Skip to content

Commit

Permalink
Merge pull request #1335 from mathbunnyru/asalikhov/unify_bash_variables
Browse files Browse the repository at this point in the history
Unify bash variables usage and add quotes where needed
  • Loading branch information
mathbunnyru authored Jun 7, 2021
2 parents 04fe694 + 7642ba8 commit 396024a
Show file tree
Hide file tree
Showing 26 changed files with 185 additions and 185 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ JupyterLab, where `hostname` is the name of the computer running docker and `tok
token printed in the console. Docker destroys the container after notebook server exit, but any
files written to `~/work` in the container remain intact on the host.

docker run --rm -p 10000:8888 -e JUPYTER_ENABLE_LAB=yes -v "$PWD":/home/jovyan/work jupyter/datascience-notebook:33add21fab64
docker run --rm -p 10000:8888 -e JUPYTER_ENABLE_LAB=yes -v "${PWD}":/home/jovyan/work jupyter/datascience-notebook:33add21fab64

## Contributing

Expand Down
2 changes: 1 addition & 1 deletion all-spark-notebook/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ RUN apt-get update --yes && \
gcc && \
apt-get clean && rm -rf /var/lib/apt/lists/*

USER $NB_UID
USER ${NB_UID}

# R packages including IRKernel which gets installed globally.
RUN conda install --quiet --yes \
Expand Down
36 changes: 18 additions & 18 deletions base-notebook/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -60,14 +60,14 @@ RUN apt-get update --yes && \
# Configure environment
ENV CONDA_DIR=/opt/conda \
SHELL=/bin/bash \
NB_USER=$NB_USER \
NB_UID=$NB_UID \
NB_GID=$NB_GID \
NB_USER="${NB_USER}" \
NB_UID=${NB_UID} \
NB_GID=${NB_GID} \
LC_ALL=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LANGUAGE=en_US.UTF-8
ENV PATH=$CONDA_DIR/bin:$PATH \
HOME=/home/$NB_USER \
ENV PATH="${CONDA_DIR}/bin:${PATH}" \
HOME="/home/${NB_USER}" \
CONDA_VERSION="${conda_version}" \
MINIFORGE_VERSION="${miniforge_version}"

Expand All @@ -86,18 +86,18 @@ RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashr
RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
useradd -l -m -s /bin/bash -N -u $NB_UID $NB_USER && \
mkdir -p $CONDA_DIR && \
chown $NB_USER:$NB_GID $CONDA_DIR && \
useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
mkdir -p "${CONDA_DIR}" && \
chown "${NB_USER}:${NB_GID}" "${CONDA_DIR}" && \
chmod g+w /etc/passwd && \
fix-permissions "${HOME}" && \
fix-permissions "${CONDA_DIR}"

USER $NB_UID
USER ${NB_UID}
ARG PYTHON_VERSION=default

# Setup work directory for backward-compatibility
RUN mkdir "/home/$NB_USER/work" && \
RUN mkdir "/home/${NB_USER}/work" && \
fix-permissions "/home/${NB_USER}"

# Install conda as jovyan and check the sha256 sum provided on the download site
Expand All @@ -106,20 +106,20 @@ WORKDIR /tmp
# Prerequisites installation: conda, mamba, pip, tini
RUN wget --quiet "https://github.com/conda-forge/miniforge/releases/download/${miniforge_version}/${miniforge_installer}" && \
echo "${miniforge_checksum} *${miniforge_installer}" | sha256sum --check && \
/bin/bash "${miniforge_installer}" -f -b -p $CONDA_DIR && \
/bin/bash "${miniforge_installer}" -f -b -p "${CONDA_DIR}" && \
rm "${miniforge_installer}" && \
# Conda configuration see https://conda.io/projects/conda/en/latest/configuration.html
echo "conda ${CONDA_VERSION}" >> $CONDA_DIR/conda-meta/pinned && \
echo "conda ${CONDA_VERSION}" >> "${CONDA_DIR}/conda-meta/pinned" && \
conda config --system --set auto_update_conda false && \
conda config --system --set show_channel_urls true && \
if [ ! $PYTHON_VERSION = 'default' ]; then conda install --yes python=$PYTHON_VERSION; fi && \
conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> $CONDA_DIR/conda-meta/pinned && \
if [[ "${PYTHON_VERSION}" != "default" ]]; then conda install --yes python="${PYTHON_VERSION}"; fi && \
conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> "${CONDA_DIR}/conda-meta/pinned" && \
conda install --quiet --yes \
"conda=${CONDA_VERSION}" \
'pip' && \
conda update --all --quiet --yes && \
conda clean --all -f -y && \
rm -rf /home/$NB_USER/.cache/yarn && \
rm -rf "/home/${NB_USER}/.cache/yarn" && \
fix-permissions "${CONDA_DIR}" && \
fix-permissions "/home/${NB_USER}"

Expand All @@ -137,7 +137,7 @@ RUN conda install --quiet --yes \
npm cache clean --force && \
jupyter notebook --generate-config && \
jupyter lab clean && \
rm -rf /home/$NB_USER/.cache/yarn && \
rm -rf "/home/${NB_USER}/.cache/yarn" && \
fix-permissions "${CONDA_DIR}" && \
fix-permissions "/home/${NB_USER}"

Expand All @@ -161,6 +161,6 @@ RUN sed -re "s/c.NotebookApp/c.ServerApp/g" \
fix-permissions /etc/jupyter/

# Switch back to jovyan to avoid accidental container runs as root
USER $NB_UID
USER ${NB_UID}

WORKDIR $HOME
WORKDIR "${HOME}"
8 changes: 4 additions & 4 deletions base-notebook/fix-permissions
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# set permissions on a directory
# after any installation, if a directory needs to be (human) user-writable,
# run this script on it.
# It will make everything in the directory owned by the group $NB_GID
# It will make everything in the directory owned by the group ${NB_GID}
# and writable by that group.
# Deployments that want to set a specific user id can preserve permissions
# by adding the `--group-add users` line to `docker run`.
Expand All @@ -11,22 +11,22 @@
# which would cause massive image explosion

# right permissions are:
# group=$NB_GID
# group=${NB_GID}
# AND permissions include group rwX (directory-execute)
# AND directories have setuid,setgid bits set

set -e

for d in "$@"; do
find "$d" \
find "${d}" \
! \( \
-group "${NB_GID}" \
-a -perm -g+rwX \
\) \
-exec chgrp "${NB_GID}" {} \; \
-exec chmod g+rwX {} \;
# setuid, setgid *on directories only*
find "$d" \
find "${d}" \
\( \
-type d \
-a ! -perm -6000 \
Expand Down
4 changes: 2 additions & 2 deletions base-notebook/start-notebook.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ if [[ -n "${JUPYTERHUB_API_TOKEN}" ]]; then
exec /usr/local/bin/start-singleuser.sh "$@"
elif [[ -n "${JUPYTER_ENABLE_LAB}" ]]; then
# shellcheck disable=SC1091
. /usr/local/bin/start.sh $wrapper jupyter lab "$@"
. /usr/local/bin/start.sh ${wrapper} jupyter lab "$@"
else
echo "WARN: Jupyter Notebook deprecation notice https://github.com/jupyter/docker-stacks#jupyter-notebook-deprecation-notice."
# shellcheck disable=SC1091
. /usr/local/bin/start.sh $wrapper jupyter notebook "$@"
. /usr/local/bin/start.sh ${wrapper} jupyter notebook "$@"
fi
34 changes: 17 additions & 17 deletions base-notebook/start-singleuser.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,37 +5,37 @@
set -e

# set default ip to 0.0.0.0
if [[ "$NOTEBOOK_ARGS $*" != *"--ip="* ]]; then
NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS"
if [[ "${NOTEBOOK_ARGS} $*" != *"--ip="* ]]; then
NOTEBOOK_ARGS="--ip=0.0.0.0 ${NOTEBOOK_ARGS}"
fi

# handle some deprecated environment variables
# from DockerSpawner < 0.8.
# These won't be passed from DockerSpawner 0.9,
# so avoid specifying --arg=empty-string
if [ -n "$NOTEBOOK_DIR" ]; then
if [ -n "${NOTEBOOK_DIR}" ]; then
# shellcheck disable=SC2089
NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS"
NOTEBOOK_ARGS="--notebook-dir='${NOTEBOOK_DIR}' ${NOTEBOOK_ARGS}"
fi
if [ -n "$JPY_PORT" ]; then
NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS"
if [ -n "${JPY_PORT}" ]; then
NOTEBOOK_ARGS="--port=${JPY_PORT} ${NOTEBOOK_ARGS}"
fi
if [ -n "$JPY_USER" ]; then
NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS"
if [ -n "${JPY_USER}" ]; then
NOTEBOOK_ARGS="--user=${JPY_USER} ${NOTEBOOK_ARGS}"
fi
if [ -n "$JPY_COOKIE_NAME" ]; then
NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS"
if [ -n "${JPY_COOKIE_NAME}" ]; then
NOTEBOOK_ARGS="--cookie-name=${JPY_COOKIE_NAME} ${NOTEBOOK_ARGS}"
fi
if [ -n "$JPY_BASE_URL" ]; then
NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS"
if [ -n "${JPY_BASE_URL}" ]; then
NOTEBOOK_ARGS="--base-url=${JPY_BASE_URL} ${NOTEBOOK_ARGS}"
fi
if [ -n "$JPY_HUB_PREFIX" ]; then
NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS"
if [ -n "${JPY_HUB_PREFIX}" ]; then
NOTEBOOK_ARGS="--hub-prefix=${JPY_HUB_PREFIX} ${NOTEBOOK_ARGS}"
fi
if [ -n "$JPY_HUB_API_URL" ]; then
NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS"
if [ -n "${JPY_HUB_API_URL}" ]; then
NOTEBOOK_ARGS="--hub-api-url=${JPY_HUB_API_URL} ${NOTEBOOK_ARGS}"
fi
NOTEBOOK_BIN="jupyterhub-singleuser"

# shellcheck disable=SC1091,SC2086,SC2090
. /usr/local/bin/start.sh "$NOTEBOOK_BIN" $NOTEBOOK_ARGS "$@"
. /usr/local/bin/start.sh "${NOTEBOOK_BIN}" ${NOTEBOOK_ARGS} "$@"
98 changes: 49 additions & 49 deletions base-notebook/start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,28 +13,28 @@ fi

run-hooks () {
# Source scripts or run executable files in a directory
if [[ ! -d "$1" ]] ; then
if [[ ! -d "${1}" ]] ; then
return
fi
echo "$0: running hooks in $1"
for f in "$1/"*; do
case "$f" in
echo "${0}: running hooks in ${1}"
for f in "${1}/"*; do
case "${f}" in
*.sh)
echo "$0: running $f"
echo "${0}: running ${f}"
# shellcheck disable=SC1090
source "$f"
source "${f}"
;;
*)
if [[ -x "$f" ]] ; then
echo "$0: running $f"
"$f"
if [[ -x "${f}" ]] ; then
echo "${0}: running ${f}"
"${f}"
else
echo "$0: ignoring $f"
echo "${0}: ignoring ${f}"
fi
;;
esac
done
echo "$0: done running hooks in $1"
echo "${0}: done running hooks in ${1}"
}

run-hooks /usr/local/bin/start-notebook.d
Expand All @@ -44,73 +44,73 @@ if [ "$(id -u)" == 0 ] ; then

# Only attempt to change the jovyan username if it exists
if id jovyan &> /dev/null ; then
echo "Set username to: $NB_USER"
usermod -d "/home/$NB_USER" -l "$NB_USER" jovyan
echo "Set username to: ${NB_USER}"
usermod -d "/home/${NB_USER}" -l "${NB_USER}" jovyan
fi

# handle home and working directory if the username changed
if [[ "$NB_USER" != "jovyan" ]]; then
if [[ "${NB_USER}" != "jovyan" ]]; then
# changing username, make sure homedir exists
# (it could be mounted, and we shouldn't create it if it already exists)
if [[ ! -e "/home/$NB_USER" ]]; then
echo "Relocating home dir to /home/$NB_USER"
mv /home/jovyan "/home/$NB_USER" || ln -s /home/jovyan "/home/$NB_USER"
if [[ ! -e "/home/${NB_USER}" ]]; then
echo "Relocating home dir to /home/${NB_USER}"
mv /home/jovyan "/home/${NB_USER}" || ln -s /home/jovyan "/home/${NB_USER}"
fi
# if workdir is in /home/jovyan, cd to /home/$NB_USER
if [[ "$PWD/" == "/home/jovyan/"* ]]; then
newcwd="/home/$NB_USER/${PWD:13}"
echo "Setting CWD to $newcwd"
cd "$newcwd"
# if workdir is in /home/jovyan, cd to /home/${NB_USER}
if [[ "${PWD}/" == "/home/jovyan/"* ]]; then
newcwd="/home/${NB_USER}/${PWD:13}"
echo "Setting CWD to ${newcwd}"
cd "${newcwd}"
fi
fi

# Handle case where provisioned storage does not have the correct permissions by default
# Ex: default NFS/EFS (no auto-uid/gid)
if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then
echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'"
if [[ "${CHOWN_HOME}" == "1" || "${CHOWN_HOME}" == 'yes' ]]; then
echo "Changing ownership of /home/${NB_USER} to ${NB_UID}:${NB_GID} with options '${CHOWN_HOME_OPTS}'"
# shellcheck disable=SC2086
chown $CHOWN_HOME_OPTS "$NB_UID:$NB_GID" "/home/$NB_USER"
chown ${CHOWN_HOME_OPTS} "${NB_UID}:${NB_GID}" "/home/${NB_USER}"
fi
if [ -n "$CHOWN_EXTRA" ]; then
for extra_dir in $(echo "$CHOWN_EXTRA" | tr ',' ' '); do
echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'"
if [ -n "${CHOWN_EXTRA}" ]; then
for extra_dir in $(echo "${CHOWN_EXTRA}" | tr ',' ' '); do
echo "Changing ownership of ${extra_dir} to ${NB_UID}:${NB_GID} with options '${CHOWN_EXTRA_OPTS}'"
# shellcheck disable=SC2086
chown $CHOWN_EXTRA_OPTS "$NB_UID:$NB_GID" "$extra_dir"
chown ${CHOWN_EXTRA_OPTS} "${NB_UID}:${NB_GID}" "${extra_dir}"
done
fi

# Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match
if [ "$NB_UID" != "$(id -u "$NB_USER")" ] || [ "$NB_GID" != "$(id -g "$NB_USER")" ]; then
echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID"
if [ "$NB_GID" != "$(id -g "$NB_USER")" ]; then
groupadd -f -g "$NB_GID" -o "${NB_GROUP:-${NB_USER}}"
if [ "${NB_UID}" != "$(id -u "${NB_USER}")" ] || [ "${NB_GID}" != "$(id -g "${NB_USER}")" ]; then
echo "Set user ${NB_USER} UID:GID to: ${NB_UID}:${NB_GID}"
if [ "${NB_GID}" != "$(id -g "${NB_USER}")" ]; then
groupadd -f -g "${NB_GID}" -o "${NB_GROUP:-${NB_USER}}"
fi
userdel "$NB_USER"
useradd --home "/home/$NB_USER" -u "$NB_UID" -g "$NB_GID" -G 100 -l "$NB_USER"
userdel "${NB_USER}"
useradd --home "/home/${NB_USER}" -u "${NB_UID}" -g "${NB_GID}" -G 100 -l "${NB_USER}"
fi

# Enable sudo if requested
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH"
echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
if [[ "${GRANT_SUDO}" == "1" || "${GRANT_SUDO}" == 'yes' ]]; then
echo "Granting ${NB_USER} sudo access and appending ${CONDA_DIR}/bin to sudo PATH"
echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
fi

# Add $CONDA_DIR/bin to sudo secure_path
sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path
# Add ${CONDA_DIR}/bin to sudo secure_path
sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:${CONDA_DIR}/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path

# Exec the command as NB_USER with the PATH and the rest of
# the environment preserved
run-hooks /usr/local/bin/before-notebook.d
echo "Executing the command:" "${cmd[@]}"
exec sudo -E -H -u "$NB_USER" PATH="$PATH" XDG_CACHE_HOME="/home/$NB_USER/.cache" PYTHONPATH="${PYTHONPATH:-}" "${cmd[@]}"
exec sudo -E -H -u "${NB_USER}" PATH="${PATH}" XDG_CACHE_HOME="/home/${NB_USER}/.cache" PYTHONPATH="${PYTHONPATH:-}" "${cmd[@]}"
else
if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then
if [[ "${NB_UID}" == "$(id -u jovyan 2>/dev/null)" && "${NB_GID}" == "$(id -g jovyan 2>/dev/null)" ]]; then
# User is not attempting to override user/group via environment
# variables, but they could still have overridden the uid/gid that
# container runs as. Check that the user has an entry in the passwd
# file and if not add an entry.
STATUS=0 && whoami &> /dev/null || STATUS=$? && true
if [[ "$STATUS" != "0" ]]; then
if [[ "${STATUS}" != "0" ]]; then
if [[ -w /etc/passwd ]]; then
echo "Adding passwd file entry for $(id -u)"
sed -e "s/^jovyan:/nayvoj:/" /etc/passwd > /tmp/passwd
Expand All @@ -122,24 +122,24 @@ else
fi
fi

# Warn if the user isn't going to be able to write files to $HOME.
# Warn if the user isn't going to be able to write files to ${HOME}.
if [[ ! -w /home/jovyan ]]; then
echo 'Container must be run with group "users" to update files'
fi
else
# Warn if looks like user want to override uid/gid but hasn't
# run the container as root.
if [[ -n "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then
echo "Container must be run as root to set NB_UID to $NB_UID"
if [[ -n "${NB_UID}" && "${NB_UID}" != "$(id -u)" ]]; then
echo "Container must be run as root to set NB_UID to ${NB_UID}"
fi
if [[ -n "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then
echo "Container must be run as root to set NB_GID to $NB_GID"
if [[ -n "${NB_GID}" && "${NB_GID}" != "$(id -g)" ]]; then
echo "Container must be run as root to set NB_GID to ${NB_GID}"
fi
fi

# Warn if looks like user want to run in sudo mode but hasn't run
# the container as root.
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
if [[ "${GRANT_SUDO}" == "1" || "${GRANT_SUDO}" == 'yes' ]]; then
echo 'Container must be run as root to grant sudo permissions'
fi

Expand Down
Loading

0 comments on commit 396024a

Please sign in to comment.