
 1. For getting started, you can use the [default developer configuration](developer-config.md), which is available out-of-the-box for the MQ Advanced for Developers image
 2. By creating your own image and adding your own MQSC file into the `/etc/mqm` directory on the image.  This file will be run when your queue manager is created.
-3. By using [remote MQ administration](https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.1.0/com.ibm.mq.adm.doc/q021090_.htm), via an MQ command server, the MQ HTTP APIs, or using a tool such as the MQ web console or MQ Explorer.
+3. By using [remote MQ administration](https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.2.0/com.ibm.mq.adm.doc/q021090_.htm), via an MQ command server, the MQ HTTP APIs, or using a tool such as the MQ web console or MQ Explorer.
 Note that a listener is always created on port 1414 inside the container.  This port can be mapped to any port on the Docker host.
-The following is an *example* `Dockerfile` for creating your own pre-configured image, which adds a custom MQ configuration file, and an administrative user `alice`.  Note that it is not normally recommended to include passwords in this way:
+The following is an *example* `Dockerfile` for creating your own pre-configured image, which adds a custom MQ configuration file:
 ```dockerfile
 FROM ibmcom/mq
-USER root
+USER 1001
 RUN useradd alice -G mqm && \
    echo alice:passw0rd | chpasswd
 USER mqm
 COPY 20-config.mqsc /etc/mqm/
 ```
 The `USER` instructions are necessary to ensure that the `useradd` and `chpasswd` commands are run as the root user.
 Here is an example corresponding `20-config.mqsc` script, which creates two local queues:
 ```mqsc
--- a/etc/mqm/15-tls.mqsc.tpl
+++ b/etc/mqm/15-tls.mqsc.tpl
@@ -16,4 +16,4 @@
 * Set the keystore location for the queue manager
 ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
 ALTER QMGR CERTLABL('{{ .CertificateLabel }}')
-
+REFRESH SECURITY(*) TYPE(SSL)
--- a/etc/mqm/mq.htpasswd
+++ b/etc/mqm/mq.htpasswd
@@ -0,0 +1,2 @@
 admin:$2y$05$M/C1U62RZ6q1kv4E7.S7ueNESJmFe85RsZcoMUReRXUDB8QcP3yqS
 app:$2y$05$BnbPtcjXTjk5JRJ8gzHqIuHgoQbLF3qtbPV3Q3tLyr0XJNg.7dkxW
--- a/etc/mqm/qm-service-component.ini
+++ b/etc/mqm/qm-service-component.ini
@@ -0,0 +1,11 @@
 ServiceComponent:
    Service=AuthorizationService
    Name=Dev.HtpAuth.Service
    Module=/opt/mqm/lib64/amqpasdev.so
    ComponentDataSize=0
 ServiceComponent:
   Service=AuthorizationService
   Name=MQSeries.UNIX.auth.service
   Module=amqzfu
   ComponentDataSize=0
--- a/glide.lock
+++ b/glide.lock
@@ -1,57 +0,0 @@
 hash: 6ebd5fb1c39729378c7256da6f312e9699bff1ddff9941d3c8c1ba785e22acfd
 updated: 2019-05-21T10:38:01.227081+01:00
 imports:
 - name: github.com/beorn7/perks
  version: 3a771d992973f24aa725d07868b467d1ddfceafb
  subpackages:
  - quantile
 - name: github.com/genuinetools/amicontained
  version: fcae88544f0212fbb1e20699c41566655b68679b
  subpackages:
  - container
 - name: github.com/golang/protobuf
  version: 70b3af33377e7aa25ae42977bed93cc6b90f0373
  subpackages:
  - proto
 - name: github.com/ibm-messaging/mq-golang
  version: 1b2a2ad95ba3c555944be28097d392c27bda4071
  subpackages:
  - ibmmq
  - mqmetric
 - name: github.com/matttproud/golang_protobuf_extensions
  version: c12348ce28de40eed0136aa2b644d0ee0650e56c
  subpackages:
  - pbutil
 - name: github.com/prometheus/client_golang
  version: c5b7fccd204277076155f10851dad72b76a49317
  subpackages:
  - prometheus
 - name: github.com/prometheus/client_model
  version: 5c3871d89910bfb32f5fcab2aa4b9ec68e65a99f
  subpackages:
  - go
 - name: github.com/prometheus/common
  version: 7600349dcfe1abd18d72d3a1770870d9800a7801
  subpackages:
  - expfmt
  - internal/bitbucket.org/ww/goautoneg
  - model
 - name: github.com/prometheus/procfs
  version: ae68e2d4c00fed4943b5f6698d504a5fe083da8a
  subpackages:
  - internal/util
  - nfs
  - xfs
 - name: github.com/syndtr/gocapability
  version: 33e07d32887e1e06b7c025f27ce52f62c7990bc0
  subpackages:
  - capability
 - name: golang.org/x/sys
  version: 1b2967e3c290b7c545b3db0deeda16e9be4f98a2
  subpackages:
  - unix
 - name: software.sslmate.com/src/go-pkcs12
  version: 6e380ad96778cc63c6ea17649a9b74224bceafe9
  subpackages:
  - internal/rc2
 testImports: []
--- a/glide.yaml
+++ b/glide.yaml
@@ -1,30 +0,0 @@
 # © Copyright IBM Corporation 2017, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 package: github.com/ibm-messaging/mq-container
 license: Apache-2.0
 excludeDirs:
 - build
 - coverage
 - test
 import:
 - package: golang.org/x/sys/unix
 - package: github.com/prometheus/client_golang
  version: 0.8.0
 - package: github.com/ibm-messaging/mq-golang
  version: 2.0.0
 - package: github.com/genuinetools/amicontained
  version: 0.4.0
 - package: software.sslmate.com/src/go-pkcs12
  commit: 6e380ad96778cc63c6ea17649a9b74224bceafe9
--- a/incubating/mq-explorer/Dockerfile
+++ b/incubating/mq-explorer/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM registry.access.redhat.com/ubi7/ubi-minimal AS mq-explorer
+FROM registry.redhat.io/ubi8/ubi-minimal AS mq-explorer
 # The URL to download the MQ installer from in tar.gz format
 ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz"
@@ -22,7 +22,7 @@ ENV MQ_PACKAGES="MQSeriesRuntime*.rpm MQSeriesJRE*.rpm MQSeriesExplorer*.rpm"
 ARG MQM_UID=888
-RUN microdnf install -y --nodocs gtk2 libXtst \
+RUN microdnf install -y gtk2 libXtst \
  && microdnf clean all
 ADD install-mq.sh /usr/local/bin/
--- a/incubating/mq-sdk/Dockerfile
+++ b/incubating/mq-sdk/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM registry.access.redhat.com/rhscl/devtoolset-7-toolchain-rhel7 AS mq-sdk
+FROM registry.redhat.io/rhel8/llvm-toolset:8.0.1-10  AS mq-sdk
 #FROM docker.io/centos/devtoolset-7-toolchain-centos7 AS mq-sdk
 # The URL to download the MQ installer from in tar.gz format
--- a/incubating/mqadvanced-server-dev/10-dev.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/10-dev.mqsc.tpl
@@ -13,9 +13,6 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 STOP LISTENER('SYSTEM.LISTENER.TCP.1') IGNSTATE(YES)
 ALTER LISTENER('SYSTEM.LISTENER.TCP.1') TRPTYPE(TCP) CONTROL(MANUAL)
 * Developer queues
 DEFINE QLOCAL('DEV.QUEUE.1') REPLACE
 DEFINE QLOCAL('DEV.QUEUE.2') REPLACE
@@ -43,12 +40,9 @@ SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('Back-sto
 SET CHLAUTH('DEV.APP.SVRCONN') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT({{ .ChckClnt }}) DESCR('Allows connection via APP channel') ACTION(REPLACE)
 SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allows admins on ADMIN channel') ACTION(REPLACE)
 SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(USERMAP) CLNTUSER('admin') USERSRC(CHANNEL) DESCR('Allows admin user to connect via ADMIN channel') ACTION(REPLACE)
 SET CHLAUTH('DEV.ADMIN.SVRCONN') TYPE(USERMAP) CLNTUSER('admin') USERSRC(MAP) MCAUSER ('mqm') DESCR ('Allow admin as MQ-admin') ACTION(REPLACE)
 * Developer authority records
-SET AUTHREC GROUP('mqclient') OBJTYPE(QMGR) AUTHADD(CONNECT,INQ)
+SET AUTHREC PRINCIPAL('app') OBJTYPE(QMGR) AUTHADD(CONNECT,INQ)
-SET AUTHREC PROFILE('DEV.**') GROUP('mqclient') OBJTYPE(QUEUE) AUTHADD(BROWSE,GET,INQ,PUT)
+SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(QUEUE) AUTHADD(BROWSE,GET,INQ,PUT)
-SET AUTHREC PROFILE('DEV.**') GROUP('mqclient') OBJTYPE(TOPIC) AUTHADD(PUB,SUB)
+SET AUTHREC PROFILE('DEV.**') PRINCIPAL('app') OBJTYPE(TOPIC) AUTHADD(PUB,SUB)
 * Developer listener
 DEFINE LISTENER('DEV.LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) REPLACE
 START LISTENER('DEV.LISTENER.TCP') IGNSTATE(YES)
--- a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -14,5 +14,5 @@
 * limitations under the License.
 * Set the cipherspec for dev channels
-ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
-ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
--- a/incubating/mqadvanced-server-dev/install-extra-packages.sh
+++ b/incubating/mqadvanced-server-dev/install-extra-packages.sh
@@ -15,6 +15,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Fail on any non-zero return code
 set -ex
 test -f /usr/bin/yum && YUM=true || YUM=false
 test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false
 test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false
@@ -33,6 +36,6 @@ if ($YUM); then
 fi
 if ($MICRODNF); then
-    microdnf install --nodocs sudo
+    microdnf install sudo
    microdnf clean all
 fi
--- a/install-build-deps-ubuntu.sh
+++ b/install-build-deps-ubuntu.sh
@@ -19,8 +19,8 @@
 set -ex
-curl https://glide.sh/get | sh
+sudo curl -Lo /usr/local/bin/dep https://github.com/golang/dep/releases/download/v0.5.1/dep-linux-$ARCH
 sudo curl -Lo /usr/local/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64
 sudo chmod +x /usr/local/bin/dep
 go get -u golang.org/x/lint/golint
 curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $GOPATH/bin 2.0.0 || echo "Gosec not installed. Platform may not be supported."
--- a/install-mq-server-prereqs.sh
+++ b/install-mq-server-prereqs.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # -*- mode: sh -*-
-# © Copyright IBM Corporation 2015, 2019
+# © Copyright IBM Corporation 2015, 2020
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -63,10 +63,10 @@ if ($UBUNTU); then
 fi
 if ($RPM); then
-  EXTRA_RPMS="bash bc ca-certificates coreutils file findutils gawk glibc-common grep passwd procps-ng sed shadow-utils tar util-linux which"
+  EXTRA_RPMS="bash bc ca-certificates file findutils gawk glibc-common grep ncurses-compat-libs passwd procps-ng sed shadow-utils tar util-linux which"
  # Install additional packages required by MQ, this install process and the runtime scripts
  $YUM && yum -y install --setopt install_weak_deps=false ${EXTRA_RPMS}
-  $MICRODNF && microdnf install --nodocs ${EXTRA_RPMS}
+  $MICRODNF && microdnf install ${EXTRA_RPMS}
 fi
 # Apply any bug fixes not included in base Ubuntu or MQ image.
--- a/install-mq.sh
+++ b/install-mq.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # -*- mode: sh -*-
-# © Copyright IBM Corporation 2015, 2019
+# © Copyright IBM Corporation 2015, 2020
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,74 +18,70 @@
 # Fail on any non-zero return code
 set -ex
 mqm_uid=${1:-888}
 test -f /usr/bin/yum && YUM=true || YUM=false
 test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false
 test -f /usr/bin/rpm && RPM=true || RPM=false
 test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false
-# Download and extract the MQ installation files
+# Only install the SDK package as part of the build stage
-DIR_EXTRACT=/tmp/mq
+INSTALL_SDK=${INSTALL_SDK:-0}
-mkdir -p ${DIR_EXTRACT}
+
-cd ${DIR_EXTRACT}
+# Download and extract the MQ unzippable server
 DIR_TMP=/tmp/mq
 mkdir -p ${DIR_TMP}
 cd ${DIR_TMP}
 curl -LO $MQ_URL
 tar -zxf ./*.tar.gz
-# Recommended: Create the mqm user ID with a fixed UID and group, so that the file permissions work between different images
+tar -xzf ./*.tar.gz
-groupadd --system --gid ${mqm_uid} mqm
+rm -f ./*.tar.gz
-useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm
+ls -la ${DIR_TMP}
-# Find directory containing .deb files
+# Generate MQ package in INSTALLATION_DIR
-$UBUNTU && DIR_DEB=$(find ${DIR_EXTRACT} -name "*.deb" -printf "%h\n" | sort -u | head -1)
+export genmqpkg_inc32=0
-$RPM && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
+export genmqpkg_incadm=1
-# Find location of mqlicense.sh
+export genmqpkg_incamqp=0
-MQLICENSE=$(find ${DIR_EXTRACT} -name "mqlicense.sh")
+export genmqpkg_incams=1
 export genmqpkg_inccbl=0
 export genmqpkg_inccics=0
 export genmqpkg_inccpp=0
 export genmqpkg_incdnet=0
 export genmqpkg_incjava=1
 export genmqpkg_incjre=1
 export genmqpkg_incman=0
 export genmqpkg_incmqbc=0
 export genmqpkg_incmqft=0
 export genmqpkg_incmqsf=0
 export genmqpkg_incmqxr=0
 export genmqpkg_incnls=1
 export genmqpkg_incras=1
 export genmqpkg_incsamp=1
 export genmqpkg_incsdk=$INSTALL_SDK
 export genmqpkg_inctls=1
 export genmqpkg_incunthrd=0
 export genmqpkg_incweb=1
 export INSTALLATION_DIR=/opt/mqm
 ${DIR_TMP}/bin/genmqpkg.sh -b ${INSTALLATION_DIR}
 ls -la ${INSTALLATION_DIR}
 rm -rf ${DIR_TMP}
 # Accept the MQ license
-${MQLICENSE} -text_only -accept
+${INSTALLATION_DIR}/bin/mqlicense -accept
 $UBUNTU && echo "deb [trusted=yes] file:${DIR_DEB} ./" > /etc/apt/sources.list.d/IBM_MQ.list
 # Install MQ using the DEB packages
 $UBUNTU && apt-get update
 $UBUNTU && apt-get install -y $MQ_PACKAGES
 $RPM && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES
 # Remove 32-bit libraries from 64-bit container
 # The "file" utility isn't installed by default in UBI, so only try this if it's installed
 which file && find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 # Remove tar.gz files unpacked by RPM postinst scripts
 find /opt/mqm -name '*.tar.gz' -delete
 # Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
 /opt/mqm/bin/setmqinst -p /opt/mqm -i
 # Clean up all the downloaded files
 $UBUNTU && rm -f /etc/apt/sources.list.d/IBM_MQ.list
 rm -rf ${DIR_EXTRACT}
 # Optional: Update the command prompt with the MQ version
 $UBUNTU && echo "mq:$(dspmqver -b -f 2)" > /etc/debian_chroot
 # Remove the directory structure under /var/mqm which was created by the installer
 rm -rf /var/mqm
 # Create the mount point for volumes, ensuring MQ has permissions to all directories
-install --directory --mode 0775 --owner mqm --group root /mnt
+install --directory --mode 2775 --owner 1001 --group root /mnt
-install --directory --mode 0775 --owner mqm --group root /mnt/mqm
+install --directory --mode 2775 --owner 1001 --group root /mnt/mqm
-install --directory --mode 0775 --owner mqm --group root /mnt/mqm/data
+install --directory --mode 2775 --owner 1001 --group root /mnt/mqm/data
-install --directory --mode 0775 --owner mqm --group root /mnt/mqm-log
+install --directory --mode 2775 --owner 1001 --group root /mnt/mqm-log
-install --directory --mode 0775 --owner mqm --group root /mnt/mqm-log/log
+install --directory --mode 2775 --owner 1001 --group root /mnt/mqm-log/log
-install --directory --mode 0775 --owner mqm --group root /mnt/mqm-data
+install --directory --mode 2775 --owner 1001 --group root /mnt/mqm-data
-install --directory --mode 0775 --owner mqm --group root /mnt/mqm-data/qmgrs
+install --directory --mode 2775 --owner 1001 --group root /mnt/mqm-data/qmgrs
 # Create the directory for MQ configuration files
-install --directory --mode 0775 --owner mqm --group root /etc/mqm
+install --directory --mode 2775 --owner 1001 --group root /etc/mqm
 # Create the directory for MQ runtime files
-install --directory --mode 0775 --owner mqm --group root /run/mqm
+install --directory --mode 2775 --owner 1001 --group root /run/mqm
 # Create a symlink for /var/mqm -> /mnt/mqm/data
 ln -s /mnt/mqm/data /var/mqm
@@ -94,7 +90,7 @@ ln -s /mnt/mqm/data /var/mqm
 sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
 sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs
 sed -i 's/PASS_MIN_LEN\t5/PASS_MIN_LEN\t8/' /etc/login.defs
-sed -i 's/# minlen = 9/minlen = 8/' /etc/security/pwquality.conf
+$RPM && sed -i 's/# minlen/minlen/' /etc/security/pwquality.conf
 $UBUNTU && PAM_FILE=/etc/pam.d/common-password
 $RPM && PAM_FILE=/etc/pam.d/password-auth
@@ -104,6 +100,9 @@ sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/pa
 $RPM && rpm -q --all || true
 $UBUNTU && dpkg --list || true
 #Update the license file to include UBI 8 instead of UBI 7
 sed -i 's/v7.0/v8.0/g' /opt/mqm/licenses/non_ibm_license.txt
 # Copy MQ Licenses into the correct location
 mkdir -p /licenses
 cp /opt/mqm/licenses/*.txt /licenses/
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2018
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -20,69 +20,20 @@ package command
 import (
 	"fmt"
 	"os/exec"
 	"os/user"
 	"runtime"
 	"strconv"
 	"syscall"
 )
 // RunCmd runs an OS command.  On Linux it waits for the command to
 // complete and returns the exit status (return code).
 // Do not use this function to run shell built-ins (like "cd"), because
 // the error handling works differently
 func RunCmd(cmd *exec.Cmd) (string, int, error) {
 	// Run the command and wait for completion
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		// Assert that this is an ExitError
 		exiterr, ok := err.(*exec.ExitError)
 		// If the type assertion was correct, and we're on Linux
 		if ok && runtime.GOOS == "linux" {
 			status, ok := exiterr.Sys().(syscall.WaitStatus)
 			if ok {
 				return string(out), status.ExitStatus(), fmt.Errorf("%v: %v", cmd.Path, err)
 			}
 		}
 		return string(out), -1, err
 	}
 	return string(out), 0, nil
 }
 // Run runs an OS command.  On Linux it waits for the command to
 // complete and returns the exit status (return code).
 // Do not use this function to run shell built-ins (like "cd"), because
 // the error handling works differently
 func Run(name string, arg ...string) (string, int, error) {
-	// #nosec G204
+	// Run the command and wait for completion
 	return RunCmd(exec.Command(name, arg...))
 }
 // RunAsMQM runs the specified command as the mqm user
 func RunAsMQM(name string, arg ...string) (string, int, error) {
 	// #nosec G204
 	cmd := exec.Command(name, arg...)
-	cmd.SysProcAttr = &syscall.SysProcAttr{}
+	out, err := cmd.CombinedOutput()
-	uid, gid, err := LookupMQM()
+	rc := cmd.ProcessState.ExitCode()
 	if err != nil {
-		return "", 0, err
+		return string(out), rc, fmt.Errorf("%v: %v", cmd.Path, err)
 	}
-	cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(uid), Gid: uint32(gid)}
+	return string(out), rc, nil
 	return RunCmd(cmd)
 }
 // LookupMQM looks up the UID & GID of the mqm user
 func LookupMQM() (int, int, error) {
 	mqm, err := user.Lookup("mqm")
 	if err != nil {
 		return -1, -1, err
 	}
 	mqmUID, err := strconv.Atoi(mqm.Uid)
 	if err != nil {
 		return -1, -1, err
 	}
 	mqmGID, err := strconv.Atoi(mqm.Gid)
 	if err != nil {
 		return -1, -1, err
 	}
 	return mqmUID, mqmGID, nil
 }
--- a/internal/htpasswd/htpasswd.go
+++ b/internal/htpasswd/htpasswd.go
@@ -0,0 +1,153 @@
 /*
 © Copyright IBM Corporation 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 //This is a developer only configuration and not recommended for production usage.
 package htpasswd
 import (
 	"fmt"
 	"io/ioutil"
 	"strings"
 	"golang.org/x/crypto/bcrypt"
 )
 type mapHtPasswd map[string]string
 func encryptPassword(password string) (string, error) {
 	passwordBytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return "", err
 	}
 	return string(passwordBytes), nil
 }
 // SetPassword sets encrypted password for the user into htpasswd file
 func SetPassword(user string, password string, isTest bool) error {
 	if len(strings.TrimSpace(user)) == 0 || len(strings.TrimSpace(password)) == 0 {
 		return fmt.Errorf("UserId or Password are empty")
 	}
 	passwords := mapHtPasswd(map[string]string{})
 	// Read the password file
 	err := passwords.ReadHtPasswordFile(isTest)
 	if err != nil {
 		return err
 	}
 	pwd, err := encryptPassword(password)
 	if err != nil {
 		return err
 	}
 	// Set the new password
 	passwords[user] = pwd
 	// Update the password file
 	return passwords.updateHtPasswordFile(isTest)
 }
 // GetBytes return the Bytes representation of the htpassword file
 func (htpfile mapHtPasswd) GetBytes() (passwordBytes []byte) {
 	passwordBytes = []byte{}
 	for name, hash := range htpfile {
 		passwordBytes = append(passwordBytes, []byte(name+":"+hash+"\n")...)
 	}
 	return passwordBytes
 }
 // ReadHtPasswordFile parses the htpasswd file
 func (htpfile mapHtPasswd) ReadHtPasswordFile(isTest bool) error {
 	file := "/etc/mqm/mq.htpasswd"
 	if isTest {
 		file = "my.htpasswd"
 	}
 	pwdsBytes, err := ioutil.ReadFile(file)
 	if err != nil {
 		return err
 	}
 	lines := strings.Split(string(pwdsBytes), "\n")
 	for _, line := range lines {
 		line = strings.TrimSpace(line)
 		if len(line) == 0 {
 			continue
 		}
 		parts := strings.Split(line, ":")
 		if len(parts) != 2 {
 			continue
 		}
 		for i, part := range parts {
 			parts[i] = strings.TrimSpace(part)
 		}
 		htpfile[parts[0]] = parts[1]
 	}
 	return nil
 }
 func (htpfile mapHtPasswd) updateHtPasswordFile(isTest bool) error {
 	file := "/etc/mqm/mq.htpasswd"
 	if isTest {
 		file = "my.htpasswd"
 	}
 	return ioutil.WriteFile(file, htpfile.GetBytes(), 0660)
 }
 // AuthenticateUser verifies if the given user password match with htpasswrd
 func AuthenticateUser(user string, password string, isTest bool) (bool, bool, error) {
 	passwords := mapHtPasswd(map[string]string{})
 	if len(strings.TrimSpace(user)) == 0 || len(strings.TrimSpace(password)) == 0 {
 		return false, false, fmt.Errorf("UserId or Password are empty")
 	}
 	err := passwords.ReadHtPasswordFile(isTest)
 	if err != nil {
 		return false, false, err
 	}
 	ok := false
 	value, found := passwords[user]
 	if !found {
 		return found, ok, fmt.Errorf("User not found in the mq.htpasswd file")
 	}
 	err = bcrypt.CompareHashAndPassword([]byte(value), []byte(password))
 	return found, err == nil, err
 }
 // ValidateUser validates the given user
 func ValidateUser(user string, isTest bool) (bool, error) {
 	passwords := mapHtPasswd(map[string]string{})
 	if len(strings.TrimSpace(user)) == 0 {
 		return false, fmt.Errorf("Userid is empty for AuthenticateUser")
 	}
 	err := passwords.ReadHtPasswordFile(isTest)
 	if err != nil {
 		return false, err
 	}
 	_, found := passwords[strings.TrimSpace(user)]
 	return found, nil
 }
--- a/internal/htpasswd/htpasswd_test.go
+++ b/internal/htpasswd/htpasswd_test.go
@@ -0,0 +1,62 @@
 /*
 © Copyright IBM Corporation 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package htpasswd
 import (
 	"testing"
 )
 // TestCheckUser verifies Htpassword's use
 func TestCheckUser(t *testing.T) {
 	err := SetPassword("guest", "guestpw", true)
 	if err != nil {
 		t.Fatalf("htpassword test failed due to error:%s\n", err.Error())
 	}
 	found, ok, err := AuthenticateUser("guest", "guestpw", true)
 	if err != nil {
 		t.Fatalf("htpassword test1 failed as user could not be found:%s\n", err.Error())
 	}
 	if found == false || ok == false {
 		t.Fatalf("htpassword test1 failed as user could not be found:%v, ok:%v\n", found, ok)
 	}
 	found, ok, err = AuthenticateUser("myguest", "guestpw", true)
 	if err == nil {
 		t.Fatalf("htpassword test2 failed as no error received for non-existing user\n")
 	}
 	if found == true || ok == true {
 		t.Fatalf("htpassword test2 failed for non-existing user found :%v, ok:%v\n", found, ok)
 	}
 	found, ok, err = AuthenticateUser("guest", "guest", true)
 	if err == nil {
 		t.Fatalf("htpassword test3 failed as incorrect password of user did not return error\n")
 	}
 	if found == false || ok == true {
 		t.Fatalf("htpassword test3 failed for existing user with incorrect passwored found :%v, ok:%v\n", found, ok)
 	}
 	found, err = ValidateUser("guest", true)
 	if err != nil || found == false {
 		t.Fatalf("htpassword test4 failed as user could not be found:%v, ok:%v\n", found, ok)
 	}
 	found, err = ValidateUser("myguest", true)
 	if err != nil || found == true {
 		t.Fatalf("htpassword test5 failed as non-existing user returned to be found:%v, ok:%v\n", found, ok)
 	}
 }
--- a/internal/htpasswd/my.htpasswd
+++ b/internal/htpasswd/my.htpasswd
@@ -0,0 +1 @@
 guest:$2y$05$ifFP0nCmFed6.m4iB9CHRuHFps2YeeuwopmOvszWt0GRnN59p8qxW
--- a/internal/keystore/keystore.go
+++ b/internal/keystore/keystore.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -105,14 +105,6 @@ func (ks *KeyStore) Create() error {
 		return fmt.Errorf("error running \"%v -keydb -create\": %v %s", ks.command, err, out)
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		return err
 	}
 	err = os.Chown(ks.Filename, mqmUID, mqmGID)
 	if err != nil {
 		return err
 	}
 	return nil
 }
@@ -130,14 +122,6 @@ func (ks *KeyStore) CreateStash() error {
 		}
 		return err
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		return err
 	}
 	err = os.Chown(stashFile, mqmUID, mqmGID)
 	if err != nil {
 		return err
 	}
 	return nil
 }
@@ -152,7 +136,7 @@ func (ks *KeyStore) Import(inputFile, password string) error {
 // CreateSelfSignedCertificate creates a self-signed certificate in the keystore
 func (ks *KeyStore) CreateSelfSignedCertificate(label, dn, hostname string) error {
-	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn, "-san_dnsname", hostname)
+	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn, "-san_dnsname", hostname, "-size 2048 -sig_alg sha256 -eku serverAuth")
 	if err != nil {
 		return fmt.Errorf("error running \"%v -cert -create\": %v %s", ks.command, err, out)
 	}
@@ -207,7 +191,7 @@ func (ks *KeyStore) RenameCertificate(from, to string) error {
 		// #nosec G204
 		cmd := exec.Command("/opt/mqm/gskit8/bin/gsk8capicmd_64", "-cert", "-rename", "-db", ks.Filename, "-pw", ks.Password, "-label", from, "-new_label", to)
 		cmd.Env = append(os.Environ(), "LD_LIBRARY_PATH=/opt/mqm/gskit8/lib64/:/opt/mqm/gskit8/lib")
-		out, _, err := command.RunCmd(cmd)
+		out, err := cmd.CombinedOutput()
 		if err != nil {
 			return fmt.Errorf("error running \"%v -cert -rename\": %v %s", "/opt/mqm/gskit8/bin/gsk8capicmd_64", err, out)
 		}
--- a/internal/metrics/exporter.go
+++ b/internal/metrics/exporter.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@ limitations under the License.
 package metrics
 import (
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
 	"github.com/prometheus/client_golang/prometheus"
 )
--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
@@ -23,7 +23,7 @@ import (
 	"net/http"
 	"time"
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
 	"github.com/ibm-messaging/mq-container/internal/ready"
 	"github.com/prometheus/client_golang/prometheus"
 )
--- a/internal/metrics/update.go
+++ b/internal/metrics/update.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import (
 	"strings"
 	"time"
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
 	"github.com/ibm-messaging/mq-golang/ibmmq"
 	"github.com/ibm-messaging/mq-golang/mqmetric"
 )
--- a/internal/metrics/update_test.go
+++ b/internal/metrics/update_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ import (
 	"os"
 	"testing"
-	"github.com/ibm-messaging/mq-container/internal/logger"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
 	"github.com/ibm-messaging/mq-golang/mqmetric"
 )
--- a/internal/mqini/mqat.ini
+++ b/internal/mqini/mqat.ini
@@ -1,20 +0,0 @@
 #*******************************************************************#
 #* Module Name: mqat.ini                                           *#
 #* Type       : IBM MQ queue manager configuration file            *#
 #  Function   : Define the configuration of application activity   *#
 #*              trace for a single queue manager.                  *#
 #*******************************************************************#
 # Global settings stanza, default values
 AllActivityTrace:
  ActivityInterval=1
  ActivityCount=100
  TraceLevel=MEDIUM
  TraceMessageData=0
  StopOnGetTraceMsg=ON
  SubscriptionDelivery=BATCHED
 # Prevent the sample activity trace program from generating data
 ApplicationTrace:
  ApplName=amqsact*
  Trace=OFF
--- a/internal/mqini/mqini.go
+++ b/internal/mqini/mqini.go
@@ -1,328 +0,0 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 // Package mqini provides information about queue managers
 package mqini
 import (
 	"bufio"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
 // QueueManager describe high-level configuration information for a queue manager
 type QueueManager struct {
 	Name             string
 	Prefix           string
 	Directory        string
 	DataPath         string
 	InstallationName string
 }
 var qmgrDir string
 var stanzasQMINI []string
 var stanzasMQATINI []string
 // getQueueManagerFromStanza parses a queue manager stanza
 func getQueueManagerFromStanza(stanza string) (*QueueManager, error) {
 	scanner := bufio.NewScanner(strings.NewReader(stanza))
 	qm := QueueManager{}
 	for scanner.Scan() {
 		l := scanner.Text()
 		l = strings.TrimSpace(l)
 		t := strings.Split(l, "=")
 		switch t[0] {
 		case "Name":
 			qm.Name = t[1]
 		case "Prefix":
 			qm.Prefix = t[1]
 		case "Directory":
 			qm.Directory = t[1]
 		case "DataPath":
 			qm.DataPath = t[1]
 		case "InstallationName":
 			qm.InstallationName = t[1]
 		}
 	}
 	return &qm, scanner.Err()
 }
 // GetQueueManager returns queue manager configuration information
 func GetQueueManager(name string) (*QueueManager, error) {
 	// dspmqinf essentially returns a subset of mqs.ini, but it's simpler to parse
 	out, _, err := command.Run("dspmqinf", "-o", "stanza", name)
 	if err != nil {
 		return nil, err
 	}
 	return getQueueManagerFromStanza(out)
 }
 // GetErrorLogDirectory returns the directory holding the error logs for the
 // specified queue manager
 func GetErrorLogDirectory(qm *QueueManager) string {
 	if qm.DataPath != "" {
 		return filepath.Join(qm.DataPath, "errors")
 	}
 	return filepath.Join(qm.Prefix, "qmgrs", qm.Directory, "errors")
 }
 //AddStanzas Reads supplied mq ini configuration files and updates the stanzas
 //into queue manager's ini configuration files.
 func AddStanzas(qmname string) error {
 	//find the qmgr directory.
 	qm, err := GetQueueManager(qmname)
 	if err != nil {
 		return err
 	}
 	qmgrDir = filepath.Join(qm.Prefix, "qmgrs", qm.Directory)
 	//Find the users ini configuration file
 	files := getIniFileList()
 	if len(files) > 1 {
 		msg := fmt.Sprintf("[ %v ]", files)
 		return errors.New("Only a single ini file can be provided. Following ini files are found:" + msg)
 	}
 	if len(files) == 0 {
 		//no ini file update required.
 		return nil
 	}
 	iniFileBytes, err := ioutil.ReadFile(files[0])
 	if err != nil {
 		return err
 	}
 	userconfig := string(iniFileBytes)
 	if len(userconfig) == 0 {
 		return nil
 	}
 	//Prepare a list of all supported stanzas
 	PopulateAllAvailableStanzas()
 	//Update the qmgr ini file with user config.
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		return err
 	}
 	err = writeConfigStanzas(qmConfig, atConfig)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 // PopulateAllAvailableStanzas initializes the ini stanzas prescribed by mq specification.
 func PopulateAllAvailableStanzas() {
 	stanzasQMINI = []string{"ExitPath",
 		"Log",
 		"Service",
 		"ServiceComponent",
 		"Channels",
 		"TCP",
 		"ApiExitLocal",
 		"AccessMode",
 		"RestrictedMode",
 		"XAResourceManager",
 		"DefaultBindType",
 		"SSL",
 		"DiagnosticMessages",
 		"Filesystem",
 		"Security",
 		"TuningParameters",
 		"ExitPropertiesLocal",
 		"LU62",
 		"NETBIOS"}
 	stanzasMQATINI = []string{"AllActivityTrace", "ApplicationTrace"}
 }
 // getIniFileList Checks for the user supplied ini file in /etc/mqm directory.
 func getIniFileList() []string {
 	fileList := []string{}
 	filepath.Walk("/etc/mqm", func(path string, f os.FileInfo, err error) error {
 		if strings.HasSuffix(path, ".ini") {
 			fileList = append(fileList, path)
 		}
 		return nil
 	})
 	return fileList
 }
 //PrepareConfigStanzasToWrite Reads through the user supplied ini config file and prepares list of
 //updates to be written into corresponding mq ini files (qm.ini and/or mqat.ini files.)
 func PrepareConfigStanzasToWrite(userconfig string) (string, string, error) {
 	var qminiConfigStr string
 	var mqatiniConfigStr string
 	//read the initial version.
 	iniFileBytes, err := ioutil.ReadFile(filepath.Join(qmgrDir, "qm.ini"))
 	if err != nil {
 		return "", "", err
 	}
 	qminiConfigStr = string(iniFileBytes)
 	iniFileBytes, err = ioutil.ReadFile(filepath.Join(qmgrDir, "mqat.ini"))
 	if err != nil {
 		return "", "", err
 	}
 	mqatiniConfigStr = string(iniFileBytes)
 	stanzaListMerge := make(map[string]strings.Builder)
 	stanzaListAppend := make(map[string]strings.Builder)
 	var sbAppend strings.Builder
 	var sbMerger strings.Builder
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	consumetoAppend := false
 	consumeToMerge := false
 	var stanza string
 	//read through the user file and prepare what we want.
 	for scanner.Scan() {
 		if strings.Contains(scanner.Text(), ":") {
 			consumetoAppend = false
 			consumeToMerge = false
 			stanza = scanner.Text()
 			//check if this stanza exists in the qm.ini/mqat.ini files
 			if strings.Contains(qminiConfigStr, stanza) ||
 				(strings.Contains(mqatiniConfigStr, stanza) && !(strings.Contains(stanza, "ApplicationTrace"))) {
 				consumeToMerge = true
 				sbMerger = strings.Builder{}
 				stanzaListMerge[stanza] = sbMerger
 			} else {
 				consumetoAppend = true
 				sbAppend = strings.Builder{}
 				stanzaListAppend[stanza] = sbAppend
 			}
 		} else {
 			if consumetoAppend {
 				sb := stanzaListAppend[stanza]
 				sb.WriteString(scanner.Text() + "\n")
 				stanzaListAppend[stanza] = sb
 			}
 			if consumeToMerge {
 				sb := stanzaListMerge[stanza]
 				sb.WriteString(scanner.Text() + "\n")
 				stanzaListMerge[stanza] = sb
 			}
 		}
 	}
 	//merge if stanza exits.
 	if len(stanzaListMerge) > 0 {
 		for key := range stanzaListMerge {
 			toWrite, filename := ValidateStanzaToWrite(key)
 			if toWrite {
 				attrList := stanzaListMerge[key]
 				switch filename {
 				case "qm.ini":
 					qminiConfigStr = prepareStanzasToMerge(key, attrList, qminiConfigStr)
 				case "mqat.ini":
 					mqatiniConfigStr = prepareStanzasToMerge(key, attrList, mqatiniConfigStr)
 				default:
 				}
 			}
 		}
 	}
 	//append new stanzas.
 	if len(stanzaListAppend) > 0 {
 		for key := range stanzaListAppend {
 			attrList := stanzaListAppend[key]
 			if strings.Contains(strings.Join(stanzasMQATINI, ", "), strings.TrimSuffix(strings.TrimSpace(key), ":")) {
 				mqatiniConfigStr = prepareStanzasToAppend(key, attrList, mqatiniConfigStr)
 			} else {
 				qminiConfigStr = prepareStanzasToAppend(key, attrList, qminiConfigStr)
 			}
 		}
 	}
 	return qminiConfigStr, mqatiniConfigStr, nil
 }
 //ValidateStanzaToWrite Validates stanza to be written and the file it belongs to.
 func ValidateStanzaToWrite(stanza string) (bool, string) {
 	stanza = strings.TrimSpace(stanza)
 	if strings.Contains(stanza, ":") {
 		stanza = stanza[:len(stanza)-1]
 	}
 	if strings.Contains(strings.Join(stanzasQMINI, ", "), stanza) {
 		return true, "qm.ini"
 	} else if strings.Contains(strings.Join(stanzasMQATINI, ", "), stanza) {
 		return true, "mqat.ini"
 	} else {
 		return false, ""
 	}
 }
 //prepareStanzasToAppend Prepares list of stanzas that are to be appended into qm ini files(qm.ini/mqat.ini)
 func prepareStanzasToAppend(key string, attrList strings.Builder, iniConfig string) string {
 	newVal := key + "\n" + attrList.String()
 	iniConfig = iniConfig + newVal
 	return iniConfig
 }
 //prepareStanzasToMerge Prepares list of stanzas that are to be updated into qm ini files(qm.ini/mqat.ini)
 //These stanzas are already present in mq ini files and their values have to be updated with user supplied ini.
 func prepareStanzasToMerge(key string, attrList strings.Builder, iniConfig string) string {
 	lineScanner := bufio.NewScanner(strings.NewReader(attrList.String()))
 	lineScanner.Split(bufio.ScanLines)
 	for lineScanner.Scan() {
 		attrLine := lineScanner.Text()
 		keyvalue := strings.Split(attrLine, "=")
 		//this line present in qm.ini, update value.
 		if strings.Contains(iniConfig, keyvalue[0]) {
 			re := regexp.MustCompile(keyvalue[0] + "=.*")
 			iniConfig = re.ReplaceAllString(iniConfig, attrLine)
 		} else { //this line not present in qm.ini file, add it.
 			re := regexp.MustCompile(key)
 			newVal := key + "\n" + attrLine
 			iniConfig = re.ReplaceAllString(iniConfig, newVal)
 		}
 	}
 	return iniConfig
 }
 //writeConfigStanzas Writes the ini file updates into corresponding mq ini files.
 func writeConfigStanzas(qmConfig string, atConfig string) error {
 	err := ioutil.WriteFile(filepath.Join(qmgrDir, "qm.ini"), []byte(qmConfig), 0644)
 	if err != nil {
 		return err
 	}
 	err = ioutil.WriteFile(filepath.Join(qmgrDir, "mqat.ini"), []byte(atConfig), 0644)
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/internal/mqini/mqini_test.go
+++ b/internal/mqini/mqini_test.go
@@ -1,202 +0,0 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package mqini
 import (
 	"bufio"
 	"io/ioutil"
 	"strings"
 	"testing"
 )
 var getQueueManagerTests = []struct {
 	file        string
 	name        string
 	prefix      string
 	directory   string
 	errorLogDir string
 }{
 	{"dspmqinf1.txt", "foo", "/var/mqm", "foo", "/var/mqm/qmgrs/foo/errors"},
 	{"dspmqinf2.txt", "a/b", "/var/mqm", "a&b", "/var/mqm/qmgrs/a&b/errors"},
 	{"dspmqinf3.txt", "..", "/var/mqm", "!!", "/var/mqm/qmgrs/!!/errors"},
 }
 func TestGetQueueManager(t *testing.T) {
 	for _, table := range getQueueManagerTests {
 		t.Run(table.file, func(t *testing.T) {
 			b, err := ioutil.ReadFile(table.file)
 			if err != nil {
 				t.Fatal(err)
 			}
 			qm, err := getQueueManagerFromStanza(string(b))
 			if err != nil {
 				t.Fatal(err)
 			}
 			t.Logf("%#v", qm)
 			if qm.Name != table.name {
 				t.Errorf("Expected name=%v; got %v", table.name, qm.Name)
 			}
 			if qm.Prefix != table.prefix {
 				t.Errorf("Expected prefix=%v; got %v", table.prefix, qm.Prefix)
 			}
 			if qm.Directory != table.directory {
 				t.Errorf("Expected directory=%v; got %v", table.directory, qm.Directory)
 			}
 			// Test
 			d := GetErrorLogDirectory(qm)
 			if d != table.errorLogDir {
 				t.Errorf("Expected error log directory=%v; got %v", table.errorLogDir, d)
 			}
 		})
 	}
 }
 func TestIniFileStanzas(t *testing.T) {
 	PopulateAllAvailableStanzas()
 	checkReturns("ApiExitLocal", true, true, t)
 	checkReturns("Channels", true, true, t)
 	checkReturns("TCP", true, true, t)
 	checkReturns("ServiceComponent", true, true, t)
 	checkReturns("Service", true, true, t)
 	checkReturns("AccessMode", true, true, t)
 	checkReturns("RestrictedMode", true, true, t)
 	checkReturns("XAResourceManager", true, true, t)
 	checkReturns("SSL", true, true, t)
 	checkReturns("Security", true, true, t)
 	checkReturns("TuningParameters", true, true, t)
 	checkReturns("ABC", false, false, t)
 	checkReturns("#1234ABD", true, false, t)
 	checkReturns("AllActivityTrace", false, true, t)
 	checkReturns("ApplicationTrace", false, true, t)
 	checkReturns("xyz123abvc", false, false, t)
 }
 func TestIniFile1Update(t *testing.T) {
 	iniFileBytes, err := ioutil.ReadFile("test1qm.ini")
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	userconfig := string(iniFileBytes)
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	if len(atConfig) == 0 {
 		t.Errorf("Unexpected stanza file update: mqat.ini[%s]\n", atConfig)
 	}
 	if len(qmConfig) == 0 {
 		t.Errorf("Expected stanza file not found: qm.ini\n")
 	}
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		line := scanner.Text()
 		if !strings.Contains(qmConfig, line) {
 			t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			break
 		}
 	}
 }
 func TestIniFile2Update(t *testing.T) {
 	iniFileBytes, err := ioutil.ReadFile("test2qm.ini")
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	userconfig := string(iniFileBytes)
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	if len(atConfig) == 0 {
 		t.Errorf("Expected stanza file not found: mqat.ini\n")
 	}
 	if len(qmConfig) == 0 {
 		t.Errorf("Expected stanza file not found: qm.ini\n")
 	}
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		line := scanner.Text()
 		if !strings.Contains(atConfig, line) {
 			t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			break
 		}
 	}
 }
 func TestIniFile3Update(t *testing.T) {
 	i := 0
 	iniFileBytes, err := ioutil.ReadFile("test3qm.ini")
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	userconfig := string(iniFileBytes)
 	qmConfig, atConfig, err := PrepareConfigStanzasToWrite(userconfig)
 	if err != nil {
 		t.Errorf("Unexpected error: [%s]\n", err.Error())
 	}
 	if len(qmConfig) == 0 {
 		t.Errorf("Unexpected stanza file update: qm.ini[%s]\n", atConfig)
 	}
 	if len(atConfig) == 0 {
 		t.Errorf("Expected stanza file not found: mqat.ini\n")
 	}
 	scanner := bufio.NewScanner(strings.NewReader(userconfig))
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		line := scanner.Text()
 		i++
 		//first 20 lines of test3qm.ini shall go into qm.ini file and rest into mqat.ini file.
 		if i < 20 {
 			if !strings.Contains(qmConfig, line) {
 				t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			}
 		} else if i > 20 {
 			if !strings.Contains(atConfig, line) {
 				t.Errorf("Expected stanza line not found in updated string. line=%s\n, Stanza:%s\n", line, qmConfig)
 			}
 		}
 	}
 }
 func checkReturns(stanza string, isqmini bool, shouldexist bool, t *testing.T) {
 	exists, filename := ValidateStanzaToWrite(stanza)
 	if exists != shouldexist {
 		t.Errorf("Stanza should exist %t but found was %t", shouldexist, exists)
 	}
 	if shouldexist {
 		if isqmini {
 			if filename != "qm.ini" {
 				t.Errorf("Expected filename:qm.ini for stanza:%s. But got %s", stanza, filename)
 			}
 		} else {
 			if filename != "mqat.ini" {
 				t.Errorf("Expected filename:mqat.ini for stanza:%s. But got %s", stanza, filename)
 			}
 		}
 	}
 }
--- a/internal/mqini/qm.ini
+++ b/internal/mqini/qm.ini
@@ -1,45 +0,0 @@
 #*******************************************************************#
 #* Module Name: qm.ini                                             *#
 #* Type       : IBM MQ queue manager configuration file            *#
 #  Function   : Define the configuration of a single queue manager *#
 #*                                                                 *#
 #*******************************************************************#
 #* Notes      :                                                    *#
 #* 1) This file defines the configuration of the queue manager     *#
 #*                                                                 *#
 #*******************************************************************#
 ExitPath:
   ExitsDefaultPath=C:\ProgramData\IBM\MQ\exits
   ExitsDefaultPath64=C:\ProgramData\IBM\MQ\exits64
 InstanceData:
   InstanceID=1562831591
   Startup=ServiceManual
 #*                                                                 *#
 #*                                                                 *#
 Log:
   LogPrimaryFiles=3
   LogSecondaryFiles=2
   LogFilePages=4096
   LogType=CIRCULAR
   LogBufferPages=0
   LogPath=C:\ProgramData\IBM\MQ\log\INI1\
   LogWriteIntegrity=TripleWrite
 Service:
   Name=AuthorizationService
   EntryPoints=14
 ServiceComponent:
   Service=AuthorizationService
   Name=MQSeries.WindowsNT.auth.service
   Module=amqzfu.dll
   ComponentDataSize=0
 Channels:
   ChlauthEarlyAdopt=Y
 TCP:
   SndBuffSize=0
   RcvBuffSize=0
   RcvSndBuffSize=0
   RcvRcvBuffSize=0
   ClntSndBuffSize=0
   ClntRcvBuffSize=0
   SvrSndBuffSize=0
   SvrRcvBuffSize=0
--- a/internal/mqini/test1qm.ini
+++ b/internal/mqini/test1qm.ini
@@ -1,5 +0,0 @@
 ApiExitLocal:   
  Sequence=1
  Function=EntryPoint
  Module=/opt/mylibs/mylib.so
  Name=mylib
--- a/internal/mqini/test2qm.ini
+++ b/internal/mqini/test2qm.ini
@@ -1,7 +0,0 @@
 AllActivityTrace:
  ActivityInterval=11
  ActivityCount=1
  TraceLevel=INFO
 ApplicationTrace:
  ApplName=amqsget
  Trace=ON
--- a/internal/mqini/test3qm.ini
+++ b/internal/mqini/test3qm.ini
@@ -1,23 +0,0 @@
 ApiExitLocal:   
  Sequence=1
  Function=EntryPoint
  Module=/opt/MQOpenTracing/MQOpenTracingExit.so
  Name=MQOpenTracingExit
 Channels:
   MQIBindType=FASTPATH
 Log:
   LogPrimaryFiles=30
   LogType=CIRCULAR
   LogPath=/ProgramfILES/IBM/MQ/log/INI1/
 TCP:
   SndBuffSize=4095
   RcvBuffSize=4095
   RcvSndBuffSize=4095
   RcvRcvBuffSize=4095
   ClntSndBuffSize=2049
   ClntRcvBuffSize=2049
   SvrSndBuffSize=2049
   SvrRcvBuffSize=2049 
 ApplicationTrace:
  ApplName=amqsput
  Trace=ON
--- a/internal/mqtemplate/mqtemplate.go
+++ b/internal/mqtemplate/mqtemplate.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,8 +22,7 @@ import (
 	"path"
 	"text/template"
-	"github.com/ibm-messaging/mq-container/internal/command"
+	"github.com/ibm-messaging/mq-container/pkg/logger"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 )
 // ProcessTemplateFile takes a Go templateFile, and processes it with the
@@ -45,16 +44,6 @@ func ProcessTemplateFile(templateFile, destFile string, data interface{}, log *l
 				log.Error(err)
 				return err
 			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 			err = os.Chown(dir, mqmUID, mqmGID)
 			if err != nil {
 				log.Error(err)
 				return err
 			}
 		} else {
 			return err
 		}
@@ -67,15 +56,5 @@ func ProcessTemplateFile(templateFile, destFile string, data interface{}, log *l
 		log.Error(err)
 		return err
 	}
 	mqmUID, mqmGID, err := command.LookupMQM()
 	if err != nil {
 		log.Error(err)
 		return err
 	}
 	err = os.Chown(destFile, mqmUID, mqmGID)
 	if err != nil {
 		log.Error(err)
 		return err
 	}
 	return nil
 }
--- a/internal/qmgrauth/pas.go
+++ b/internal/qmgrauth/pas.go
@@ -0,0 +1,299 @@
 /*
 © Copyright IBM Corporation 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 //This is a developer only configuration and not recommended for production usage.
 package main
 /*
 #cgo !windows CFLAGS: -I/opt/mqm/lib64 -D_REENTRANT
 #cgo !windows,!darwin LDFLAGS: -L/opt/mqm/lib64 -lmqm_r -Wl,-rpath,/opt/mqm/lib64 -Wl,-rpath,/usr/lib64
 #cgo darwin   LDFLAGS:         -L/opt/mqm/lib64 -lmqm_r -Wl,-rpath,/opt/mqm/lib64 -Wl,-rpath,/usr/lib64
 #cgo  windows CFLAGS:  -I"C:/Program Files/IBM/MQ/Tools/c/include"
 #cgo windows LDFLAGS: -L "C:/Program Files/IBM/MQ/bin64" -lmqm
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <cmqc.h>
 #include <cmqxc.h>
 #include <cmqzc.h>
 #include <cmqec.h>
 #include <time.h>
 static MQZ_INIT_AUTHORITY           PASStart;
 static MQZ_AUTHENTICATE_USER        OAAuthUser;
 static MQZ_FREE_USER                OAFreeUser;
 static MQZ_TERM_AUTHORITY           OATermAuth;
 extern int Authenticate(char *, char *);
 extern int CheckAuthority(char *);
 static char *OAEnvStr(MQLONG);
 static void FindSize();
 static void PrintDateTime();
 static FILE *fp = NULL;
 static int primary_process = 0;
 static void MQENTRY PASStart(
  MQHCONFIG hc,
  MQLONG    Options,
  MQCHAR48   QMgrName,
  MQLONG    ComponentDataLength,
  PMQBYTE   ComponentData,
  PMQLONG   Version,
  PMQLONG   pCompCode,
  PMQLONG   pReason) {
  MQLONG CC       = MQCC_OK;
  MQLONG Reason   = MQRC_NONE;
  if ((Options & MQZIO_PRIMARY) == MQZIO_PRIMARY)
    primary_process = 1;
  fp=fopen("/var/mqm/errors/amqpasdev.log","a");
  if (CC == MQCC_OK)
    hc->MQZEP_Call(hc, MQZID_INIT_AUTHORITY,(PMQFUNC)PASStart,&CC,&Reason);
  if (CC == MQCC_OK)
    hc->MQZEP_Call(hc,MQZID_TERM_AUTHORITY,(PMQFUNC)OATermAuth,&CC,&Reason);
  if (CC == MQCC_OK)
    hc->MQZEP_Call(hc,MQZID_AUTHENTICATE_USER,(PMQFUNC)OAAuthUser,&CC,&Reason);
  if (CC == MQCC_OK)
    hc->MQZEP_Call(hc,MQZID_FREE_USER,(PMQFUNC)OAFreeUser,&CC,&Reason);
  *Version   = MQZAS_VERSION_5;
  *pCompCode = CC;
  *pReason   = Reason;
  PrintDateTime();
  fprintf(fp, "Pluggable OAM Initialized.\n");
  fprintf(fp, "THIS IS A DEVELOPER ONLY CONFIGURATION AND NOT RECOMMENDED FOR PRODUCTION USAGE");
  return;
 }
 static char *authuserfmt =
  "\tUser    : \"%12.12s\"\n"\
  "\tEffUser : \"%12.12s\"\n"\
  "\tAppName : \"%28.28s\"\n"\
  "\tApIdDt  : \"%32.32s\"\n"\
  "\tEnv     : \"%s\"\n"\
  "\tApp Pid : %d\n"\
  "\tApp Tid : %d\n"\
  ;
 static void MQENTRY OAAuthUser (
     PMQCHAR  pQMgrName,
     PMQCSP   pSecurityParms,
     PMQZAC   pApplicationContext,
     PMQZIC   pIdentityContext,
     PMQPTR   pCorrelationPtr,
     PMQBYTE  pComponentData,
     PMQLONG  pContinuation,
     PMQLONG  pCompCode,
     PMQLONG  pReason)
 {
  char *spuser = NULL;
  char *sppass = NULL;
  int gorc = MQRC_NOT_AUTHORIZED;
  if ((pSecurityParms->CSPUserIdLength) > 0) {
    //Grab the user creds from csp.
    spuser = malloc(pSecurityParms->CSPUserIdLength+1);
    strncpy(spuser,pSecurityParms->CSPUserIdPtr,pSecurityParms->CSPUserIdLength);
    spuser[pSecurityParms->CSPUserIdLength]=0;
    sppass =  malloc(pSecurityParms->CSPPasswordLength+1);
    strncpy(sppass,pSecurityParms->CSPPasswordPtr,pSecurityParms->CSPPasswordLength);
    sppass[pSecurityParms->CSPPasswordLength]=0;
    gorc = Authenticate(spuser,sppass);
    if (gorc == MQRC_NONE) {
      *pCompCode = MQCC_OK;
      *pReason = MQRC_NONE;
      *pContinuation = MQZCI_CONTINUE;
      memcpy( pIdentityContext->UserIdentifier
        , spuser
        , sizeof(pIdentityContext->UserIdentifier) );
    } else {
      *pCompCode = MQCC_WARNING;
      *pReason = MQRC_NONE;
      *pContinuation = MQZCI_CONTINUE;
      //we print to error file only if error'd
      PrintDateTime();
      if (fp) {
        fprintf(fp, authuserfmt,
          pIdentityContext->UserIdentifier,
          pApplicationContext->EffectiveUserID,
          pApplicationContext->ApplName,
          pIdentityContext->ApplIdentityData,
          OAEnvStr(pApplicationContext->Environment),
          pApplicationContext->ProcessId,
          pApplicationContext->ThreadId);
          fprintf(fp,"\tCSP UserId  : %s\n", spuser);
          fprintf(fp,"\tCSP Password : %s\n", "****..");
          fprintf(fp,"\tPAS-Compcode:%d\n",*pCompCode);
          fprintf(fp,"\tPAS-Reasoncode:%d\n",*pReason);
      }
    }
    free(spuser);
    free(sppass);
  } else {
    //this is only a normal UID authentication.
    spuser = malloc(sizeof(PMQCHAR12));
    strncpy(spuser,pApplicationContext->EffectiveUserID,strlen(pApplicationContext->EffectiveUserID));
    spuser[sizeof(PMQCHAR12)]=0;
    gorc = CheckAuthority(spuser);
    if (gorc == MQRC_NONE){
        *pCompCode = MQCC_OK;
        *pReason = MQRC_NONE;
        *pContinuation = MQZCI_CONTINUE;
        memcpy( pIdentityContext->UserIdentifier
                , spuser
                , sizeof(pIdentityContext->UserIdentifier) );
    } else {
        *pCompCode = MQCC_WARNING;
        *pReason = MQRC_NONE;
        *pContinuation = MQZCI_CONTINUE;
        //we print only if error'd
        PrintDateTime();
        if (fp)
        {
          fprintf(fp, authuserfmt,
 	        pIdentityContext->UserIdentifier,
 	        pApplicationContext->EffectiveUserID,
 	        pApplicationContext->ApplName,
 	        pIdentityContext->ApplIdentityData,
 	        OAEnvStr(pApplicationContext->Environment),
 	        pApplicationContext->ProcessId,
 	        pApplicationContext->ThreadId
 	        );
          fprintf(fp,"\tUID  : %s\n", spuser);
          fprintf(fp,"\tPAS-Compcode:%d\n",*pCompCode);
          fprintf(fp,"\tPAS-Reasoncode:%d\n",*pReason);
        }
    }
  }
  return;
 }
 static void MQENTRY OAFreeUser (
     PMQCHAR  pQMgrName,
     PMQZFP   pFreeParms,
     PMQBYTE  pComponentData,
     PMQLONG  pContinuation,
     PMQLONG  pCompCode,
     PMQLONG  pReason)
 {
  *pCompCode = MQCC_WARNING;
  *pReason   = MQRC_NONE;
  *pContinuation = MQZCI_CONTINUE;
  return;
 }
 static void MQENTRY OATermAuth(
  MQHCONFIG  hc,
  MQLONG     Options,
  PMQCHAR    pQMgrName,
  PMQBYTE    pComponentData,
  PMQLONG    pCompCode,
  PMQLONG    pReason)
 {
  if ((primary_process) && ((Options & MQZTO_PRIMARY) == MQZTO_PRIMARY) ||
 	                   ((Options & MQZTO_SECONDARY) == MQZTO_SECONDARY))
  {
    if (fp)
    {
      fclose(fp);
      fp = NULL;
    }
  }
  *pCompCode = MQCC_OK;
  *pReason   = MQRC_NONE;
 }
 static void PrintDateTime() {
  FindSize();
  struct tm *local;
    time_t t;
    t = time(NULL);
    local = localtime(&t);
    if (fp) {
      fprintf(fp, "-------------------------------------------------\n");
      fprintf(fp, "Local time: %s", asctime(local));
      local = gmtime(&t);
      fprintf(fp, "UTC time: %s", asctime(local));
    }
    return;
 }
 static char *OAEnvStr(MQLONG x)
 {
   switch (x)
   {
   case MQXE_OTHER:          return "Application";
   case MQXE_MCA:            return "Channel";
   case MQXE_MCA_SVRCONN:    return "Channel SvrConn";
   case MQXE_COMMAND_SERVER: return "Command Server";
   case MQXE_MQSC:           return "MQSC";
   default:                  return "Invalid Environment";
   }
 }
 static void FindSize()
 {
  int sz = 0;
  int prev=ftell(fp);
  fseek(fp, 0L, SEEK_END);
  sz=ftell(fp);
  //if log file size goes over 1mb, rewind it.
  if (sz > 1000000) {
    rewind(fp);
  } else {
    fseek(fp, prev, SEEK_SET);
  }
 }
 */
 import "C"
 import "github.com/ibm-messaging/mq-container/internal/htpasswd"
 //export MQStart
 func MQStart(hc C.MQHCONFIG, Options C.MQLONG, QMgrName C.PMQCHAR, ComponentDataLength C.MQLONG, ComponentData C.PMQBYTE, Version C.PMQLONG, pCompCode C.PMQLONG, pReason C.PMQLONG) {
 	C.PASStart(hc, Options, QMgrName, ComponentDataLength, ComponentData, Version, pCompCode, pReason)
 }
 //export Authenticate
 func Authenticate(x *C.char, y *C.char) C.int {
 	user := C.GoString(x)
 	pwd := C.GoString(y)
 	found, ok, err := htpasswd.AuthenticateUser(user, pwd, false)
 	if !found || !ok || err != nil {
 		return C.MQRC_UNKNOWN_OBJECT_NAME
 	}
 	return C.MQRC_NONE
 }
 //export CheckAuthority
 func CheckAuthority(x *C.char) C.int {
 	user := C.GoString(x)
 	found, err := htpasswd.ValidateUser(user, false)
 	if !found || err != nil {
 		return C.MQRC_UNKNOWN_OBJECT_NAME
 	}
 	return C.MQRC_NONE
 }
 func main() {}
--- a/internal/tls/tls.go
+++ b/internal/tls/tls.go
--- a/internal/tls/tls_web.go
+++ b/internal/tls/tls_web.go
@@ -0,0 +1,97 @@
 /*
 © Copyright IBM Corporation 2019, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package tls
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/ibm-messaging/mq-container/internal/keystore"
 )
 // webKeystoreDefault is the name of the default web server Keystore
 const webKeystoreDefault = "default.p12"
 // ConfigureWebTLS configures TLS for the web server
 func ConfigureWebTLS(keyLabel string) error {
 	// Return immediately if we have no certificate to use as identity
 	if keyLabel == "" && os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME") == "" {
 		return nil
 	}
 	webConfigDir := "/etc/mqm/web/installations/Installation1/servers/mqweb"
 	tls := "tls.xml"
 	tlsConfig := filepath.Join(webConfigDir, tls)
 	newTLSConfig := filepath.Join(webConfigDir, tls+".tpl")
 	err := os.Remove(tlsConfig)
 	if err != nil {
 		return fmt.Errorf("Failed to delete file %s: %v", tlsConfig, err)
 	}
 	// Symlink here to prevent issues on restart
 	err = os.Symlink(newTLSConfig, tlsConfig)
 	if err != nil {
 		return fmt.Errorf("Failed to create symlink %s->%s: %v", newTLSConfig, tlsConfig, err)
 	}
 	return nil
 }
 // ConfigureWebKeyStore configures the Web Keystore
 func ConfigureWebKeystore(p12Truststore KeyStoreData, webKeystore string) (string, error) {
 	if webKeystore == "" {
 		webKeystore = webKeystoreDefault
 	}
 	webKeystoreFile := filepath.Join(keystoreDir, webKeystore)
 	// Check if a new self-signed certificate should be generated
 	genHostName := os.Getenv("MQ_GENERATE_CERTIFICATE_HOSTNAME")
 	if genHostName != "" {
 		// Create the Web Keystore
 		newWebKeystore := keystore.NewPKCS12KeyStore(webKeystoreFile, p12Truststore.Password)
 		err := newWebKeystore.Create()
 		if err != nil {
 			return "", fmt.Errorf("Failed to create Web Keystore %s: %v", webKeystoreFile, err)
 		}
 		// Generate a new self-signed certificate in the Web Keystore
 		err = newWebKeystore.CreateSelfSignedCertificate("default", fmt.Sprintf("CN=%s", genHostName), genHostName)
 		if err != nil {
 			return "", fmt.Errorf("Failed to generate certificate in Web Keystore %s with DN of 'CN=%s': %v", webKeystoreFile, genHostName, err)
 		}
 	} else {
 		// Check Web Keystore already exists
 		_, err := os.Stat(webKeystoreFile)
 		if err != nil {
 			return "", fmt.Errorf("Failed to find existing Web Keystore %s: %v", webKeystoreFile, err)
 		}
 	}
 	// Check Web Truststore already exists
 	_, err := os.Stat(p12Truststore.Keystore.Filename)
 	if err != nil {
 		return "", fmt.Errorf("Failed to find existing Web Truststore %s: %v", p12Truststore.Keystore.Filename, err)
 	}
 	return webKeystore, nil
 }
--- a/internal/user/user.go
+++ b/internal/user/user.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018, 2019
+© Copyright IBM Corporation 2018, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -16,66 +16,26 @@ limitations under the License.
 package user
 import (
-	"fmt"
+	"golang.org/x/sys/unix"
 	"os/user"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
 // User holds information on primary and supplemental OS groups
 type User struct {
-	UID             string
+	UID             int
-	Name            string
+	PrimaryGID      int
-	PrimaryGID      string
+	SupplementalGID []int
 	SupplementalGID []string
 }
 // GetUser returns the current user and group information
 func GetUser() (User, error) {
-	u, err := user.Current()
+	u := User{
 		UID:        unix.Geteuid(),
 		PrimaryGID: unix.Getgid(),
 	}
 	groups, err := unix.Getgroups()
 	if err != nil {
-		return User{}, err
+		return u, err
 	}
-	g, err := getCurrentUserGroups()
+	u.SupplementalGID = groups
-	if err != nil {
+	return u, nil
 		return User{}, err
 	}
 	if err != nil && len(g) == 0 {
 		return User{
 			UID:             u.Uid,
 			Name:            u.Name,
 			PrimaryGID:      u.Gid,
 			SupplementalGID: []string{},
 		}, nil
 	}
 	// Look for the primary group in the list of group IDs
 	for i, v := range g {
 		if v == u.Gid {
 			// Remove the element from the slice
 			g = append(g[:i], g[i+1:]...)
 		}
 	}
 	return User{
 		UID:             u.Uid,
 		Name:            u.Name,
 		PrimaryGID:      u.Gid,
 		SupplementalGID: g,
 	}, nil
 }
 func getCurrentUserGroups() ([]string, error) {
 	var nilArray []string
 	out, _, err := command.Run("id", "--groups")
 	if err != nil {
 		return nilArray, err
 	}
 	out = strings.TrimSpace(out)
 	if out == "" {
 		return nilArray, fmt.Errorf("Unable to determine groups for current user")
 	}
 	groups := strings.Split(out, " ")
 	return groups, nil
 }
--- a/manifests/README.md
+++ b/manifests/README.md
@@ -1,7 +1,7 @@
 Fat manifests
 =============
-These are the fat manifests used by Docker Hub and Docker store to handle images with multiple CPU architectures.
+These are the fat manifests used by Docker Hub to handle images with multiple CPU architectures.
 They are used in conjunction with [manifest-tool](https://github.com/estesp/manifest-tool), for example:
--- a/manifests/dockerhub/manifest-9.1.3.yaml
+++ b/manifests/dockerhub/manifest-9.1.3.yaml
@@ -12,17 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-image: ibmcom/mq:9.1.3.0-r2
+image: ibmcom/mq:9.1.3.0-r3
 manifests:
-  - image: ibmcom/mq:9.1.3.0-r2-amd64
+  - image: ibmcom/mq:9.1.3.0-r3-amd64
    platform:
      architecture: amd64
      os: linux
-  - image: ibmcom/mq:9.1.3.0-r2-ppc64le
+  - image: ibmcom/mq:9.1.3.0-r3-ppc64le
    platform:
      architecture: ppc64le
      os: linux
-  - image: ibmcom/mq:9.1.3.0-r2-s390x
+  - image: ibmcom/mq:9.1.3.0-r3-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.3.yaml
+++ b/manifests/dockerstore/manifest-9.1.3.yaml
@@ -12,17 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2
+image: ibmcom/mq:9.1.4.0-r1
 manifests:
-  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2-amd64
+  - image: ibmcom/mq:9.1.4.0-r1-amd64
    platform:
      architecture: amd64
      os: linux
-  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2-ppc64le
+  - image: ibmcom/mq:9.1.4.0-r1-ppc64le
    platform:
      architecture: ppc64le
      os: linux
-  - image: ibmcorp/mqadvanced-server-dev:9.1.3.0-r2-s390x
+  - image: ibmcom/mq:9.1.4.0-r1-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.1.yaml
+++ b/manifests/dockerstore/manifest-9.1.1.yaml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2018
+# © Copyright IBM Corporation 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,18 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-image: ibmcorp/mqadvanced-server-dev:9.1.1.0
+image: ibmcom/mq:9.1.5.0-r1
 manifests:
-  - image: ibmcorp/mqadvanced-server-dev:9.1.1.0-x86_64
+  - image: ibmcom/mq:9.1.5.0-r1-amd64
    platform:
      architecture: amd64
      os: linux
-  - image: ibmcorp/mqadvanced-server-dev:9.1.1.0-ppc64le
+  - image: ibmcom/mq:9.1.5.0-r1-ppc64le
    platform:
      architecture: ppc64le
      os: linux
-  - image: ibmcorp/mqadvanced-server-dev:9.1.1.0-s390x
+  - image: ibmcom/mq:9.1.5.0-r1-s390x
    platform:
      architecture: s390x
-      os: linux
+      os: linux
--- a/manifests/dockerhub/manifest-9.2.0.yaml
+++ b/manifests/dockerhub/manifest-9.2.0.yaml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2018
+# © Copyright IBM Corporation 2018, 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,18 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-image: ibmcorp/mqadvanced-server-dev:9.1.0.0
+image: ibmcom/mq:9.2.0.0-r1
 manifests:
-  - image: ibmcorp/mqadvanced-server-dev:9.1.0.0-x86_64
+  - image: ibmcom/mq:9.2.0.0-r1-amd64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.0.0-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.0.0-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerhub/manifest-latest.yaml
+++ b/manifests/dockerhub/manifest-latest.yaml
@@ -1,4 +1,4 @@
-# © Copyright IBM Corporation 2018, 2019
+# © Copyright IBM Corporation 2018, 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,15 +14,7 @@
 image: ibmcom/mq:latest
 manifests:
-  - image: ibmcom/mq:9.1.3.0-r2-amd64
+  - image: ibmcom/mq:9.2.0.0-r1-amd64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcom/mq:9.1.3.0-r2-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcom/mq:9.1.3.0-r2-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.2-UBI.yaml
+++ b/manifests/dockerstore/manifest-9.1.2-UBI.yaml
@@ -1,28 +0,0 @@
 # © Copyright IBM Corporation 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI
 manifests:
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI-amd64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-UBI-s390x
    platform:
      architecture: s390x
      os: linux
--- a/manifests/dockerstore/manifest-9.1.2.yaml
+++ b/manifests/dockerstore/manifest-9.1.2.yaml
@@ -1,29 +0,0 @@
 # © Copyright IBM Corporation 2018, 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 image: ibmcorp/mqadvanced-server-dev:9.1.2.0
 manifests:
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-x86_64
    platform:
      architecture: amd64
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-ppc64le
    platform:
      architecture: ppc64le
      os: linux
  - image: ibmcorp/mqadvanced-server-dev:9.1.2.0-s390x
    platform:
      architecture: s390x
      os: linux
--- a/mq-advanced-server-rhel/README.md
+++ b/mq-advanced-server-rhel/README.md
@@ -1,5 +0,0 @@
 # RHEL-based container build
 Build scripts for building a container image based on Red Hat Enterprise Linux (RHEL), using the [`buildah`](https://github.com/containers/buildah) tool.  buildah is supported on RHEL V7.5 and greater.
 WARNING: The code in this directory is not currently in use, pending deletion.  The MQ container is now built using a Red Hat UBI image, using "podman build".
--- a/mq-advanced-server-rhel/go-build.sh
+++ b/mq-advanced-server-rhel/go-build.sh
@@ -1,49 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Builds and tests the golang programs used by the MQ image.
 set -ex
 # Handle a GOPATH with multiple entries (just choose the first one)
 IFS=':' read -ra DIR <<< "$GOPATH"
 cd ${DIR[0]}/src/github.com/ibm-messaging/mq-container/
 # Build and test the Go code
 mkdir -p build
 cd build
 rm -f chkmqready chkmqhealthy runmqserver runmqdevserver
 if [ "$MQDEV" = "TRUE" ]; then 
    # Build and test the Go code
    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" --tags 'mqdev' ../cmd/runmqserver/
    go build ../cmd/runmqdevserver/
 else 
    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" ../cmd/runmqserver/
 fi
 go build ../cmd/chkmqready/
 go build ../cmd/chkmqhealthy/
 go test -v ../cmd/runmqserver/
 go test -v ../cmd/chkmqready/
 go test -v ../cmd/chkmqhealthy/
 if [ "$MQDEV" = "TRUE" ]; then 
    go test -v ../cmd/runmqdevserver
 fi
 go test -v ../internal/...
 go vet ../cmd/... ../internal/...
--- a/mq-advanced-server-rhel/go-buildah.sh
+++ b/mq-advanced-server-rhel/go-buildah.sh
@@ -1,49 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Run the Go build script inside the Go container, mounting the source
 # directory in
 function usage {
  echo "Usage: $0 TAG DevModeFlag"
  exit 20
 }
 if [ "$#" -ne 2 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly tag=$1
 readonly dev=$2
 IMAGE_REVISION=${IMAGE_REVISION:="Not Applicable"}
 IMAGE_SOURCE=${IMAGE_SOURCE:="Not Applicable"}
 # Run the build in a container
 # Note the ":Z" on the volume is to allow the container to access the files when SELinux is enabled
 # Note the "podman" network is used explicitly, to avoid problems other CNI networks (e.g. on an OpenShift node)
 podman run \
  --volume ${PWD}:/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/:Z \
  --env IMAGE_REVISION="$IMAGE_REVISION" \
  --env IMAGE_SOURCE="$IMAGE_SOURCE" \
  --env MQDEV=${dev} \
  --user $(id -u) \
  --rm \
  --network podman \
  ${tag} \
  bash -c "cd /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/ && ./mq-advanced-server-rhel/go-build.sh"
--- a/mq-advanced-server-rhel/install-mq-rhel.sh
+++ b/mq-advanced-server-rhel/install-mq-rhel.sh
@@ -1,88 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Install one or more MQ components into a buildah container
 set -ex
 function usage {
  echo "Usage: $0 MQContainer MountLocation ARCHIVENAME PACKAGES"
  exit 20
 }
 if [ "$#" -ne 4 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly ctr_mq=$1
 readonly mnt_mq=$2
 readonly archive=$3
 readonly mq_packages=$4
 readonly dir_extract=/tmp/extract
 readonly mqm_uid=888
 readonly mqm_gid=888
 if [ ! -d ${dir_extract}/MQServer ]; then
  mkdir -p ${dir_extract}
  echo Extracting $archive
  tar -zxf $archive -C ${dir_extract}
  echo Extracting finished
 fi
 # Accept the MQ license
 buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
 # Install MQ
 buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
 rm -rf ${dir_extract}/MQServer
 # Remove 32-bit libraries from 64-bit container
 find $mnt_mq/opt/mqm $mnt_mq/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 # Remove tar.gz files unpacked by RPM postinst scripts
 find $mnt_mq/opt/mqm -name '*.tar.gz' -delete
 # Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
 buildah run $ctr_mq -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
 mkdir -p $mnt_mq/run/runmqserver
 chown ${mqm_uid}:${mqm_gid} $mnt_mq/run/runmqserver
 # Remove the directory structure under /var/mqm which was created by the installer
 rm -rf $mnt_mq/var/mqm
 # Create the mount point for volumes, ensuring MQ has permissions to all directories
 mkdir -p $mnt_mq/mnt/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt/mqm/data
 # Create the directory for MQ configuration files
 mkdir -p /etc/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/etc/mqm
 # Create a symlink for /var/mqm -> /mnt/mqm/data
 buildah run --user root $ctr_mq -- ln -s /mnt/mqm/data /var/mqm
 # Optional: Set these values for the IBM Cloud Vulnerability Report
 sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $mnt_mq/etc/login.defs
 sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $mnt_mq/etc/login.defs
 sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $mnt_mq/etc/pam.d/password-auth
 buildah run $ctr_mq -- cp -rs /opt/mqm/licenses/ /
--- a/mq-advanced-server-rhel/mq-buildah.sh
+++ b/mq-advanced-server-rhel/mq-buildah.sh
@@ -1,173 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image, using the buildah tool
 set -x
 set -e
 function usage {
  echo "Usage: $0 ARCHIVE-NAME PACKAGES TAG VERSION MQDevFlag"
  exit 20
 }
 if [ "$#" -ne 5 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 # Use RHEL 7 minimal container (which doesn't include things like Python or Yum)
 readonly ctr_mq=$(buildah from rhel7-minimal)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq" ]
 then
  echo "ERROR: mnt_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly archive=downloads/$1
 readonly packages=$2
 readonly tag=$3
 readonly version=$4
 readonly mqdev=$5
 readonly mqm_uid=888
 readonly mqm_gid=888
 ###############################################################################
 # Install MQ server
 ###############################################################################
 microdnf_opts="--nodocs"
 # Check whether the host is registered with Red Hat
 if subscription-manager status ; then
  # Host is subscribed, but the minimal image has no enabled repos
  # Note that the "bc" package is the only one in "extras"
  microdnf_opts="${microdnf_opts} --enablerepo=rhel-7-server-rpms --enablerepo=rhel-7-server-extras-rpms"
 else
  # Use the Yum repositories configured on the host
  cp -R /etc/yum.repos.d/* ${mnt_mq}/etc/yum.repos.d/
 fi
 buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install \
  bash \
  bc \
  coreutils \
  file \
  findutils \
  gawk \
  glibc-common \
  grep \
  passwd \
  procps-ng \
  sed \
  shadow-utils \
  tar \
  util-linux \
  which
 # Install "sudo" if using MQ Advanced for Developers
 if [ "$mqdev" = "TRUE" ]; then
  buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install sudo
 fi
 # Clean up cached files
 buildah run ${ctr_mq} -- microdnf ${microdnf_opts} clean all
 rm -rf ${mnt_mq}/etc/yum.repos.d/*
 buildah run --user root $ctr_mq -- groupadd --system --gid ${mqm_gid} mqm
 buildah run --user root $ctr_mq -- useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm
 # Install MQ server packages into the MQ builder image
 ./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${archive}" "${packages}"
 # Create the directory for MQ configuration files
 mkdir -p ${mnt_mq}/etc/mqm
 chown ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm
 # Install the Go binaries into the image
 install --mode 0750 --owner ${mqm_uid} --group 0 ./build/runmqserver ${mnt_mq}/usr/local/bin/
 install --mode 6750 --owner ${mqm_uid} --group 0 ./build/chk* ${mnt_mq}/usr/local/bin/
 install --mode 0750 --owner ${mqm_uid} --group 0 ./NOTICES.txt ${mnt_mq}/opt/mqm/licenses/notices-container.txt
 install --directory --mode 0775 --owner ${mqm_uid} --group 0 ${mnt_mq}/run/runmqserver
 buildah run --user root $ctr_mq -- touch /run/termination-log
 buildah run --user root $ctr_mq -- chown mqm:root /run/termination-log
 buildah run --user root $ctr_mq -- chmod 0660 /run/termination-log
 # Copy in licenses from installed packages
 install --mode 0550 --owner root --group root ./mq-advanced-server-rhel/writePackages.sh ${mnt_mq}/usr/local/bin/writePackages
 buildah run --user root $ctr_mq -- /usr/local/bin/writePackages
 # Copy web XML files
 cp -R web ${mnt_mq}/etc/mqm/web
 # Make "mqm" the owner of all the config files
 chown --recursive ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm/*
 chmod --recursive 0750 ${mnt_mq}/etc/mqm/*
 ###############################################################################
 # Final Buildah commands
 ###############################################################################
 if [ "$mqdev" = "TRUE" ]; then
  OSTAG="mq messaging developer"
  DISNAME="IBM MQ Advanced Server Developer Edition"
  PID="98102d16795c4263ad9ca075190a2d4d"
 else
  OSTAG="mq messaging"
  DISNAME="IBM MQ Advanced Server"
  PID="4486e8c4cc9146fd9b3ce1f14a2dfc5b"
 fi
 buildah config \
  --port 1414/tcp \
  --port 9157/tcp \
  --port 9443/tcp \
  --os linux \
  --label architecture=amd64 \
  --label io.openshift.tags="$OSTAG" \
  --label io.k8s.display-name="$DISNAME" \
  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label name="${tag%:*}" \
  --label vendor="IBM" \
  --label version="$version" \
  --label release="1" \
  --label run="docker run -d -e LICENSE=accept --name ibm-mq ${tag%:*}" \
  --label summary="$DISNAME" \
  --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label IBM_PRODUCT_ID="$PID" \
  --label IBM_PRODUCT_NAME="$DISNAME" \
  --label IBM_PRODUCT_VERSION="$version" \
  --env AMQ_ADDITIONAL_JSON_LOG=1 \
  --env LANG=en_US.UTF-8 \
  --env LOG_FORMAT=basic \
  --entrypoint runmqserver \
  --user ${mqm_uid} \
  $ctr_mq
 buildah unmount $ctr_mq
 buildah commit $ctr_mq $tag
 buildah rm $ctr_mq
--- a/mq-advanced-server-rhel/mq-golang-sdk-buildah.sh
+++ b/mq-advanced-server-rhel/mq-golang-sdk-buildah.sh
@@ -1,65 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image for building Go programs which use MQ
 set -ex
 function usage {
  echo "Usage: $0 REDIST-ARCHIVE-NAME TAG"
  exit 20
 }
 if [ "$#" -ne 2 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly mq_redist_archive=downloads/$1
 readonly tag=$2
 # Use Red Hat's Go toolset image as the base
 readonly ctr_mq=$(buildah from devtools/go-toolset-7-rhel7)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq_go=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq_go" ]
 then
  echo "ERROR: mnt_mq_go is empty. Check above output for errors"
  exit 50
 fi
 # Install the MQ redistributable client (including header files) into the Go builder image
 mkdir -p ${mnt_mq_go}/opt/mqm
 tar -xzf ${mq_redist_archive} -C ${mnt_mq_go}/opt/mqm
 # Clean up Yum files
 rm -rf ${mnt_mq_go}/etc/yum.repos.d/*
 buildah unmount ${ctr_mq}
 # Set environment variables for MQ/Go compilation
 buildah config \
  --os linux \
  --env CGO_CFLAGS="-I/opt/mqm/inc/" \
  --env CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \
  ${ctr_mq}
 buildah commit ${ctr_mq} ${tag}
 buildah rm ${ctr_mq}
--- a/mq-advanced-server-rhel/mqdev-buildah.sh
+++ b/mq-advanced-server-rhel/mqdev-buildah.sh
@@ -1,121 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image of MQ Advanced for Developers, using the buildah tool
 set -x
 set -e
 function usage {
  echo "Usage: $0 BASETAG TAG VERSION"
  exit 20
 }
 if [ "$#" -ne 3 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 # Use a "scratch" container, so the resulting image has minimal files
 # Resulting image won't have yum, for example
 readonly basetag=$1
 readonly ctr_mq=$(buildah from $basetag)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq" ]
 then
  echo "ERROR: mnt_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly tag=$2
 readonly version=$3
 readonly mqm_uid=888
 readonly mqm_gid=888
 # WARNING: This is what allows the mqm user to change the password of any other user
 # It's used by runmqdevserver to change the admin/app passwords.
 echo "mqm    ALL = NOPASSWD: /usr/sbin/chpasswd" > $mnt_mq/etc/sudoers.d/mq-dev-config
 # Run these commands inside the container so that the SELinux context is handled correctly
 buildah run --user root $ctr_mq -- useradd --gid mqm admin
 buildah run --user root $ctr_mq -- groupadd --system mqclient
 buildah run --user root $ctr_mq -- useradd --gid mqclient app
 buildah run --user root $ctr_mq -- bash -c "echo admin:passw0rd | chpasswd"
 mkdir --parents $mnt_mq/run/runmqdevserver
 chown ${mqm_uid}:${mqm_gid} $mnt_mq/run/runmqdevserver
 # Copy runmqdevserver program
 install --mode 0750 --owner ${mqm_uid} --group ${mqm_gid} ./build/runmqdevserver ${mnt_mq}/usr/local/bin/
 install --directory --mode 0775 --owner ${mqm_uid} --group 0 ${mnt_mq}/run/runmqdevserver
 # Copy template files
 cp ./incubating/mqadvanced-server-dev/*.tpl ${mnt_mq}/etc/mqm/
 # Copy web XML files for default developer configuration
 cp -R incubating/mqadvanced-server-dev/web/ ${mnt_mq}/etc/mqm/web
 # Make "mqm" the owner of all the config files
 chown --recursive ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm/*
 chmod --recursive 0750 ${mnt_mq}/etc/mqm/*
 ###############################################################################
 # Final Buildah commands
 ###############################################################################
 buildah config \
  --port 1414/tcp \
  --port 9157/tcp \
  --port 9443/tcp \
  --os linux \
  --label architecture=amd64 \
  --label io.openshift.tags="mq messaging developer" \
  --label io.k8s.display-name="IBM MQ Advanced Server Developer Edition" \
  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label name="${tag%:*}" \
  --label vendor="IBM" \
  --label version="$version" \
  --label release="1" \
  --label run="docker run -d -e LICENSE=accept --name ibm-mq-dev ${tag%:*}" \
  --label summary="IBM MQ Advanced Server Developer Edition" \
  --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label IBM_PRODUCT_ID="98102d16795c4263ad9ca075190a2d4d" \
  --label IBM_PRODUCT_NAME="IBM MQ Advanced Server Developer Edition" \
  --label IBM_PRODUCT_VERSION="$version" \
  --env AMQ_ADDITIONAL_JSON_LOG=1 \
  --env LANG=en_US.UTF-8 \
  --env LOG_FORMAT=basic \
  --env MQ_ADMIN_PASSWORD=passw0rd \
  --env MQ_DEV=true \
  --entrypoint runmqdevserver \
  --user ${mqm_uid} \
  $ctr_mq
 buildah unmount $ctr_mq
 buildah commit $ctr_mq $tag
 buildah rm $ctr_mq
--- a/internal/containerruntimelogger/logruntime.go
+++ b/internal/containerruntimelogger/logruntime.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2019
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -22,8 +22,8 @@ import (
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/containerruntime"
 	"github.com/ibm-messaging/mq-container/internal/logger"
 	"github.com/ibm-messaging/mq-container/internal/user"
 	"github.com/ibm-messaging/mq-container/pkg/logger"
 )
 // LogContainerDetails logs details about the container runtime
@@ -45,11 +45,14 @@ func LogContainerDetails(log *logger.Logger) error {
 		log.Printf("Base image: %v", bi)
 	}
 	u, err := user.GetUser()
 	if err != nil {
 		log.Printf("Error: %v\nUser:\n  uid: %v\n  gid: %v\n  supGid: %v", err, u.UID, u.PrimaryGID, u.SupplementalGID)
 	}
 	if err == nil {
 		if len(u.SupplementalGID) == 0 {
-			log.Printf("Running as user ID %v (%v) with primary group %v", u.UID, u.Name, u.PrimaryGID)
+			log.Printf("Running as user ID %v with primary group %v", u.UID, u.PrimaryGID)
 		} else {
-			log.Printf("Running as user ID %v (%v) with primary group %v, and supplementary groups %v", u.UID, u.Name, u.PrimaryGID, strings.Join(u.SupplementalGID, ","))
+			log.Printf("Running as user ID %v with primary group %v, and supplementary groups %v", u.UID, u.PrimaryGID, strings.Trim(strings.Join(strings.Fields(fmt.Sprint(u.SupplementalGID)), ","), "[]"))
 		}
 	}
 	caps, err := containerruntime.GetCapabilities()
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
--- a/internal/logger/logger_test.go
+++ b/internal/logger/logger_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2018
+© Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/internal/mqini/dspmqinf1.txt
+++ b/internal/mqini/dspmqinf1.txt
--- a/internal/mqini/dspmqinf2.txt
+++ b/internal/mqini/dspmqinf2.txt
--- a/internal/mqini/dspmqinf3.txt
+++ b/internal/mqini/dspmqinf3.txt
--- a/pkg/mqini/mqini.go
+++ b/pkg/mqini/mqini.go
@@ -0,0 +1,92 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 // Package mqini provides information about queue managers
 package mqini
 import (
 	"bufio"
 	"errors"
 	"os"
 	"path/filepath"
 	"strings"
 	"github.com/ibm-messaging/mq-container/internal/command"
 )
 // QueueManager describe high-level configuration information for a queue manager
 type QueueManager struct {
 	Name             string
 	Prefix           string
 	Directory        string
 	DataPath         string
 	InstallationName string
 }
 // getQueueManagerFromStanza parses a queue manager stanza
 func getQueueManagerFromStanza(stanza string) (*QueueManager, error) {
 	scanner := bufio.NewScanner(strings.NewReader(stanza))
 	qm := QueueManager{}
 	for scanner.Scan() {
 		l := scanner.Text()
 		l = strings.TrimSpace(l)
 		t := strings.Split(l, "=")
 		switch t[0] {
 		case "Name":
 			qm.Name = t[1]
 		case "Prefix":
 			qm.Prefix = t[1]
 		case "Directory":
 			qm.Directory = t[1]
 		case "DataPath":
 			qm.DataPath = t[1]
 		case "InstallationName":
 			qm.InstallationName = t[1]
 		}
 	}
 	return &qm, scanner.Err()
 }
 // GetQueueManager returns queue manager configuration information
 func GetQueueManager(name string) (*QueueManager, error) {
 	_, err := os.Stat("/var/mqm/mqs.ini")
 	if err != nil {
 		// Don't run dspmqinf, which will generate an FDC if mqs.ini isn't there yet
 		return nil, errors.New("dspmqinf should not be run before crtmqdir")
 	}
 	// dspmqinf essentially returns a subset of mqs.ini, but it's simpler to parse
 	out, _, err := command.Run("dspmqinf", "-o", "stanza", name)
 	if err != nil {
 		return nil, err
 	}
 	return getQueueManagerFromStanza(out)
 }
 // GetErrorLogDirectory returns the directory holding the error logs for the
 // specified queue manager
 func GetErrorLogDirectory(qm *QueueManager) string {
 	return filepath.Join(GetDataDirectory(qm), "errors")
 }
 // GetDataDirectory returns the data directory for the specified queue manager
 func GetDataDirectory(qm *QueueManager) string {
 	if qm.DataPath != "" {
 		// Data path has been set explicitly (e.g. for multi-instance queue manager)
 		return qm.DataPath
 	} else {
 		return filepath.Join(qm.Prefix, "qmgrs", qm.Directory)
 	}
 }
--- a/pkg/mqini/mqini_test.go
+++ b/pkg/mqini/mqini_test.go
@@ -0,0 +1,64 @@
 /*
 © Copyright IBM Corporation 2018, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package mqini
 import (
 	"io/ioutil"
 	"testing"
 )
 var getQueueManagerTests = []struct {
 	file        string
 	name        string
 	prefix      string
 	directory   string
 	errorLogDir string
 }{
 	{"dspmqinf1.txt", "foo", "/var/mqm", "foo", "/var/mqm/qmgrs/foo/errors"},
 	{"dspmqinf2.txt", "a/b", "/var/mqm", "a&b", "/var/mqm/qmgrs/a&b/errors"},
 	{"dspmqinf3.txt", "..", "/var/mqm", "!!", "/var/mqm/qmgrs/!!/errors"},
 }
 func TestGetQueueManager(t *testing.T) {
 	for _, table := range getQueueManagerTests {
 		t.Run(table.file, func(t *testing.T) {
 			b, err := ioutil.ReadFile(table.file)
 			if err != nil {
 				t.Fatal(err)
 			}
 			qm, err := getQueueManagerFromStanza(string(b))
 			if err != nil {
 				t.Fatal(err)
 			}
 			t.Logf("%#v", qm)
 			if qm.Name != table.name {
 				t.Errorf("Expected name=%v; got %v", table.name, qm.Name)
 			}
 			if qm.Prefix != table.prefix {
 				t.Errorf("Expected prefix=%v; got %v", table.prefix, qm.Prefix)
 			}
 			if qm.Directory != table.directory {
 				t.Errorf("Expected directory=%v; got %v", table.directory, qm.Directory)
 			}
 			// Test
 			d := GetErrorLogDirectory(qm)
 			if d != table.errorLogDir {
 				t.Errorf("Expected error log directory=%v; got %v", table.errorLogDir, d)
 			}
 		})
 	}
 }
--- a/internal/name/name.go
+++ b/internal/name/name.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017
+© Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/internal/name/name_test.go
+++ b/internal/name/name_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017
+© Copyright IBM Corporation 2017, 2019
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/test-image/20-config.mqsc
+++ b/test-image/20-config.mqsc
@@ -1,19 +0,0 @@
 * © Copyright IBM Corporation 2017
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 DEFINE CHANNEL(PASSWORD.SVRCONN) CHLTYPE(SVRCONN) REPLACE
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allow privileged users on this channel')
 SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('BackStop rule')
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
 ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
--- a/test-image/30-security.mqsc
+++ b/test-image/30-security.mqsc
@@ -1,15 +0,0 @@
 * © Copyright IBM Corporation 2017
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 REFRESH SECURITY TYPE(CONNAUTH)
--- a/test/docker/devconfig_test.go
+++ b/test/docker/devconfig_test.go
@@ -81,8 +81,6 @@ func TestDevSecure(t *testing.T) {
 			"LICENSE=accept",
 			"MQ_QMGR_NAME=" + qm,
 			"MQ_APP_PASSWORD=" + appPassword,
 			"MQ_TLS_KEYSTORE=/var/tls/server.p12",
 			"MQ_TLS_PASSPHRASE=" + tlsPassPhrase,
 			"DEBUG=1",
 		},
 		Image: imageName(),
@@ -90,7 +88,7 @@ func TestDevSecure(t *testing.T) {
 	hostConfig := container.HostConfig{
 		Binds: []string{
 			coverageBind(t),
-			tlsDir(t, false) + ":/var/tls",
+			tlsDir(t, false) + ":/etc/mqm/pki/keys/default",
 		},
 		// Assign a random port for the web server on the host
 		// TODO: Don't do this for all tests
@@ -145,7 +143,7 @@ func TestDevWebDisabled(t *testing.T) {
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	t.Run("Web", func(t *testing.T) {
-		_, dspmqweb := execContainer(t, cli, id, "mqm", []string{"dspmqweb"})
+		_, dspmqweb := execContainer(t, cli, id, "", []string{"dspmqweb"})
 		if !strings.Contains(dspmqweb, "Server mqweb is not running.") && !strings.Contains(dspmqweb, "MQWB1125I") {
 			t.Errorf("Expected dspmqweb to say 'Server is not running' or 'MQWB1125I'; got \"%v\"", dspmqweb)
 		}
@@ -176,7 +174,7 @@ func TestDevConfigDisabled(t *testing.T) {
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	waitForWebReady(t, cli, id, insecureTLSConfig)
-	rc, _ := execContainer(t, cli, id, "mqm", []string{"bash", "-c", "echo 'display qlocal(DEV*)' | runmqsc"})
+	rc, _ := execContainer(t, cli, id, "", []string{"bash", "-c", "echo 'display qlocal(DEV*)' | runmqsc"})
 	if rc == 0 {
 		t.Errorf("Expected DEV queues to be missing")
 	}
--- a/test/docker/devconfig_test_util.go
+++ b/test/docker/devconfig_test_util.go
@@ -82,7 +82,7 @@ func tlsDir(t *testing.T, unixPath bool) string {
 // runJMSTests runs a container with a JMS client, which connects to the queue manager container with the specified ID
 func runJMSTests(t *testing.T, cli *client.Client, ID string, tls bool, user, password string) {
 	containerConfig := container.Config{
-		// -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_KEYSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest
+		// -e MQ_PORT_1414_TCP_ADDR=9.145.14.173 -e MQ_USERNAME=app -e MQ_PASSWORD=passw0rd -e MQ_CHANNEL=DEV.APP.SVRCONN -e MQ_TLS_TRUSTSTORE=/tls/test.p12 -e MQ_TLS_PASSPHRASE=passw0rd -v /Users/arthurbarr/go/src/github.com/ibm-messaging/mq-container/test/tls:/tls msgtest
 		Env: []string{
 			"MQ_PORT_1414_TCP_ADDR=" + getIPAddress(t, cli, ID),
 			"MQ_USERNAME=" + user,
--- a/test/docker/docker_api_test.go
+++ b/test/docker/docker_api_test.go
@@ -75,6 +75,29 @@ func TestLicenseView(t *testing.T) {
 	}
 }
 //Start a container with qm grace set to x seconds
 //Check that when the container is stopped that the command endmqm has option -tp and x
 func TestEndMQMOpts(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	containerConfig := container.Config{
 		Env: []string{"LICENSE=accept", "MQ_GRACE_PERIOD=27"},
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	killContainer(t, cli, id, "SIGTERM")
 	_, out := execContainer(t, cli, id, "", []string{"bash", "-c", "ps -ef | grep 'endmqm -w -r -tp 27'"})
 	t.Log(out)
 	if !strings.Contains(out, "endmqm -w -r -tp 27") {
 		t.Errorf("Expected endmqm options endmqm -w -r -tp 27; got \"%v\"", out)
 	}
 }
 // TestGoldenPath starts a queue manager successfully when metrics are enabled
 func TestGoldenPathWithMetrics(t *testing.T) {
 	t.Parallel()
@@ -159,7 +182,7 @@ func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName stri
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
-	_, out := execContainer(t, cli, id, "mqm", []string{"dspmq"})
+	_, out := execContainer(t, cli, id, "", []string{"dspmq"})
 	if !strings.Contains(out, search) {
 		t.Errorf("Expected result of running dspmq to contain name=%v, got name=%v", search, out)
 	}
@@ -391,9 +414,7 @@ func TestCreateQueueManagerFail(t *testing.T) {
 		FROM %v
 		USER root
 		RUN echo '#!/bin/bash\nexit 999' > /opt/mqm/bin/crtmqm
-		RUN chown mqm:mqm /opt/mqm/bin/crtmqm
+		USER 1001`, imageName())},
 		RUN chmod 6550 /opt/mqm/bin/crtmqm
 		USER mqm`, imageName())},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
@@ -426,9 +447,7 @@ func TestStartQueueManagerFail(t *testing.T) {
 		FROM %v
 		USER root
 		RUN echo '#!/bin/bash\ndltmqm $@ && strmqm $@' > /opt/mqm/bin/strmqm
-		RUN chown mqm:mqm /opt/mqm/bin/strmqm
+		USER 1001`, imageName())},
 		RUN chmod 6550 /opt/mqm/bin/strmqm
 		USER mqm`, imageName())},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
@@ -487,12 +506,12 @@ func TestVolumeUnmount(t *testing.T) {
 		t.Fatalf("Expected umount to work with rc=0, got %v. Output was: %s", rc, out)
 	}
 	time.Sleep(3 * time.Second)
-	rc, _ = execContainer(t, cli, ctr.ID, "mqm", []string{"chkmqhealthy"})
+	rc, _ = execContainer(t, cli, ctr.ID, "", []string{"chkmqhealthy"})
 	if rc == 0 {
 		t.Errorf("Expected chkmqhealthy to fail")
-		_, df := execContainer(t, cli, ctr.ID, "mqm", []string{"df"})
+		_, df := execContainer(t, cli, ctr.ID, "", []string{"df"})
 		t.Logf(df)
-		_, ps := execContainer(t, cli, ctr.ID, "mqm", []string{"ps", "-ef"})
+		_, ps := execContainer(t, cli, ctr.ID, "", []string{"ps", "-ef"})
 		t.Logf(ps)
 	}
 }
@@ -518,14 +537,14 @@ func TestZombies(t *testing.T) {
 	waitForReady(t, cli, id)
 	// Kill an MQ process with children.  After it is killed, its children
 	// will be adopted by PID 1, and should then be reaped when they die.
-	_, out := execContainer(t, cli, id, "mqm", []string{"pkill", "--signal", "kill", "-c", "amqzxma0"})
+	_, out := execContainer(t, cli, id, "", []string{"pkill", "--signal", "kill", "-c", "amqzxma0"})
 	if out == "0" {
 		t.Log("Failed to kill process 'amqzxma0'")
-		_, out := execContainer(t, cli, id, "root", []string{"ps", "-lA"})
+		_, out := execContainer(t, cli, id, "", []string{"ps", "-lA"})
 		t.Fatalf("Here is a list of currently running processes:\n%s", out)
 	}
 	time.Sleep(3 * time.Second)
-	_, out = execContainer(t, cli, id, "mqm", []string{"bash", "-c", "ps -lA | grep '^. Z'"})
+	_, out = execContainer(t, cli, id, "", []string{"bash", "-c", "ps -lA | grep '^. Z'"})
 	if out != "" {
 		count := strings.Count(out, "\n") + 1
 		t.Errorf("Expected zombies=0, got %v", count)
@@ -552,7 +571,7 @@ func TestMQSC(t *testing.T) {
 		  RUN rm -f /etc/mqm/*.mqsc
 		  ADD test.mqsc /etc/mqm/
 		  RUN chmod 0660 /etc/mqm/test.mqsc
-		  USER mqm`, imageName())},
+		  USER 1001`, imageName())},
 		{"test.mqsc", "DEFINE QLOCAL(test)"},
 	}
 	tag := createImage(t, cli, files)
@@ -565,7 +584,16 @@ func TestMQSC(t *testing.T) {
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
-	rc, mqscOutput := execContainer(t, cli, id, "mqm", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test)' | runmqsc"})
+
 	rc := -1
 	mqscOutput := ""
 	for i := 0; i < 60; i++ {
 		rc, mqscOutput = execContainer(t, cli, id, "", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test)' | runmqsc"})
 		if rc == 0 {
 			return
 		}
 		time.Sleep(1 * time.Second)
 	}
 	if rc != 0 {
 		r := regexp.MustCompile("AMQ[0-9][0-9][0-9][0-9]E")
 		t.Fatalf("Expected runmqsc to exit with rc=0, got %v with error %v", rc, r.FindString(mqscOutput))
@@ -595,7 +623,7 @@ func TestLargeMQSC(t *testing.T) {
          RUN rm -f /etc/mqm/*.mqsc
          ADD test.mqsc /etc/mqm/
          RUN chmod 0660 /etc/mqm/test.mqsc
-          USER mqm`, imageName())},
+          USER 1001`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
@@ -609,7 +637,15 @@ func TestLargeMQSC(t *testing.T) {
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
-	rc, mqscOutput := execContainer(t, cli, id, "mqm", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test" + strconv.Itoa(numQueues) + ")' | runmqsc"})
+	rc := -1
 	mqscOutput := ""
 	for i := 0; i < 60; i++ {
 		rc, mqscOutput = execContainer(t, cli, id, "", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test" + strconv.Itoa(numQueues) + ")' | runmqsc"})
 		if rc == 0 {
 			return
 		}
 		time.Sleep(1 * time.Second)
 	}
 	if rc != 0 {
 		r := regexp.MustCompile("AMQ[0-9][0-9][0-9][0-9]E")
 		t.Fatalf("Expected runmqsc to exit with rc=0, got %v with error %v", rc, r.FindString(mqscOutput))
@@ -667,7 +703,7 @@ func TestRedactValidMQSC(t *testing.T) {
 		  RUN rm -f /etc/mqm/*.mqsc
 		  ADD test.mqsc /etc/mqm/
 		  RUN chmod 0660 /etc/mqm/test.mqsc
-		  USER mqm`, imageName())},
+		  USER 1001`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
@@ -739,7 +775,7 @@ func TestRedactInvalidMQSC(t *testing.T) {
 		  RUN rm -f /etc/mqm/*.mqsc
 		  ADD test.mqsc /etc/mqm/
 		  RUN chmod 0660 /etc/mqm/test.mqsc
-		  USER mqm`, imageName())},
+		  USER 1001`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
@@ -785,7 +821,7 @@ func TestInvalidMQSC(t *testing.T) {
 		RUN rm -f /etc/mqm/*.mqsc
 		ADD mqscTest.mqsc /etc/mqm/
 		RUN chmod 0660 /etc/mqm/mqscTest.mqsc
-		USER mqm`, imageName())},
+		USER 1001`, imageName())},
 		{"mqscTest.mqsc", "DEFINE INVALIDLISTENER('TEST.LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) REPLACE"},
 	}
 	tag := createImage(t, cli, files)
@@ -804,6 +840,187 @@ func TestInvalidMQSC(t *testing.T) {
 	expectTerminationMessage(t, cli, id)
 }
 func TestSimpleMQIniMerge(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	var files = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
 		FROM %v
 		USER root
 		ADD test1.ini /etc/mqm/
 		RUN chmod 0660 /etc/mqm/test1.ini
 		USER 1001`, imageName())},
 		{"test1.ini",
 			"Log:\n   LogSecondaryFiles=28"},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
 	containerConfig := container.Config{
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 		Image: tag,
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	catIniFileCommand := fmt.Sprintf("cat /var/mqm/qmgrs/qm1/qm.ini")
 	_, test := execContainer(t, cli, id, "", []string{"bash", "-c", catIniFileCommand})
 	merged := strings.Contains(test, "LogSecondaryFiles=28")
 	if !merged {
 		t.Error("ERROR: The Files are not merged correctly")
 	}
 }
 func TestMultipleIniMerge(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	var files = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
 		FROM %v
 		USER root
 		ADD test1.ini /etc/mqm/
 		ADD test2.ini /etc/mqm/
 		ADD test3.ini /etc/mqm/
 		RUN chmod 0660 /etc/mqm/test1.ini
 		RUN chmod 0660 /etc/mqm/test2.ini
 		RUN chmod 0660 /etc/mqm/test3.ini
 		USER 1001`, imageName())},
 		{"test1.ini",
 			"Log:\n LogSecondaryFiles=28"},
 		{"test2.ini",
 			"Log:\n LogSecondaryFiles=28"},
 		{"test3.ini",
 			"ApplicationTrace:\n   ApplName=amqsact*\n   Trace=OFF"},
 	}
 	tag := createImage(t, cli, files)
 	defer deleteImage(t, cli, tag)
 	containerConfig := container.Config{
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 		Image: tag,
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	catIniFileCommand := fmt.Sprintf("cat /var/mqm/qmgrs/qm1/qm.ini")
 	_, test := execContainer(t, cli, id, "", []string{"bash", "-c", catIniFileCommand})
 	//checks that no duplicates are created by adding 2 ini files with the same line
 	numberOfDuplicates := strings.Count(test, "LogSecondaryFiles=28")
 	newStanza := strings.Contains(test, "ApplicationTrace:\n   ApplName=amqsact*")
 	if (numberOfDuplicates > 1) || !newStanza {
 		t.Error("ERROR: The Files are not merged correctly")
 	}
 }
 func TestMQIniMergeOnTheSameVolumeButTwoContainers(t *testing.T) {
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	var filesFirstContainer = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
 		FROM %v
 		USER root
 		ADD test1.ini /etc/mqm/
 		RUN chmod 0660 /etc/mqm/test1.ini
 		USER 1001`, imageName())},
 		{"test1.ini",
 			"ApplicationTrace:\n   ApplName=amqsact*\n   Trace=OFF"},
 	}
 	firstImage := createImage(t, cli, filesFirstContainer)
 	defer deleteImage(t, cli, firstImage)
 	vol := createVolume(t, cli, t.Name())
 	defer removeVolume(t, cli, vol.Name)
 	containerConfig := container.Config{
 		Image: firstImage,
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 	}
 	hostConfig := container.HostConfig{
 		Binds: []string{
 			coverageBind(t),
 			vol.Name + ":/mnt/mqm",
 		},
 	}
 	networkingConfig := network.NetworkingConfig{}
 	ctr1, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, t.Name())
 	if err != nil {
 		t.Fatal(err)
 	}
 	startContainer(t, cli, ctr1.ID)
 	waitForReady(t, cli, ctr1.ID)
 	catIniFileCommand := fmt.Sprintf("cat /var/mqm/qmgrs/qm1/qm.ini")
 	_, test := execContainer(t, cli, ctr1.ID, "", []string{"bash", "-c", catIniFileCommand})
 	addedStanza := strings.Contains(test, "ApplicationTrace:\n   ApplName=amqsact*\n   Trace=OFF")
 	if addedStanza != true {
 		t.Error("ERROR: The Files are not merged correctly")
 	}
 	// Delete the first container
 	cleanContainer(t, cli, ctr1.ID)
 	var filesSecondContainer = []struct {
 		Name, Body string
 	}{
 		{"Dockerfile", fmt.Sprintf(`
 		FROM %v
 		USER root
 		ADD test1.ini /etc/mqm/
 		RUN chmod 0660 /etc/mqm/test1.ini
 		USER 1001`, imageName())},
 		{"test1.ini",
 			"Log:\n   LogFilePages=5000"},
 	}
 	secondImage := createImage(t, cli, filesSecondContainer)
 	defer deleteImage(t, cli, secondImage)
 	containerConfig2 := container.Config{
 		Image: secondImage,
 		Env:   []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"},
 	}
 	ctr2, err := cli.ContainerCreate(context.Background(), &containerConfig2, &hostConfig, &networkingConfig, t.Name())
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer cleanContainer(t, cli, ctr2.ID)
 	startContainer(t, cli, ctr2.ID)
 	waitForReady(t, cli, ctr2.ID)
 	_, test2 := execContainer(t, cli, ctr2.ID, "", []string{"bash", "-c", catIniFileCommand})
 	changedStanza := strings.Contains(test2, "LogFilePages=5000")
 	//check if stanza that was merged in the first container doesnt exist in this one.
 	firstMergedStanza := strings.Contains(test2, "ApplicationTrace:\n   ApplName=amqsact*\n   Trace=OFF")
 	if !changedStanza || firstMergedStanza {
 		t.Error("ERROR: The Files are not merged correctly after removing first container")
 	}
 }
 // TestReadiness creates a new image with large amounts of MQSC in, to
 // ensure that the readiness check doesn't pass until configuration has finished.
 // WARNING: This test is sensitive to the speed of the machine it's running on.
@@ -828,7 +1045,7 @@ func TestReadiness(t *testing.T) {
 		RUN rm -f /etc/mqm/*.mqsc
 		ADD test.mqsc /etc/mqm/
 		RUN chmod 0660 /etc/mqm/test.mqsc
-		USER mqm`, imageName())},
+		USER 1001`, imageName())},
 		{"test.mqsc", buf.String()},
 	}
 	tag := createImage(t, cli, files)
@@ -841,20 +1058,27 @@ func TestReadiness(t *testing.T) {
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	queueCheckCommand := fmt.Sprintf("echo 'DISPLAY QLOCAL(test%v)' | runmqsc", numQueues)
-	_, mqsc := execContainer(t, cli, id, "root", []string{"cat", "/etc/mqm/test.mqsc"})
+	_, mqsc := execContainer(t, cli, id, "", []string{"cat", "/etc/mqm/test.mqsc"})
 	t.Log(mqsc)
 	for {
-		readyRC, _ := execContainer(t, cli, id, "mqm", []string{"chkmqready"})
+		readyRC, _ := execContainer(t, cli, id, "", []string{"chkmqready"})
 		queueCheckRC, queueCheckOut := execContainer(t, cli, id, "mqm", []string{"bash", "-c", queueCheckCommand})
 		t.Logf("readyRC=%v,queueCheckRC=%v\n", readyRC, queueCheckRC)
 		if readyRC == 0 {
 			queueCheckRC := -1
 			queueCheckOut := ""
 			for i := 1; i < 60; i++ {
 				queueCheckRC, queueCheckOut = execContainer(t, cli, id, "", []string{"bash", "-c", queueCheckCommand})
 				t.Logf("readyRC=%v,queueCheckRC=%v\n", readyRC, queueCheckRC)
 				if queueCheckRC == 0 {
 					break
 				}
 				time.Sleep(1 * time.Second)
 			}
 			if queueCheckRC != 0 {
 				r := regexp.MustCompile("AMQ[0-9][0-9][0-9][0-9]E")
 				t.Fatalf("Runmqsc returned %v with error %v. chkmqready returned %v when MQSC had not finished", queueCheckRC, r.FindString(queueCheckOut), readyRC)
 			} else {
 				// chkmqready says OK, and the last queue exists, so return
-				_, runmqsc := execContainer(t, cli, id, "root", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test1)' | runmqsc"})
+				_, runmqsc := execContainer(t, cli, id, "", []string{"bash", "-c", "echo 'DISPLAY QLOCAL(test1)' | runmqsc"})
 				t.Log(runmqsc)
 				return
 			}
@@ -903,7 +1127,7 @@ func TestErrorLogRotation(t *testing.T) {
 	for {
 		execContainer(t, cli, id, "fred", []string{"bash", "-c", "/opt/mqm/samp/bin/amqsput FAKE"})
-		_, atoiStr := execContainer(t, cli, id, "mqm", []string{"bash", "-c", "wc -c < " + filepath.Join(dir, "AMQERR02.json")})
+		_, atoiStr := execContainer(t, cli, id, "", []string{"bash", "-c", "wc -c < " + filepath.Join(dir, "AMQERR02.json")})
 		amqerr02size, _ := strconv.Atoi(atoiStr)
 		if amqerr02size > 0 {
@@ -911,7 +1135,7 @@ func TestErrorLogRotation(t *testing.T) {
 			break
 		}
 	}
-	_, out := execContainer(t, cli, id, "root", []string{"ls", "-l", dir})
+	_, out := execContainer(t, cli, id, "", []string{"ls", "-l", dir})
 	t.Log(out)
 	stopContainer(t, cli, id)
 	b := copyFromContainer(t, cli, id, filepath.Join(dir, "AMQERR01.json"))
@@ -1055,7 +1279,7 @@ func TestCorrectLicense(t *testing.T) {
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
-	rc, license := execContainer(t, cli, id, "mqm", []string{"dspmqver", "-f", "8192", "-b"})
+	rc, license := execContainer(t, cli, id, "", []string{"dspmqver", "-f", "8192", "-b"})
 	if rc != 0 {
 		t.Fatalf("Failed to get license string. RC=%d. Output=%s", rc, license)
 	}
@@ -1185,3 +1409,27 @@ func TestVersioning(t *testing.T) {
 	}
 }
 func TestTraceStrmqm(t *testing.T) {
 	t.Parallel()
 	cli, err := client.NewEnvClient()
 	if err != nil {
 		t.Fatal(err)
 	}
 	containerConfig := container.Config{
 		Env: []string{
 			"LICENSE=accept",
 			"MQ_ENABLE_TRACE_STRMQM=1",
 		},
 	}
 	id := runContainer(t, cli, &containerConfig)
 	defer cleanContainer(t, cli, id)
 	waitForReady(t, cli, id)
 	rc, _ := execContainer(t, cli, id, "", []string{"bash", "-c", "ls -A /var/mqm/trace | grep .TRC"})
 	if rc != 0 {
 		t.Fatalf("No trace files found in trace directory /var/mqm/trace. RC=%d.", rc)
 	}
 }
--- a/test/docker/docker_api_test_util.go
+++ b/test/docker/docker_api_test_util.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2017, 2019
+© Copyright IBM Corporation 2017, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
 	"math/rand"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -259,6 +260,13 @@ func cleanContainer(t *testing.T, cli *client.Client, ID string) {
 	}
 }
 func generateRandomUID() string {
 	rand.Seed(time.Now().UnixNano())
 	min := 1000
 	max := 9999
 	return fmt.Sprint(rand.Intn(max-min) + min)
 }
 // runContainerWithPorts creates and starts a container, exposing the specified ports on the host.
 // If no image is specified in the container config, then the image name is retrieved from the TEST_IMAGE
 // environment variable.
@@ -266,9 +274,9 @@ func runContainerWithPorts(t *testing.T, cli *client.Client, containerConfig *co
 	if containerConfig.Image == "" {
 		containerConfig.Image = imageName()
 	}
-	// Always run as the "mqm" user, unless the test has specified otherwise
+	// Always run as a random user, unless the test has specified otherwise
 	if containerConfig.User == "" {
-		containerConfig.User = "mqm"
+		containerConfig.User = generateRandomUID()
 	}
 	// if coverage
 	containerConfig.Env = append(containerConfig.Env, "COVERAGE_FILE="+t.Name()+".cov")
@@ -281,15 +289,9 @@ func runContainerWithPorts(t *testing.T, cli *client.Client, containerConfig *co
 		CapDrop: []string{
 			"ALL",
 		},
 		Privileged: false,
 	}
 	if devImage(t, cli) {
 		t.Logf("Detected MQ Advanced for Developers image — adding extra Linux capabilities to container")
 		hostConfig.CapAdd = []string{
 			"CHOWN",
 			"SETUID",
 			"SETGID",
 			"AUDIT_WRITE",
 		}
 		// Only needed for a RHEL-based image
 		if baseImage(t, cli) != "ubuntu" {
 			hostConfig.CapAdd = append(hostConfig.CapAdd, "DAC_OVERRIDE")
@@ -380,6 +382,78 @@ func runContainerOneShotWithVolume(t *testing.T, cli *client.Client, bind string
 	return rc, out
 }
 func startMultiVolumeQueueManager(t *testing.T, cli *client.Client, dataVol bool, qmsharedlogs string, qmshareddata string, env []string) (error, string, string) {
 	id := strconv.FormatInt(time.Now().UnixNano(), 10)
 	qmdata := createVolume(t, cli, id)
 	containerConfig := container.Config{
 		Image: imageName(),
 		Env:   env,
 	}
 	var hostConfig container.HostConfig
 	if !dataVol {
 		hostConfig = container.HostConfig{}
 	} else if qmsharedlogs == "" && qmshareddata == "" {
 		hostConfig = getHostConfig(t, 1, "", "", qmdata.Name)
 	} else if qmsharedlogs == "" {
 		hostConfig = getHostConfig(t, 2, "", qmshareddata, qmdata.Name)
 	} else if qmshareddata == "" {
 		hostConfig = getHostConfig(t, 3, qmsharedlogs, "", qmdata.Name)
 	} else {
 		hostConfig = getHostConfig(t, 4, qmsharedlogs, qmshareddata, qmdata.Name)
 	}
 	networkingConfig := network.NetworkingConfig{}
 	qm, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, t.Name()+id)
 	if err != nil {
 		return err, "", ""
 	}
 	startContainer(t, cli, qm.ID)
 	return nil, qm.ID, qmdata.Name
 }
 func getHostConfig(t *testing.T, mounts int, qmsharedlogs string, qmshareddata string, qmdata string) container.HostConfig {
 	var hostConfig container.HostConfig
 	switch mounts {
 	case 1:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 			},
 		}
 	case 2:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmshareddata + ":/mnt/mqm-data",
 			},
 		}
 	case 3:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmsharedlogs + ":/mnt/mqm-log",
 			},
 		}
 	case 4:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmsharedlogs + ":/mnt/mqm-log",
 				qmshareddata + ":/mnt/mqm-data",
 			},
 		}
 	}
 	return hostConfig
 }
 func startContainer(t *testing.T, cli *client.Client, ID string) {
 	t.Logf("Starting container: %v", ID)
 	startOptions := types.ContainerStartOptions{}
@@ -520,13 +594,15 @@ func execContainer(t *testing.T, cli *client.Client, ID string, user string, cmd
 }
 func waitForReady(t *testing.T, cli *client.Client, ID string) {
 	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
 	defer cancel()
 	for {
 		select {
 		case <-time.After(1 * time.Second):
-			rc, _ := execContainer(t, cli, ID, "mqm", []string{"chkmqready"})
+			rc, _ := execContainer(t, cli, ID, "", []string{"chkmqready"})
 			if rc == 0 {
 				t.Log("MQ is ready")
 				return
--- a/test/docker/mq_multi_instance_test.go
+++ b/test/docker/mq_multi_instance_test.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2019
+© Copyright IBM Corporation 2019, 2020
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/test/docker/mq_multi_instance_test_util.go
+++ b/test/docker/mq_multi_instance_test_util.go
@@ -19,13 +19,10 @@ import (
 	"context"
 	"fmt"
 	"regexp"
 	"strconv"
 	"strings"
 	"testing"
 	"time"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 )
@@ -65,78 +62,6 @@ func singleMultiInstanceQueueManager(t *testing.T, cli *client.Client, qmsharedl
 	qmsChannel <- QMChan{QMId: qmId, QMData: qmData}
 }
 func getHostConfig(t *testing.T, mounts int, qmsharedlogs string, qmshareddata string, qmdata string) container.HostConfig {
 	var hostConfig container.HostConfig
 	switch mounts {
 	case 1:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 			},
 		}
 	case 2:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmshareddata + ":/mnt/mqm-data",
 			},
 		}
 	case 3:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmsharedlogs + ":/mnt/mqm-log",
 			},
 		}
 	case 4:
 		hostConfig = container.HostConfig{
 			Binds: []string{
 				coverageBind(t),
 				qmdata + ":/mnt/mqm",
 				qmsharedlogs + ":/mnt/mqm-log",
 				qmshareddata + ":/mnt/mqm-data",
 			},
 		}
 	}
 	return hostConfig
 }
 func startMultiVolumeQueueManager(t *testing.T, cli *client.Client, dataVol bool, qmsharedlogs string, qmshareddata string, env []string) (error, string, string) {
 	id := strconv.FormatInt(time.Now().UnixNano(), 10)
 	qmdata := createVolume(t, cli, id)
 	containerConfig := container.Config{
 		Image: imageName(),
 		Env:   env,
 	}
 	var hostConfig container.HostConfig
 	if !dataVol {
 		hostConfig = container.HostConfig{}
 	} else if qmsharedlogs == "" && qmshareddata == "" {
 		hostConfig = getHostConfig(t, 1, "", "", qmdata.Name)
 	} else if qmsharedlogs == "" {
 		hostConfig = getHostConfig(t, 2, "", qmshareddata, qmdata.Name)
 	} else if qmshareddata == "" {
 		hostConfig = getHostConfig(t, 3, qmsharedlogs, "", qmdata.Name)
 	} else {
 		hostConfig = getHostConfig(t, 4, qmsharedlogs, qmshareddata, qmdata.Name)
 	}
 	networkingConfig := network.NetworkingConfig{}
 	qm, err := cli.ContainerCreate(context.Background(), &containerConfig, &hostConfig, &networkingConfig, t.Name()+id)
 	if err != nil {
 		return err, "", ""
 	}
 	startContainer(t, cli, qm.ID)
 	return nil, qm.ID, qmdata.Name
 }
 func getActiveStandbyQueueManager(t *testing.T, cli *client.Client, qm1aId string, qm1bId string) (error, string, string) {
 	qm1aStatus := getQueueManagerStatus(t, cli, qm1aId, "QM1")
 	qm1bStatus := getQueueManagerStatus(t, cli, qm1bId, "QM1")
@@ -151,7 +76,7 @@ func getActiveStandbyQueueManager(t *testing.T, cli *client.Client, qm1aId strin
 }
 func getQueueManagerStatus(t *testing.T, cli *client.Client, containerID string, queueManagerName string) string {
-	_, dspmqOut := execContainer(t, cli, containerID, "mqm", []string{"bash", "-c", "dspmq", "-m", queueManagerName})
+	_, dspmqOut := execContainer(t, cli, containerID, "", []string{"bash", "-c", "dspmq", "-m", queueManagerName})
 	regex := regexp.MustCompile(`STATUS\(.*\)`)
 	status := regex.FindString(dspmqOut)
 	status = strings.TrimSuffix(strings.TrimPrefix(status, "STATUS("), ")")
--- a/test/docker/mqmetric_test.go
+++ b/test/docker/mqmetric_test.go
@@ -286,12 +286,12 @@ func TestQMRestart(t *testing.T) {
 	// Restart just the QM (to simulate a lost connection)
 	t.Log("Stopping queue manager\n")
-	rc, out := execContainer(t, cli, id, "mqm", []string{"endmqm", "-w", "-r", defaultMetricQMName})
+	rc, out := execContainer(t, cli, id, "", []string{"endmqm", "-w", "-r", defaultMetricQMName})
 	if rc != 0 {
 		t.Fatalf("Failed to stop the queue manager. rc=%d, err=%s", rc, out)
 	}
 	t.Log("starting queue manager\n")
-	rc, out = execContainer(t, cli, id, "mqm", []string{"strmqm", defaultMetricQMName})
+	rc, out = execContainer(t, cli, id, "", []string{"strmqm", defaultMetricQMName})
 	if rc != 0 {
 		t.Fatalf("Failed to start the queue manager. rc=%d, err=%s", rc, out)
 	}
--- a/test/messaging/.gitignore
+++ b/test/messaging/.gitignore
@@ -1,5 +1,6 @@
 .classpath
 .gradle
 *.class
 .project
 .settings
 bin
--- a/test/messaging/pom.xml
+++ b/test/messaging/pom.xml
@@ -26,25 +26,25 @@ limitations under the License.
    <dependency>
      <groupId>com.ibm.mq</groupId>
      <artifactId>com.ibm.mq.allclient</artifactId>
-      <version>9.0.5.0</version>
+      <version>9.1.3.0</version>
      <scope>compile</scope>
    </dependency>
    <dependency>
      <groupId>org.junit.jupiter</groupId>
      <artifactId>junit-jupiter-api</artifactId>
-      <version>5.3.2</version>
+      <version>5.5.2</version>
      <scope>compile</scope>
    </dependency>
    <dependency>
      <groupId>org.junit.jupiter</groupId>
      <artifactId>junit-jupiter-engine</artifactId>
-      <version>5.3.2</version>
+      <version>5.5.2</version>
      <scope>runtime</scope>
    </dependency>
    <dependency>
      <groupId>org.junit.platform</groupId>
      <artifactId>junit-platform-console-standalone</artifactId>
-      <version>1.3.2</version>
+      <version>1.5.2</version>
      <scope>runtime</scope>
    </dependency>
  </dependencies>
--- a/travis-build-scripts/build.sh
+++ b/travis-build-scripts/build.sh
@@ -0,0 +1,31 @@
 #!/bin/bash
 # © Copyright IBM Corporation 2019, 2020
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -e
 echo 'Building Developer JMS test image...' && echo -en 'travis_fold:start:build-devjmstest\\r'
 make build-devjmstest
 echo -en 'travis_fold:end:build-devjmstest\\r'
 echo 'Building Developer image...' && echo -en 'travis_fold:start:build-devserver\\r'
 make build-devserver
 echo -en 'travis_fold:end:build-devserver\\r'
 if [ "$BUILD_ALL" = true ] ; then
    if [[ "$ARCH" = "amd64" || "$ARCH" = "s390x" ]] ; then
        echo 'Building Production image...' && echo -en 'travis_fold:start:build-advancedserver\\r'
        make build-advancedserver
        echo -en 'travis_fold:end:build-advancedserver\\r'
    fi
 fi
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Luke J Powlett	9f5982d9a8	MQ container 9.2.0.0-r2	2020-09-28 10:49:36 +01:00
Luke Powlett	0627588121	Updated to latest UBI version	2020-09-28 10:49:36 +01:00
Luke Powlett	a3ef263487	Updated to go 1.13.15, switched to community goloang image	2020-09-28 10:49:36 +01:00
KIRAN DARBHA	fc0da7352b	addressing review comments	2020-09-28 10:49:36 +01:00
KIRAN DARBHA	9dc80316ad	fat-manifest updates	2020-09-28 10:49:36 +01:00
KIRAN DARBHA	6dd60349fe	fat-manifest updates fat-manifest updates fat-manifest updates Making create-manifest-list.sh executable fixing travis failure fixing fat-manifests fat-manifest fat-manifest fat-manifest updates fat-manifests fat-manifest updates manifest-list updates fat-manifest updating fat-manifests fat-manifests	2020-09-28 10:49:36 +01:00
KIRAN DARBHA	fda918db20	addressing review comments	2020-09-28 10:49:36 +01:00
KIRAN DARBHA	7c89606782	adding zlinux-support	2020-09-28 10:49:36 +01:00
KIRAN DARBHA	666b23e7f0	adding zlinux-support	2020-09-28 10:49:36 +01:00
Thomas-Apter	7a1d39e303	Changed testming.md to use make advancedserver	2020-09-28 10:49:36 +01:00
Thomas-Apter	ba40b6d220	Create advancedserver make target, and update docs to use 'make advancedserver'	2020-09-28 10:49:36 +01:00
Thomas-Apter	39508186c8	Changed 'ran' to 'run'	2020-09-28 10:49:36 +01:00
Thomas-Apter	372f2e4a36	Reformatted testing.md and adding required step make build-devjmstest to Docker tests instructions	2020-09-28 10:49:36 +01:00
Luke Powlett	cd69f6287f	MQ 9.2 doc updates	2020-07-28 12:34:19 +01:00
Luke Powlett	7dee4c82aa	Updated go-toolset version	2020-07-16 09:55:20 +01:00
Luke Powlett	dc4675b99a	Fix for MQ 9.2 installation name env var	2020-07-16 09:55:20 +01:00
Luke Powlett	ba493cbeb3	Updated licenses for 9.2, UBI version	2020-07-16 09:55:20 +01:00
VENKATA KIRAN KUMAR DARBHA	872050a2cd	Merge pull request #96 from mq-cloudpak/9.2MQAdvDevImage adding mqadv developer edition driver download location	2020-07-08 18:29:38 +05:30
KIRAN DARBHA	4737a8b660	adding mqadv developer edition driver download location	2020-07-08 11:16:42 +05:30
Stephen D Marshall	9b81aedd9a	Mqsc (#95 ) * Change to using MQSC option on crtmqm * Fix docker tests * Remove function configureQueueManager	2020-07-06 14:43:14 +01:00
Luke Powlett	c64c6fe95d	Updated change log	2020-06-30 09:50:55 +01:00
Luke Powlett	a53fb7f49a	Removed custom OAM patch	2020-06-30 09:50:55 +01:00
Luke Powlett	d95e44f57c	Added 9.2 dockerhub fat manifest	2020-06-30 09:50:55 +01:00
Luke Powlett	4b19af1dfe	Updated to MQ v9.2.0	2020-06-30 09:50:55 +01:00
Arthur Barr	b4949aaf4f	Append inserts to mirrored error log messages	2020-06-29 09:51:35 +01:00
Luke Powlett	b9d48aa980	Updated release process for operators	2020-05-27 11:05:28 +01:00
Amrit Kandola	59baa97e91	Updated UBI Image and Go ToolSet	2020-05-26 12:19:55 +01:00
Lewis Weedon	394cb56ba0	Peer review changes	2020-05-12 15:48:46 +01:00
Lewis Weedon	62a2d6ef96	Dockerfile in shellscript changes	2020-05-12 15:48:46 +01:00
Nicholas J Daffern	dcfebc38bd	Merge pull request #85 from mq-cloudpak/webserverFix Change to allow webserver to start	2020-04-30 17:56:14 +01:00
Nicholas-Daffern	1ffc598064	Change to allow webserver to start	2020-04-30 16:15:43 +01:00
Lewis Weedon	fee0eac14c	Change to dockerfile-server to add maintainer label	2020-04-28 10:53:24 +01:00
Luke Powlett	c56e305aec	Override libedit load to suppress failing load in UBI8	2020-03-30 18:13:52 +01:00
Luke Powlett	1bb39bc9fd	Re-enable multi-arch dev build/release	2020-03-30 10:45:01 +01:00
Stephen D Marshall	c8de2df2cf	Sdm qmgrauth (#81 ) Implement htpassword changes	2020-03-27 10:09:41 +00:00
Luke Powlett	7f14cc2751	Added SGID to all MQ directories for crtmqdir warning	2020-03-26 15:45:53 +00:00
Luke Powlett	35293e1b46	Build 9.1.5 production image only until developer auth complete	2020-03-24 12:54:58 +00:00
Luke J Powlett	d2bc7b2adc	Build a custom MQ package as part of build process	2020-03-24 12:54:58 +00:00
Luke Powlett	f3777a499b	Updated to MQ 9.1.5 license	2020-03-24 12:54:58 +00:00
Luke Powlett	f491d23d3b	Updated MQ_ARCHIVE names in line with updated MQ 9.1.5.0 naming	2020-03-24 12:54:58 +00:00
Luke Powlett	d4c3fad8c5	Updated runmqdevserver to remove web console config, added group write perms to /etc/mqm/web	2020-03-24 12:54:58 +00:00
Luke J Powlett	d9c8fc5c78	Only build/release P/Z platforms for developer image	2020-03-24 12:54:58 +00:00
Luke J Powlett	c1cbb62ee1	Always print file diagnostics before/after crtmqdir if DEBUG=true	2020-03-24 12:54:58 +00:00
Luke J Powlett	2fae0e2258	Fixed user information logging	2020-03-24 12:54:58 +00:00
Luke J Powlett	c9bac5b544	MQ 9.1.5 image changes (#62 ) * Upgraded to MQ 9.1.5, upgraded to unzippable install, run as random UID (1001 by default) * Updated docker tests for MQ 915 random UID * Added warning to crtmqdir for 10 rc, added trace option to crtmqdir * Removed dev users from dockerfile	2020-03-24 12:54:58 +00:00
Luke Powlett	1a7a9236b7	Update to latest UBI version	2020-03-20 10:26:22 +00:00
Stephen D Marshall	6d69355ab9	Tls fix (#74 ) * Fix issue with TLS	2020-03-19 12:26:13 +00:00
Luke J Powlett	49b4660360	Updated to latest UBI8/go-toolset versions (#63 ) * Updated to latest UBI8/go-toolset versions	2020-03-03 10:02:23 +00:00
Stephen Marshall	ea38c9cd5c	Remove seLinuxOption spc_t from README	2020-02-28 16:49:25 +00:00
Luke J Powlett	3ebd64f4da	Added ibm- prefix to default image name (#60 ) * Added ibm- prefix to default image name	2020-02-20 15:27:40 +00:00
Amrit K Kandola	5e23d979d2	Remove credential helper from Z due to bionic (#59 ) * Temporarily remove credential helper from Z build due to bionic issue	2020-02-20 14:19:17 +00:00
Amrit K Kandola	b64f8e8c21	Added credential helper (#51 ) * Added credential helper script * make build only for amd64 and z/os	2020-01-22 16:15:57 +00:00
Nicholas-Daffern	2cbad648b9	Renamed environement variable to MQ_GRACE_PERIOD	2020-01-16 11:17:33 +00:00
Nicholas-Daffern	88bcaaecc3	Added endMQM options and tests	2020-01-16 11:17:33 +00:00
Paras Mamgain	176a023a99	Merge pull request #56 from mq-cloudpak/PM-removing_references_of_old_authorization removing MQ_WEB_ADMIN_USER vairable	2020-01-13 09:49:05 +05:30
Paras Mamgain	7f7883a312	Merge branch 'private-master' into PM-removing_references_of_old_authorization	2020-01-13 09:01:33 +05:30
mamgainp	84ea13eef2	removing dist from travis yaml file	2020-01-13 09:00:45 +05:30
Luke J Powlett	4cab3e8d3b	Added enable trace option to strmqm, Temporarily removing dist tag as not supported by power build (#57 ) * Added enable trace option to strmqm * Temporarily removing dist tag as not supported by power build	2020-01-10 10:03:32 +00:00
mamgainp	98ddca52ca	removing invalid comment	2020-01-09 15:58:20 +05:30
mamgainp	3ba37b2b2b	undo some changes mqwebauth	2020-01-09 11:44:02 +05:30
mamgainp	b4a3d7d732	removing MQ_WEB_ADMIN_USER vairable	2020-01-08 12:23:31 +05:30
mamgainp	3d5317f3da	removing MQ_WEB_ADMIN_USER vairable	2020-01-08 11:06:31 +05:30
mamgainp	5891f170c8	removing MQ_WEB_ADMIN_USER vairable	2020-01-08 10:29:09 +05:30
Luke Powlett	f94d1b8af5	Removed docker store manifests/release process	2020-01-07 09:44:55 +00:00
Stephen Marshall	956b4a8e49	Refactor TLS code	2020-01-06 10:12:58 +00:00
Luke Powlett	ce184408df	Fixed makefile gosec info bug	2019-12-23 09:45:34 +00:00
Amrit K Kandola	140db42675	Added docker tests to test the new crtmqm -ii option (#50 ) * Added docker tests to test the new crtmqm -ii option, removed the old ini merging code * Fixed issues with docket tests for ctrqmq -ii * Removed unneeded logging	2019-12-12 10:56:27 +00:00
Luke J Powlett	28b723d6cf	Release changes for dockerhub/store (#48 ) * Release changes for dockerhub/store	2019-12-11 11:52:43 +00:00
Luke J Powlett	61c909f551	Override default makefile image name and tag for release (#46 ) * Override default makefile image name and tag for release	2019-12-05 18:31:02 +00:00
Luke J Powlett	ffda647cdf	Fixed docker images labels (#45 )	2019-12-05 16:07:11 +00:00
Luke Powlett	5897d6a644	Update the license information in the readme	2019-12-05 11:44:33 +00:00
Luke J Powlett	34f7a57c5d	Pipeline changes for travis release (#43 ) * Added changes for travis release process * Renamed build scripts directory * Don't run basic build if tag is set * Pull production images from staging on production-release	2019-12-04 19:45:57 +00:00
Luke Powlett	5b5951ec3c	Changed sed for password minlen replacement due to change in UBI8	2019-12-04 10:18:23 +00:00
Amrit K Kandola	b20761cea0	Removed error code logic and replaced with library function (#39 ) * Removed error code logic and replaced with library function * Added the gosecignore comment to prevent gosec failing	2019-12-03 16:13:36 +00:00
Amrit K Kandola	5449622d2a	Remove developer listener and remove actions to stop and alter system listener (#41 )	2019-12-03 16:13:00 +00:00
Luke J Powlett	dd31fb37c3	Changes for MQ 9.1.4.0 (#37 ) * Changes for MQ 9.1.4.0 * Only run p and z builds for production build	2019-12-03 15:58:02 +00:00
Stephen Marshall	2e453f2257	Fix web certificate for dev image	2019-12-03 15:24:05 +00:00
Luke J Powlett	1f4528d597	Pipeline changes for Entitled Registry (#38 ) * Added makefile targets/variables to pull mq archive from remote * Updated makefile and travis build for multi arch dev/prod builds * Updated build deps to use arch specific dep * Removed glide for dependency management * Removed `MQ_SDK_ARCHIVE` download target * Make ARCH overridable in makefile * Only run golden path test on Power and Z builds * Only run gosec on amd64 build * Increased go to 1.12 in travis	2019-12-03 13:16:30 +00:00
Amrit Kandola	c83aeb17c0	Updated toolset	2019-11-28 11:30:27 +00:00
Amrit K Kandola	5a18280057	Updated UBI to UBI8 (#35 ) * Updated UBI to UBI8 * Updated the README to include the redhat login * Updated to use non-deprecated registry * Added sed filter into docker file to remove ubi7 * Added automatic login into the makefile based on env variables, also removed nodocs from mq-explorer * Minor typo fix	2019-11-27 09:32:38 +00:00
Amrit K Kandola	8e380b94f4	Closes #242 - update jmstests to use latest version (#33 ) * Closes #242 - update jmstests to use latest version * added class files to git ignore	2019-10-23 15:59:04 +01:00
Stephen Marshall	ebe8b7a6f0	Add required security settings when creating self-signed certificates	2019-10-21 13:13:00 +01:00
Stephen Marshall	ed4466d934	Remove iFrame support, now using header-as-a-service	2019-10-17 17:31:09 +01:00
Luke Powlett	37601187b2	Removed release from makefile, will be set on internal build only	2019-10-11 10:48:20 +01:00
Luke Powlett	366d406f57	Updated manifest for r3 fix release	2019-10-03 15:06:41 +01:00
Arthur Barr	68ad98fc49	Enable INI merging	2019-09-30 14:37:40 +01:00
Luke Powlett	65edac267e	Removed ARGs for go-toolset	2019-09-27 13:20:04 +01:00
Arthur Barr	ad0046ab01	Fix gosec for writeFileIfChanged	2019-09-26 16:47:48 +01:00
Arthur Barr	c3fbc5816e	Only write INI file if changed	2019-09-26 16:47:48 +01:00
Luke Powlett	11890d887b	Added args for go toolset image and tag, fixed issue with logger	2019-09-23 17:08:40 +01:00
Arthur Barr	ac50d46c78	Don't call INI merging code	2019-09-19 11:03:40 +01:00
Arthur Barr	de298a4aad	Don't run dspmqinf before crtmqdir	2019-09-19 09:29:04 +01:00
KIRAN DARBHA	4de32ab8d2	fix for double merge issue update unit-test data fix gosec fix gosec fix gosec	2019-09-18 16:36:47 +01:00
Arthur Barr	8505579b37	Move some packages to pkg directory	2019-09-17 11:08:42 +01:00
Luke Powlett	7c59d647f5	Added gosec scan to end of travis build, upgraded travis go to v1.11	2019-09-12 16:17:50 +01:00
Luke Powlett	8d8e4e4403	error handling and gosec fixes	2019-09-10 15:22:46 +01:00
Stephen Marshall	52b4eeea32	Fix MIQM	2019-08-30 11:44:45 +01:00
Rob Parker	28291306cb	set CipherSpec to ANY_TLS12 and refresh security (#362 )	2019-08-29 11:58:51 +01:00
Luke Powlett	4da7c60aee	Update to UBI 7.7-98	2019-08-29 11:58:51 +01:00
Arthur Barr	1ae24263ad	Temporarily remove Docker 1.12 test in Travis	2019-08-29 11:58:51 +01:00
Arthur Barr	d6248424a1	Use podman build if available	2019-08-29 11:58:51 +01:00
Luke Powlett	455c67ad3d	increment release in makefile	2019-08-29 11:58:51 +01:00
		`@@ -0,0 +1,2 @@`
							`admin:$2y$05$M/C1U62RZ6q1kv4E7.S7ueNESJmFe85RsZcoMUReRXUDB8QcP3yqS`
							`app:$2y$05$BnbPtcjXTjk5JRJ8gzHqIuHgoQbLF3qtbPV3Q3tLyr0XJNg.7dkxW`
		`@@ -0,0 +1 @@`
							`guest:$2y$05$ifFP0nCmFed6.m4iB9CHRuHFps2YeeuwopmOvszWt0GRnN59p8qxW`