Set SHELL env var in launcher if unset to avoid issues in Code's shell detection

[amisevsk]

What does this PR do?

If the SHELL environment variable is unset when running the Code launcher, set it:

• If we detect that bash is installed, to /bin/bash
• Otherwise, fallback to setting it to /bin/sh

This is necessary due to shell-detection logic within Code itself, which will fallback to parsing /etc/passwd when SHELL is not set (see [1]). When running on e.g. OpenShift with a normal container, cri-o will add an /etc/passwd entry for the current user with /sbin/nologin, which results the terminal failing to launch.

What issues does this PR fix?

Closes eclipse-che/che#22524

How to test this PR?

Changes from this PR are built into quay.io/amisevsk/che-code:dev via the following Dockerfile:

FROM registry.access.redhat.com/ubi8/nodejs-18:1-71 as launcher-builder

USER root

COPY . /checode-launcher
WORKDIR /checode-launcher

RUN npm install -g yarn@1.22.17

RUN yarn \
    && mkdir /test-launcher \
    && cp -r out/src/*.js /test-launcher \
    && chgrp -R 0 /test-launcher && chmod -R g+rwX /test-launcher

FROM quay.io/che-incubator/che-code:next
COPY --from=launcher-builder --chown=0:0 /test-launcher /checode-linux-libc/launcher

To test the changes on an existing workspace, edit the DevWorkspace yaml on the cluster, updating the .spec.contributions field:

  spec:
    contributions:
      - name: editor
        kubernetes:
          name: che-code-java-maven
+       components:
+         - container:
+             image: 'quay.io/amisevsk/che-code:dev'
+           name: che-code-injector

(This will use quay.io/amisevsk/che-code:dev in place of the default injector image)

We should verify three cases before merging:

1. Samples that do not set the SHELL environment variable have It is not possible to start a terminal when workspace started from a devfile from the registry.devfile.io eclipse-che/che#22524 resolved.
   • To make this easier (since links to raw devfiles in registry.devfile.io do not seem to work in Che), you should be able to use the raw link on this gist and paste it into the dashboard: https://gist.github.com/amisevsk/c4ffd5185d81420be2d8e73cc1db9d45 (taken from https://registry.devfile.io/viewer/devfiles/community/java-maven), then update the DevWorkspace as above
2. It's still possible to override the shell by setting the SHELL env var in the devfile or container
3. Default Che samples are unimpacted

[github-actions]

Click here to review and test in web IDE:

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[l0rd]

What about checking if the user shell (in /etc/passwd) is /sbin/nologin or not? If cri-o hasn't patched /etc/passwd (i.e. containerd is the container runtime) there may be a valid shell for current user anyway.

Beyond that I have tested the PR using image quay.io/che-incubator-pull-requests/che-code:pr-284-amd64 and the quarkus devfile from registry.devfile.io and the problem got solved 🎉 . I had an unrelated problem though and I have filed a separate issue.

[amisevsk]

This is probably a good idea -- I didn't initially do it since I was trying to keep it simple (since IIRC the default UDI image sets SHELL) but better safe than sorry :)

[amisevsk]

Updated the PR now. If /etc/passwd contains anything other than /sbin/nologin, we no longer override it by setting SHELL if it's not already set.

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[amisevsk]

@vitaliy-guliy @l0rd Updated this PR after Mario's suggestion, please take a look before I merge.

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64

[devstudio-release]

Build 3.10 :: code_3.x/959: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: sync-to-downstream_3.x/4970: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: get-sources-rhpkg-container-build_3.x/4794: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: get-sources-rhpkg-container-build_3.x/4794:

code : 3.x ::
; copied to quay

[github-actions]

Pull Request images published ✨
image: quay.io/che-incubator-pull-requests/che-code:pr-284-amd64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-284-dev-amd64