From ba1579293ca7bc283ef9be8414723c973f4bba92 Mon Sep 17 00:00:00 2001 From: Alexandre Galtier Date: Tue, 19 Nov 2024 20:03:33 +0100 Subject: [PATCH] Entrypoint Fixes * fix exec check on .envsh files * work with /usr/bin/env rather than sh/bash directly * chang `$VAR` to `${VAR}` for better read --- entrypoint/10-listen-on-ipv6-by-default.sh | 38 +++--- entrypoint/15-local-resolvers.envsh | 2 +- entrypoint/20-envsubst-on-templates.sh | 60 ++++----- entrypoint/30-tune-worker-processes.sh | 122 +++++++++--------- entrypoint/docker-entrypoint.sh | 38 +++--- .../10-listen-on-ipv6-by-default.sh | 38 +++--- mainline/alpine-slim/15-local-resolvers.envsh | 2 +- .../alpine-slim/20-envsubst-on-templates.sh | 60 ++++----- .../alpine-slim/30-tune-worker-processes.sh | 122 +++++++++--------- mainline/alpine-slim/docker-entrypoint.sh | 38 +++--- .../debian/10-listen-on-ipv6-by-default.sh | 38 +++--- mainline/debian/15-local-resolvers.envsh | 2 +- mainline/debian/20-envsubst-on-templates.sh | 60 ++++----- mainline/debian/30-tune-worker-processes.sh | 122 +++++++++--------- mainline/debian/docker-entrypoint.sh | 38 +++--- .../10-listen-on-ipv6-by-default.sh | 38 +++--- stable/alpine-slim/15-local-resolvers.envsh | 2 +- .../alpine-slim/20-envsubst-on-templates.sh | 60 ++++----- .../alpine-slim/30-tune-worker-processes.sh | 122 +++++++++--------- stable/alpine-slim/docker-entrypoint.sh | 38 +++--- stable/debian/10-listen-on-ipv6-by-default.sh | 38 +++--- stable/debian/15-local-resolvers.envsh | 2 +- stable/debian/20-envsubst-on-templates.sh | 60 ++++----- stable/debian/30-tune-worker-processes.sh | 122 +++++++++--------- stable/debian/docker-entrypoint.sh | 38 +++--- 25 files changed, 650 insertions(+), 650 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 29898b1..f786c00 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e @@ -9,59 +9,59 @@ entrypoint_log() { fi } -ME=$(basename "$0") +ME=$(basename "${0}") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" + entrypoint_log "${ME}: info: ipv6 not available" exit 0 fi -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" +if [ ! -f "/${DEFAULT_CONF_FILE}" ]; then + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /${DEFAULT_CONF_FILE} 2>/dev/null || { entrypoint_log "${ME}: info: can not modify /${DEFAULT_CONF_FILE} (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /${DEFAULT_CONF_FILE} && { entrypoint_log "${ME}: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" + entrypoint_log "${ME}: info: can not guess the operating system" exit 0 fi -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Getting the checksum of /${DEFAULT_CONF_FILE}" -case "$ID" in +case "${ID}" in "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 3) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; *) - entrypoint_log "$ME: info: Unsupported distribution" + entrypoint_log "${ME}: info: Unsupported distribution" exit 0 ;; esac # enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE +sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /${DEFAULT_CONF_FILE} -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Enabled listen on IPv6 in /${DEFAULT_CONF_FILE}" exit 0 diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index e830dda..87d88ea 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 6938405..febbc7e 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -1,8 +1,8 @@ -#!/bin/sh +#!/usr/bin/env sh set -e -ME=$(basename "$0") +ME=$(basename "${0}") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -13,16 +13,16 @@ entrypoint_log() { add_stream_block() { local conffile="/etc/nginx/nginx.conf" - if grep -q -E "\s*stream\s*\{" "$conffile"; then - entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + if grep -q -E "\s*stream\s*\{" "${conffile}"; then + entrypoint_log "${ME}: ${conffile} contains a stream block; include ${stream_output_dir}/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" -# added by "$ME" on "$(date)" + touch "${conffile}" 2>/dev/null || { entrypoint_log "${ME}: info: can not modify ${conffile} (read-only file system?)"; exit 0; } + entrypoint_log "${ME}: Appending stream block to ${conffile} to include ${stream_output_dir}/*.conf" + cat << END >> "${conffile}" +# added by "${ME}" on "$(date)" stream { - include $stream_output_dir/*.conf; + include ${stream_output_dir}/*.conf; } END fi @@ -38,37 +38,37 @@ auto_envsubst() { local template defined_envs relative_path output_path subdir defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + [ -d "${template_dir}" ] || return 0 + if [ ! -w "${output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${output_dir} is not writable" return 0 fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$output_dir/${relative_path%"$suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${output_dir}/${relative_path%"${suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done # Print the first file with the stream suffix, this will be false if there are none - if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then - mkdir -p "$stream_output_dir" - if [ ! -w "$stream_output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + if test -n "$(find "${template_dir}" -name "*${stream_suffix}" -print -quit)"; then + mkdir -p "${stream_output_dir}" + if [ ! -w "${stream_output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${stream_output_dir} is not writable" return 0 fi add_stream_block - find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${stream_suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${stream_output_dir}/${relative_path%"${stream_suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${stream_output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done fi } diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index defb994..df3885a 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -1,31 +1,31 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu LC_ALL=C -ME=$(basename "$0") +ME=$(basename "${0}") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "\${ME}: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } ceildiv() { - num=$1 - div=$2 + num=${1} + div=${2} echo $(( (num + div - 1) / div )) } get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 + cpusetroot=${1} + cpusetfile=${2} ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in + [ -f "${cpusetroot}/${cpusetfile}" ] || return 1 + for token in $( tr ',' ' ' < "${cpusetroot}/${cpusetfile}" ); do + case "${token}" in *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + count=$( seq $(echo "${token}" | tr '-' ' ') | wc -l ) ncpu=$(( ncpu+count )) ;; *) @@ -33,38 +33,38 @@ get_cpuset() { ;; esac done - echo "$ncpu" + echo "${ncpu}" } get_quota() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.cfs_quota_us" ] || return 1 + [ -f "${cpuroot}/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "${cpuroot}/cpu.cfs_quota_us" ) + cfs_period=$( cat "${cpuroot}/cpu.cfs_period_us" ) + [ "${cfs_quota}" = "-1" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_quota_v2() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "${cpuroot}/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "${cpuroot}/cpu.max" ) + [ "${cfs_quota}" = "max" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_cgroup_v1_path() { - needle=$1 + needle=${1} found= foundroot= mountpoint= @@ -73,21 +73,21 @@ get_cgroup_v1_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - case "$needle" in + case "${needle}" in "cpuset") - case "$line" in + case "${line}" in *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac ;; "cpu") - case "$line" in + case "${line}" in *cpuset*) ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac @@ -97,20 +97,20 @@ $( grep -F -- '- cgroup ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in + controller=$( echo "${line}" | cut -d: -f 2 ) + case "${needle}" in "cpuset") - case "$controller" in + case "${controller}" in cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac ;; "cpu") - case "$controller" in + case "${controller}" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac @@ -122,13 +122,13 @@ __EOF__ case "${found%% *}" in "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint") + "${mountpoint}") foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } get_cgroup_v2_path() { @@ -140,13 +140,13 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) done << __EOF__ $( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) done << __EOF__ $( grep -F -- '0::' /proc/self/cgroup ) __EOF__ @@ -156,13 +156,13 @@ __EOF__ return 1 ;; "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint" | /../*) + "${mountpoint}" | /../*) foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } ncpu_online=$( getconf _NPROCESSORS_ONLN ) @@ -171,18 +171,18 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "${cpuset}" "cpuset.effective_cpus" ) || ncpu_cpuset=${ncpu_online} +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "${cpu}" ) || ncpu_quota=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "${cgroup_v2}" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "${cgroup_v2}" ) || ncpu_quota_v2=${ncpu_online} ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ + "${ncpu_online}" \ + "${ncpu_cpuset}" \ + "${ncpu_quota}" \ + "${ncpu_cpuset_v2}" \ + "${ncpu_quota_v2}" \ | sort -n \ | head -n 1 ) -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"${ME}"' on '"$(date)"'\n#\1\2\n\1 '"${ncpu}"';/' /etc/nginx/nginx.conf diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 8ea04f2..cac74ec 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -1,47 +1,47 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" + echo "${@}" fi } -if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then +if [ "${1}" = "nginx" ] || [ "${1}" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "${0}: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "${0}: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in + case "${f}" in *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" + if [ -r "${f}" ]; then + entrypoint_log "${0}: Sourcing ${f}"; + . "${f}" else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + # warn on shell scripts not readable + entrypoint_log "${0}: Ignoring ${f}, not readable"; fi ;; *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" + if [ -x "${f}" ]; then + entrypoint_log "${0}: Launching ${f}"; + "${f}" else # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + entrypoint_log "${0}: Ignoring ${f}, not executable"; fi ;; - *) entrypoint_log "$0: Ignoring $f";; + *) entrypoint_log "${0}: Ignoring ${f}";; esac done - entrypoint_log "$0: Configuration complete; ready for start up" + entrypoint_log "${0}: Configuration complete; ready for start up" else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "${0}: No files found in /docker-entrypoint.d/, skipping configuration" fi fi -exec "$@" +exec "${@}" diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index 29898b1..f786c00 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e @@ -9,59 +9,59 @@ entrypoint_log() { fi } -ME=$(basename "$0") +ME=$(basename "${0}") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" + entrypoint_log "${ME}: info: ipv6 not available" exit 0 fi -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" +if [ ! -f "/${DEFAULT_CONF_FILE}" ]; then + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /${DEFAULT_CONF_FILE} 2>/dev/null || { entrypoint_log "${ME}: info: can not modify /${DEFAULT_CONF_FILE} (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /${DEFAULT_CONF_FILE} && { entrypoint_log "${ME}: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" + entrypoint_log "${ME}: info: can not guess the operating system" exit 0 fi -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Getting the checksum of /${DEFAULT_CONF_FILE}" -case "$ID" in +case "${ID}" in "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 3) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; *) - entrypoint_log "$ME: info: Unsupported distribution" + entrypoint_log "${ME}: info: Unsupported distribution" exit 0 ;; esac # enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE +sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /${DEFAULT_CONF_FILE} -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Enabled listen on IPv6 in /${DEFAULT_CONF_FILE}" exit 0 diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index e830dda..87d88ea 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 6938405..febbc7e 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -1,8 +1,8 @@ -#!/bin/sh +#!/usr/bin/env sh set -e -ME=$(basename "$0") +ME=$(basename "${0}") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -13,16 +13,16 @@ entrypoint_log() { add_stream_block() { local conffile="/etc/nginx/nginx.conf" - if grep -q -E "\s*stream\s*\{" "$conffile"; then - entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + if grep -q -E "\s*stream\s*\{" "${conffile}"; then + entrypoint_log "${ME}: ${conffile} contains a stream block; include ${stream_output_dir}/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" -# added by "$ME" on "$(date)" + touch "${conffile}" 2>/dev/null || { entrypoint_log "${ME}: info: can not modify ${conffile} (read-only file system?)"; exit 0; } + entrypoint_log "${ME}: Appending stream block to ${conffile} to include ${stream_output_dir}/*.conf" + cat << END >> "${conffile}" +# added by "${ME}" on "$(date)" stream { - include $stream_output_dir/*.conf; + include ${stream_output_dir}/*.conf; } END fi @@ -38,37 +38,37 @@ auto_envsubst() { local template defined_envs relative_path output_path subdir defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + [ -d "${template_dir}" ] || return 0 + if [ ! -w "${output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${output_dir} is not writable" return 0 fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$output_dir/${relative_path%"$suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${output_dir}/${relative_path%"${suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done # Print the first file with the stream suffix, this will be false if there are none - if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then - mkdir -p "$stream_output_dir" - if [ ! -w "$stream_output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + if test -n "$(find "${template_dir}" -name "*${stream_suffix}" -print -quit)"; then + mkdir -p "${stream_output_dir}" + if [ ! -w "${stream_output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${stream_output_dir} is not writable" return 0 fi add_stream_block - find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${stream_suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${stream_output_dir}/${relative_path%"${stream_suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${stream_output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done fi } diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index defb994..df3885a 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -1,31 +1,31 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu LC_ALL=C -ME=$(basename "$0") +ME=$(basename "${0}") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "\${ME}: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } ceildiv() { - num=$1 - div=$2 + num=${1} + div=${2} echo $(( (num + div - 1) / div )) } get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 + cpusetroot=${1} + cpusetfile=${2} ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in + [ -f "${cpusetroot}/${cpusetfile}" ] || return 1 + for token in $( tr ',' ' ' < "${cpusetroot}/${cpusetfile}" ); do + case "${token}" in *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + count=$( seq $(echo "${token}" | tr '-' ' ') | wc -l ) ncpu=$(( ncpu+count )) ;; *) @@ -33,38 +33,38 @@ get_cpuset() { ;; esac done - echo "$ncpu" + echo "${ncpu}" } get_quota() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.cfs_quota_us" ] || return 1 + [ -f "${cpuroot}/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "${cpuroot}/cpu.cfs_quota_us" ) + cfs_period=$( cat "${cpuroot}/cpu.cfs_period_us" ) + [ "${cfs_quota}" = "-1" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_quota_v2() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "${cpuroot}/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "${cpuroot}/cpu.max" ) + [ "${cfs_quota}" = "max" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_cgroup_v1_path() { - needle=$1 + needle=${1} found= foundroot= mountpoint= @@ -73,21 +73,21 @@ get_cgroup_v1_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - case "$needle" in + case "${needle}" in "cpuset") - case "$line" in + case "${line}" in *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac ;; "cpu") - case "$line" in + case "${line}" in *cpuset*) ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac @@ -97,20 +97,20 @@ $( grep -F -- '- cgroup ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in + controller=$( echo "${line}" | cut -d: -f 2 ) + case "${needle}" in "cpuset") - case "$controller" in + case "${controller}" in cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac ;; "cpu") - case "$controller" in + case "${controller}" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac @@ -122,13 +122,13 @@ __EOF__ case "${found%% *}" in "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint") + "${mountpoint}") foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } get_cgroup_v2_path() { @@ -140,13 +140,13 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) done << __EOF__ $( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) done << __EOF__ $( grep -F -- '0::' /proc/self/cgroup ) __EOF__ @@ -156,13 +156,13 @@ __EOF__ return 1 ;; "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint" | /../*) + "${mountpoint}" | /../*) foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } ncpu_online=$( getconf _NPROCESSORS_ONLN ) @@ -171,18 +171,18 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "${cpuset}" "cpuset.effective_cpus" ) || ncpu_cpuset=${ncpu_online} +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "${cpu}" ) || ncpu_quota=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "${cgroup_v2}" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "${cgroup_v2}" ) || ncpu_quota_v2=${ncpu_online} ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ + "${ncpu_online}" \ + "${ncpu_cpuset}" \ + "${ncpu_quota}" \ + "${ncpu_cpuset_v2}" \ + "${ncpu_quota_v2}" \ | sort -n \ | head -n 1 ) -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"${ME}"' on '"$(date)"'\n#\1\2\n\1 '"${ncpu}"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 8ea04f2..cac74ec 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -1,47 +1,47 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" + echo "${@}" fi } -if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then +if [ "${1}" = "nginx" ] || [ "${1}" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "${0}: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "${0}: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in + case "${f}" in *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" + if [ -r "${f}" ]; then + entrypoint_log "${0}: Sourcing ${f}"; + . "${f}" else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + # warn on shell scripts not readable + entrypoint_log "${0}: Ignoring ${f}, not readable"; fi ;; *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" + if [ -x "${f}" ]; then + entrypoint_log "${0}: Launching ${f}"; + "${f}" else # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + entrypoint_log "${0}: Ignoring ${f}, not executable"; fi ;; - *) entrypoint_log "$0: Ignoring $f";; + *) entrypoint_log "${0}: Ignoring ${f}";; esac done - entrypoint_log "$0: Configuration complete; ready for start up" + entrypoint_log "${0}: Configuration complete; ready for start up" else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "${0}: No files found in /docker-entrypoint.d/, skipping configuration" fi fi -exec "$@" +exec "${@}" diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 29898b1..f786c00 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e @@ -9,59 +9,59 @@ entrypoint_log() { fi } -ME=$(basename "$0") +ME=$(basename "${0}") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" + entrypoint_log "${ME}: info: ipv6 not available" exit 0 fi -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" +if [ ! -f "/${DEFAULT_CONF_FILE}" ]; then + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /${DEFAULT_CONF_FILE} 2>/dev/null || { entrypoint_log "${ME}: info: can not modify /${DEFAULT_CONF_FILE} (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /${DEFAULT_CONF_FILE} && { entrypoint_log "${ME}: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" + entrypoint_log "${ME}: info: can not guess the operating system" exit 0 fi -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Getting the checksum of /${DEFAULT_CONF_FILE}" -case "$ID" in +case "${ID}" in "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 3) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; *) - entrypoint_log "$ME: info: Unsupported distribution" + entrypoint_log "${ME}: info: Unsupported distribution" exit 0 ;; esac # enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE +sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /${DEFAULT_CONF_FILE} -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Enabled listen on IPv6 in /${DEFAULT_CONF_FILE}" exit 0 diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index e830dda..87d88ea 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 6938405..febbc7e 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -1,8 +1,8 @@ -#!/bin/sh +#!/usr/bin/env sh set -e -ME=$(basename "$0") +ME=$(basename "${0}") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -13,16 +13,16 @@ entrypoint_log() { add_stream_block() { local conffile="/etc/nginx/nginx.conf" - if grep -q -E "\s*stream\s*\{" "$conffile"; then - entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + if grep -q -E "\s*stream\s*\{" "${conffile}"; then + entrypoint_log "${ME}: ${conffile} contains a stream block; include ${stream_output_dir}/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" -# added by "$ME" on "$(date)" + touch "${conffile}" 2>/dev/null || { entrypoint_log "${ME}: info: can not modify ${conffile} (read-only file system?)"; exit 0; } + entrypoint_log "${ME}: Appending stream block to ${conffile} to include ${stream_output_dir}/*.conf" + cat << END >> "${conffile}" +# added by "${ME}" on "$(date)" stream { - include $stream_output_dir/*.conf; + include ${stream_output_dir}/*.conf; } END fi @@ -38,37 +38,37 @@ auto_envsubst() { local template defined_envs relative_path output_path subdir defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + [ -d "${template_dir}" ] || return 0 + if [ ! -w "${output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${output_dir} is not writable" return 0 fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$output_dir/${relative_path%"$suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${output_dir}/${relative_path%"${suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done # Print the first file with the stream suffix, this will be false if there are none - if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then - mkdir -p "$stream_output_dir" - if [ ! -w "$stream_output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + if test -n "$(find "${template_dir}" -name "*${stream_suffix}" -print -quit)"; then + mkdir -p "${stream_output_dir}" + if [ ! -w "${stream_output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${stream_output_dir} is not writable" return 0 fi add_stream_block - find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${stream_suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${stream_output_dir}/${relative_path%"${stream_suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${stream_output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done fi } diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index defb994..df3885a 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -1,31 +1,31 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu LC_ALL=C -ME=$(basename "$0") +ME=$(basename "${0}") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "\${ME}: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } ceildiv() { - num=$1 - div=$2 + num=${1} + div=${2} echo $(( (num + div - 1) / div )) } get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 + cpusetroot=${1} + cpusetfile=${2} ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in + [ -f "${cpusetroot}/${cpusetfile}" ] || return 1 + for token in $( tr ',' ' ' < "${cpusetroot}/${cpusetfile}" ); do + case "${token}" in *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + count=$( seq $(echo "${token}" | tr '-' ' ') | wc -l ) ncpu=$(( ncpu+count )) ;; *) @@ -33,38 +33,38 @@ get_cpuset() { ;; esac done - echo "$ncpu" + echo "${ncpu}" } get_quota() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.cfs_quota_us" ] || return 1 + [ -f "${cpuroot}/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "${cpuroot}/cpu.cfs_quota_us" ) + cfs_period=$( cat "${cpuroot}/cpu.cfs_period_us" ) + [ "${cfs_quota}" = "-1" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_quota_v2() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "${cpuroot}/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "${cpuroot}/cpu.max" ) + [ "${cfs_quota}" = "max" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_cgroup_v1_path() { - needle=$1 + needle=${1} found= foundroot= mountpoint= @@ -73,21 +73,21 @@ get_cgroup_v1_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - case "$needle" in + case "${needle}" in "cpuset") - case "$line" in + case "${line}" in *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac ;; "cpu") - case "$line" in + case "${line}" in *cpuset*) ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac @@ -97,20 +97,20 @@ $( grep -F -- '- cgroup ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in + controller=$( echo "${line}" | cut -d: -f 2 ) + case "${needle}" in "cpuset") - case "$controller" in + case "${controller}" in cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac ;; "cpu") - case "$controller" in + case "${controller}" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac @@ -122,13 +122,13 @@ __EOF__ case "${found%% *}" in "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint") + "${mountpoint}") foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } get_cgroup_v2_path() { @@ -140,13 +140,13 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) done << __EOF__ $( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) done << __EOF__ $( grep -F -- '0::' /proc/self/cgroup ) __EOF__ @@ -156,13 +156,13 @@ __EOF__ return 1 ;; "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint" | /../*) + "${mountpoint}" | /../*) foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } ncpu_online=$( getconf _NPROCESSORS_ONLN ) @@ -171,18 +171,18 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "${cpuset}" "cpuset.effective_cpus" ) || ncpu_cpuset=${ncpu_online} +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "${cpu}" ) || ncpu_quota=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "${cgroup_v2}" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "${cgroup_v2}" ) || ncpu_quota_v2=${ncpu_online} ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ + "${ncpu_online}" \ + "${ncpu_cpuset}" \ + "${ncpu_quota}" \ + "${ncpu_cpuset_v2}" \ + "${ncpu_quota_v2}" \ | sort -n \ | head -n 1 ) -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"${ME}"' on '"$(date)"'\n#\1\2\n\1 '"${ncpu}"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 8ea04f2..cac74ec 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -1,47 +1,47 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" + echo "${@}" fi } -if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then +if [ "${1}" = "nginx" ] || [ "${1}" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "${0}: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "${0}: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in + case "${f}" in *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" + if [ -r "${f}" ]; then + entrypoint_log "${0}: Sourcing ${f}"; + . "${f}" else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + # warn on shell scripts not readable + entrypoint_log "${0}: Ignoring ${f}, not readable"; fi ;; *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" + if [ -x "${f}" ]; then + entrypoint_log "${0}: Launching ${f}"; + "${f}" else # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + entrypoint_log "${0}: Ignoring ${f}, not executable"; fi ;; - *) entrypoint_log "$0: Ignoring $f";; + *) entrypoint_log "${0}: Ignoring ${f}";; esac done - entrypoint_log "$0: Configuration complete; ready for start up" + entrypoint_log "${0}: Configuration complete; ready for start up" else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "${0}: No files found in /docker-entrypoint.d/, skipping configuration" fi fi -exec "$@" +exec "${@}" diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index 29898b1..f786c00 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e @@ -9,59 +9,59 @@ entrypoint_log() { fi } -ME=$(basename "$0") +ME=$(basename "${0}") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" + entrypoint_log "${ME}: info: ipv6 not available" exit 0 fi -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" +if [ ! -f "/${DEFAULT_CONF_FILE}" ]; then + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /${DEFAULT_CONF_FILE} 2>/dev/null || { entrypoint_log "${ME}: info: can not modify /${DEFAULT_CONF_FILE} (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /${DEFAULT_CONF_FILE} && { entrypoint_log "${ME}: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" + entrypoint_log "${ME}: info: can not guess the operating system" exit 0 fi -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Getting the checksum of /${DEFAULT_CONF_FILE}" -case "$ID" in +case "${ID}" in "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 3) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; *) - entrypoint_log "$ME: info: Unsupported distribution" + entrypoint_log "${ME}: info: Unsupported distribution" exit 0 ;; esac # enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE +sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /${DEFAULT_CONF_FILE} -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Enabled listen on IPv6 in /${DEFAULT_CONF_FILE}" exit 0 diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index e830dda..87d88ea 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 6938405..febbc7e 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -1,8 +1,8 @@ -#!/bin/sh +#!/usr/bin/env sh set -e -ME=$(basename "$0") +ME=$(basename "${0}") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -13,16 +13,16 @@ entrypoint_log() { add_stream_block() { local conffile="/etc/nginx/nginx.conf" - if grep -q -E "\s*stream\s*\{" "$conffile"; then - entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + if grep -q -E "\s*stream\s*\{" "${conffile}"; then + entrypoint_log "${ME}: ${conffile} contains a stream block; include ${stream_output_dir}/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" -# added by "$ME" on "$(date)" + touch "${conffile}" 2>/dev/null || { entrypoint_log "${ME}: info: can not modify ${conffile} (read-only file system?)"; exit 0; } + entrypoint_log "${ME}: Appending stream block to ${conffile} to include ${stream_output_dir}/*.conf" + cat << END >> "${conffile}" +# added by "${ME}" on "$(date)" stream { - include $stream_output_dir/*.conf; + include ${stream_output_dir}/*.conf; } END fi @@ -38,37 +38,37 @@ auto_envsubst() { local template defined_envs relative_path output_path subdir defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + [ -d "${template_dir}" ] || return 0 + if [ ! -w "${output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${output_dir} is not writable" return 0 fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$output_dir/${relative_path%"$suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${output_dir}/${relative_path%"${suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done # Print the first file with the stream suffix, this will be false if there are none - if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then - mkdir -p "$stream_output_dir" - if [ ! -w "$stream_output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + if test -n "$(find "${template_dir}" -name "*${stream_suffix}" -print -quit)"; then + mkdir -p "${stream_output_dir}" + if [ ! -w "${stream_output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${stream_output_dir} is not writable" return 0 fi add_stream_block - find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${stream_suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${stream_output_dir}/${relative_path%"${stream_suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${stream_output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done fi } diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index defb994..df3885a 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -1,31 +1,31 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu LC_ALL=C -ME=$(basename "$0") +ME=$(basename "${0}") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "\${ME}: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } ceildiv() { - num=$1 - div=$2 + num=${1} + div=${2} echo $(( (num + div - 1) / div )) } get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 + cpusetroot=${1} + cpusetfile=${2} ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in + [ -f "${cpusetroot}/${cpusetfile}" ] || return 1 + for token in $( tr ',' ' ' < "${cpusetroot}/${cpusetfile}" ); do + case "${token}" in *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + count=$( seq $(echo "${token}" | tr '-' ' ') | wc -l ) ncpu=$(( ncpu+count )) ;; *) @@ -33,38 +33,38 @@ get_cpuset() { ;; esac done - echo "$ncpu" + echo "${ncpu}" } get_quota() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.cfs_quota_us" ] || return 1 + [ -f "${cpuroot}/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "${cpuroot}/cpu.cfs_quota_us" ) + cfs_period=$( cat "${cpuroot}/cpu.cfs_period_us" ) + [ "${cfs_quota}" = "-1" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_quota_v2() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "${cpuroot}/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "${cpuroot}/cpu.max" ) + [ "${cfs_quota}" = "max" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_cgroup_v1_path() { - needle=$1 + needle=${1} found= foundroot= mountpoint= @@ -73,21 +73,21 @@ get_cgroup_v1_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - case "$needle" in + case "${needle}" in "cpuset") - case "$line" in + case "${line}" in *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac ;; "cpu") - case "$line" in + case "${line}" in *cpuset*) ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac @@ -97,20 +97,20 @@ $( grep -F -- '- cgroup ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in + controller=$( echo "${line}" | cut -d: -f 2 ) + case "${needle}" in "cpuset") - case "$controller" in + case "${controller}" in cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac ;; "cpu") - case "$controller" in + case "${controller}" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac @@ -122,13 +122,13 @@ __EOF__ case "${found%% *}" in "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint") + "${mountpoint}") foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } get_cgroup_v2_path() { @@ -140,13 +140,13 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) done << __EOF__ $( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) done << __EOF__ $( grep -F -- '0::' /proc/self/cgroup ) __EOF__ @@ -156,13 +156,13 @@ __EOF__ return 1 ;; "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint" | /../*) + "${mountpoint}" | /../*) foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } ncpu_online=$( getconf _NPROCESSORS_ONLN ) @@ -171,18 +171,18 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "${cpuset}" "cpuset.effective_cpus" ) || ncpu_cpuset=${ncpu_online} +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "${cpu}" ) || ncpu_quota=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "${cgroup_v2}" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "${cgroup_v2}" ) || ncpu_quota_v2=${ncpu_online} ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ + "${ncpu_online}" \ + "${ncpu_cpuset}" \ + "${ncpu_quota}" \ + "${ncpu_cpuset_v2}" \ + "${ncpu_quota_v2}" \ | sort -n \ | head -n 1 ) -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"${ME}"' on '"$(date)"'\n#\1\2\n\1 '"${ncpu}"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 8ea04f2..cac74ec 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -1,47 +1,47 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" + echo "${@}" fi } -if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then +if [ "${1}" = "nginx" ] || [ "${1}" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "${0}: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "${0}: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in + case "${f}" in *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" + if [ -r "${f}" ]; then + entrypoint_log "${0}: Sourcing ${f}"; + . "${f}" else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + # warn on shell scripts not readable + entrypoint_log "${0}: Ignoring ${f}, not readable"; fi ;; *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" + if [ -x "${f}" ]; then + entrypoint_log "${0}: Launching ${f}"; + "${f}" else # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + entrypoint_log "${0}: Ignoring ${f}, not executable"; fi ;; - *) entrypoint_log "$0: Ignoring $f";; + *) entrypoint_log "${0}: Ignoring ${f}";; esac done - entrypoint_log "$0: Configuration complete; ready for start up" + entrypoint_log "${0}: Configuration complete; ready for start up" else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "${0}: No files found in /docker-entrypoint.d/, skipping configuration" fi fi -exec "$@" +exec "${@}" diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 29898b1..f786c00 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e @@ -9,59 +9,59 @@ entrypoint_log() { fi } -ME=$(basename "$0") +ME=$(basename "${0}") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" + entrypoint_log "${ME}: info: ipv6 not available" exit 0 fi -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" +if [ ! -f "/${DEFAULT_CONF_FILE}" ]; then + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /${DEFAULT_CONF_FILE} 2>/dev/null || { entrypoint_log "${ME}: info: can not modify /${DEFAULT_CONF_FILE} (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /${DEFAULT_CONF_FILE} && { entrypoint_log "${ME}: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" + entrypoint_log "${ME}: info: can not guess the operating system" exit 0 fi -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Getting the checksum of /${DEFAULT_CONF_FILE}" -case "$ID" in +case "${ID}" in "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 3) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "${CHECKSUM} /${DEFAULT_CONF_FILE}" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version" exit 0 } ;; *) - entrypoint_log "$ME: info: Unsupported distribution" + entrypoint_log "${ME}: info: Unsupported distribution" exit 0 ;; esac # enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE +sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /${DEFAULT_CONF_FILE} -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "${ME}: info: Enabled listen on IPv6 in /${DEFAULT_CONF_FILE}" exit 0 diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index e830dda..87d88ea 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 6938405..febbc7e 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -1,8 +1,8 @@ -#!/bin/sh +#!/usr/bin/env sh set -e -ME=$(basename "$0") +ME=$(basename "${0}") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -13,16 +13,16 @@ entrypoint_log() { add_stream_block() { local conffile="/etc/nginx/nginx.conf" - if grep -q -E "\s*stream\s*\{" "$conffile"; then - entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + if grep -q -E "\s*stream\s*\{" "${conffile}"; then + entrypoint_log "${ME}: ${conffile} contains a stream block; include ${stream_output_dir}/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" -# added by "$ME" on "$(date)" + touch "${conffile}" 2>/dev/null || { entrypoint_log "${ME}: info: can not modify ${conffile} (read-only file system?)"; exit 0; } + entrypoint_log "${ME}: Appending stream block to ${conffile} to include ${stream_output_dir}/*.conf" + cat << END >> "${conffile}" +# added by "${ME}" on "$(date)" stream { - include $stream_output_dir/*.conf; + include ${stream_output_dir}/*.conf; } END fi @@ -38,37 +38,37 @@ auto_envsubst() { local template defined_envs relative_path output_path subdir defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + [ -d "${template_dir}" ] || return 0 + if [ ! -w "${output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${output_dir} is not writable" return 0 fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$output_dir/${relative_path%"$suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${output_dir}/${relative_path%"${suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done # Print the first file with the stream suffix, this will be false if there are none - if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then - mkdir -p "$stream_output_dir" - if [ ! -w "$stream_output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + if test -n "$(find "${template_dir}" -name "*${stream_suffix}" -print -quit)"; then + mkdir -p "${stream_output_dir}" + if [ ! -w "${stream_output_dir}" ]; then + entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${stream_output_dir} is not writable" return 0 fi add_stream_block - find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#"$template_dir/"}" - output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" - subdir=$(dirname "$relative_path") + find "${template_dir}" -follow -type f -name "*${stream_suffix}" -print | while read -r template; do + relative_path="${template#"${template_dir}/"}" + output_path="${stream_output_dir}/${relative_path%"${stream_suffix}"}" + subdir=$(dirname "${relative_path}") # create a subdirectory where the template file exists - mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + mkdir -p "${stream_output_dir}/${subdir}" + entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}" + envsubst "${defined_envs}" < "${template}" > "${output_path}" done fi } diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index defb994..df3885a 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -1,31 +1,31 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=2:ts=2:sts=2:et set -eu LC_ALL=C -ME=$(basename "$0") +ME=$(basename "${0}") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "\${ME}: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } ceildiv() { - num=$1 - div=$2 + num=${1} + div=${2} echo $(( (num + div - 1) / div )) } get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 + cpusetroot=${1} + cpusetfile=${2} ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in + [ -f "${cpusetroot}/${cpusetfile}" ] || return 1 + for token in $( tr ',' ' ' < "${cpusetroot}/${cpusetfile}" ); do + case "${token}" in *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + count=$( seq $(echo "${token}" | tr '-' ' ') | wc -l ) ncpu=$(( ncpu+count )) ;; *) @@ -33,38 +33,38 @@ get_cpuset() { ;; esac done - echo "$ncpu" + echo "${ncpu}" } get_quota() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.cfs_quota_us" ] || return 1 + [ -f "${cpuroot}/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "${cpuroot}/cpu.cfs_quota_us" ) + cfs_period=$( cat "${cpuroot}/cpu.cfs_period_us" ) + [ "${cfs_quota}" = "-1" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_quota_v2() { - cpuroot=$1 + cpuroot=${1} ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" + [ -f "${cpuroot}/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "${cpuroot}/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "${cpuroot}/cpu.max" ) + [ "${cfs_quota}" = "max" ] && return 1 + [ "${cfs_period}" = "0" ] && return 1 + ncpu=$( ceildiv "${cfs_quota}" "${cfs_period}" ) + [ "${ncpu}" -gt 0 ] || return 1 + echo "${ncpu}" } get_cgroup_v1_path() { - needle=$1 + needle=${1} found= foundroot= mountpoint= @@ -73,21 +73,21 @@ get_cgroup_v1_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - case "$needle" in + case "${needle}" in "cpuset") - case "$line" in + case "${line}" in *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac ;; "cpu") - case "$line" in + case "${line}" in *cpuset*) ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) break ;; esac @@ -97,20 +97,20 @@ $( grep -F -- '- cgroup ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in + controller=$( echo "${line}" | cut -d: -f 2 ) + case "${needle}" in "cpuset") - case "$controller" in + case "${controller}" in cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac ;; "cpu") - case "$controller" in + case "${controller}" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) break ;; esac @@ -122,13 +122,13 @@ __EOF__ case "${found%% *}" in "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint") + "${mountpoint}") foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } get_cgroup_v2_path() { @@ -140,13 +140,13 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) + found=$( echo "${line}" | cut -d ' ' -f 4,5 ) done << __EOF__ $( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) + mountpoint=$( echo "${line}" | cut -d: -f 3 ) done << __EOF__ $( grep -F -- '0::' /proc/self/cgroup ) __EOF__ @@ -156,13 +156,13 @@ __EOF__ return 1 ;; "/") - foundroot="${found##* }$mountpoint" + foundroot="${found##* }${mountpoint}" ;; - "$mountpoint" | /../*) + "${mountpoint}" | /../*) foundroot="${found##* }" ;; esac - echo "$foundroot" + echo "${foundroot}" } ncpu_online=$( getconf _NPROCESSORS_ONLN ) @@ -171,18 +171,18 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "${cpuset}" "cpuset.effective_cpus" ) || ncpu_cpuset=${ncpu_online} +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "${cpu}" ) || ncpu_quota=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "${cgroup_v2}" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=${ncpu_online} +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "${cgroup_v2}" ) || ncpu_quota_v2=${ncpu_online} ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ + "${ncpu_online}" \ + "${ncpu_cpuset}" \ + "${ncpu_quota}" \ + "${ncpu_cpuset_v2}" \ + "${ncpu_quota_v2}" \ | sort -n \ | head -n 1 ) -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"${ME}"' on '"$(date)"'\n#\1\2\n\1 '"${ncpu}"';/' /etc/nginx/nginx.conf diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 8ea04f2..cac74ec 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -1,47 +1,47 @@ -#!/bin/sh +#!/usr/bin/env sh # vim:sw=4:ts=4:et set -e entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" + echo "${@}" fi } -if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then +if [ "${1}" = "nginx" ] || [ "${1}" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "${0}: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "${0}: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in + case "${f}" in *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" + if [ -r "${f}" ]; then + entrypoint_log "${0}: Sourcing ${f}"; + . "${f}" else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + # warn on shell scripts not readable + entrypoint_log "${0}: Ignoring ${f}, not readable"; fi ;; *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" + if [ -x "${f}" ]; then + entrypoint_log "${0}: Launching ${f}"; + "${f}" else # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; + entrypoint_log "${0}: Ignoring ${f}, not executable"; fi ;; - *) entrypoint_log "$0: Ignoring $f";; + *) entrypoint_log "${0}: Ignoring ${f}";; esac done - entrypoint_log "$0: Configuration complete; ready for start up" + entrypoint_log "${0}: Configuration complete; ready for start up" else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "${0}: No files found in /docker-entrypoint.d/, skipping configuration" fi fi -exec "$@" +exec "${@}"