From 0b758960c364ddabcf884f58f9f9358b631167e0 Mon Sep 17 00:00:00 2001 From: Martin Tzvetanov Grigorov Date: Mon, 11 Mar 2024 11:28:18 +0200 Subject: [PATCH] Replace /bin/sh with a wrapper to /bin/bash This is needed to be able to set umask=022 for the Linux aarch64 images that use umask=027 by default. /bin/sh does not load /etc/profile nor any other rcfile. See https://github.com/bioconda/bioconda-recipes/pull/46177 for full details and https://github.com/galaxyproject/galaxy/issues/17631 for a summary. Signed-off-by: Martin Tzvetanov Grigorov --- .github/workflows/base-glibc-busybox-bash.yaml | 2 +- .github/workflows/base-glibc-debian-bash.yaml | 2 +- .github/workflows/create-env.yaml | 2 +- images/base-glibc-busybox-bash/Dockerfile.busybox | 9 +++++++++ images/base-glibc-busybox-bash/bin-sh-wrapper.sh | 3 +++ images/base-glibc-debian-bash/Dockerfile | 9 +++++++++ images/base-glibc-debian-bash/bin-sh-wrapper.sh | 3 +++ images/bin-sh-wrapper.sh | 3 +++ images/create-env/Dockerfile | 8 ++++++++ images/create-env/bin-sh-wrapper.sh | 3 +++ 10 files changed, 41 insertions(+), 3 deletions(-) create mode 100755 images/base-glibc-busybox-bash/bin-sh-wrapper.sh create mode 100755 images/base-glibc-debian-bash/bin-sh-wrapper.sh create mode 100755 images/bin-sh-wrapper.sh create mode 100755 images/create-env/bin-sh-wrapper.sh diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml index 9f76c16d..1d2f785d 100644 --- a/.github/workflows/base-glibc-busybox-bash.yaml +++ b/.github/workflows/base-glibc-busybox-bash.yaml @@ -19,7 +19,7 @@ jobs: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". MAJOR_VERSION: 3 - MINOR_VERSION: 0 + MINOR_VERSION: 1 IMAGE_NAME: base-glibc-busybox-bash BUSYBOX_VERSION: '1.36.1' DEBIAN_VERSION: '12.2' diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml index 331f44ea..dc128ba1 100644 --- a/.github/workflows/base-glibc-debian-bash.yaml +++ b/.github/workflows/base-glibc-debian-bash.yaml @@ -19,7 +19,7 @@ jobs: # The base image is not intended to change often and should be used with # version tags or checksum IDs, but not via "latest". MAJOR_VERSION: 3 - MINOR_VERSION: 0 + MINOR_VERSION: 1 IMAGE_NAME: base-glibc-debian-bash DEBIAN_VERSION: '12.2' diff --git a/.github/workflows/create-env.yaml b/.github/workflows/create-env.yaml index 21162b41..ab528979 100644 --- a/.github/workflows/create-env.yaml +++ b/.github/workflows/create-env.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-22.04 env: MAJOR_VERSION: 3 - MINOR_VERSION: 0 + MINOR_VERSION: 1 IMAGE_NAME: create-env steps: diff --git a/images/base-glibc-busybox-bash/Dockerfile.busybox b/images/base-glibc-busybox-bash/Dockerfile.busybox index fcbd60bd..84584cc4 100644 --- a/images/base-glibc-busybox-bash/Dockerfile.busybox +++ b/images/base-glibc-busybox-bash/Dockerfile.busybox @@ -17,6 +17,15 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \ WORKDIR /build COPY build-busybox ./ ARG busybox_version + +RUN echo "umask 022" >> /etc/profile +RUN echo "umask 022" >> /root/.bashrc + +# replace /bin/sh with a wrapper to /bin/bash +RUN /bin/bash -c "unlink /bin/sh" +COPY bin-sh-wrapper.sh /bin/sh +RUN /bin/bash -c "chmod +x /bin/sh" + RUN ./build-busybox \ "${busybox_version}" \ x86_64 aarch64 diff --git a/images/base-glibc-busybox-bash/bin-sh-wrapper.sh b/images/base-glibc-busybox-bash/bin-sh-wrapper.sh new file mode 100755 index 00000000..79c14ef4 --- /dev/null +++ b/images/base-glibc-busybox-bash/bin-sh-wrapper.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +bash -l "$@" \ No newline at end of file diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile index c0adc292..34d8a502 100644 --- a/images/base-glibc-debian-bash/Dockerfile +++ b/images/base-glibc-debian-bash/Dockerfile @@ -127,5 +127,14 @@ RUN touch /usr/local/env-activate.sh \ > /usr/local/env-execute ENV LANG=C.UTF-8 + +RUN echo "umask 022" >> /etc/profile +RUN echo "umask 022" >> /root/.bashrc + +# replace /bin/sh with a wrapper to /bin/bash +RUN /bin/bash -c "unlink /bin/sh" +COPY bin-sh-wrapper.sh /bin/sh +RUN /bin/bash -c "chmod +x /bin/sh" + ENTRYPOINT [ "/usr/local/env-execute" ] CMD [ "bash" ] diff --git a/images/base-glibc-debian-bash/bin-sh-wrapper.sh b/images/base-glibc-debian-bash/bin-sh-wrapper.sh new file mode 100755 index 00000000..79c14ef4 --- /dev/null +++ b/images/base-glibc-debian-bash/bin-sh-wrapper.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +bash -l "$@" \ No newline at end of file diff --git a/images/bin-sh-wrapper.sh b/images/bin-sh-wrapper.sh new file mode 100755 index 00000000..79c14ef4 --- /dev/null +++ b/images/bin-sh-wrapper.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +bash -l "$@" \ No newline at end of file diff --git a/images/create-env/Dockerfile b/images/create-env/Dockerfile index 93b83948..ee1cb749 100644 --- a/images/create-env/Dockerfile +++ b/images/create-env/Dockerfile @@ -40,5 +40,13 @@ RUN \ >> /etc/skel/.bashrc ENV ENV=/etc/profile.d/conda.sh +RUN echo "umask 022" >> /etc/profile +RUN echo "umask 022" >> /root/.bashrc + +# replace /bin/sh with a wrapper to /bin/bash +RUN /bin/bash -c "unlink /bin/sh" +COPY bin-sh-wrapper.sh /bin/sh +RUN /bin/bash -c "chmod +x /bin/sh" + ENTRYPOINT [ "/opt/create-env/bin/tini", "--", "/opt/create-env/env-execute" ] CMD [ "bash" ] diff --git a/images/create-env/bin-sh-wrapper.sh b/images/create-env/bin-sh-wrapper.sh new file mode 100755 index 00000000..79c14ef4 --- /dev/null +++ b/images/create-env/bin-sh-wrapper.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +bash -l "$@" \ No newline at end of file