refactor core moving files to core/rootfs

move helper scripts to /opt/lib from /opt/bin therein
refactor creating a user and installing UCI shell

Dockerfile.d/core.tpl

@@ -7,11 +7,13 @@
 %
 if ! { [ "$VERBOSE" = "core" ] || [ "$VERBOSE" = "all" ]; }; then unset VERBOSE; fi
 
+echo "**************************************" 
+echo "****** Building UCI Image Core ******" 
+
+echo copying core rootfs to image
 /bin/cp -R -f -p rootfs/. /
 . /opt/lib/verbose.lib 
 
-echo "**************************************" 
-echo "****** Building UCI Image Core ******" 
 quiet echo core build directory
 quiet pwd
 quiet ls -la

core/core.sh

@@ -10,6 +10,8 @@ if [[ -f ./build.env ]]; then
     source ./build.env 
 fi
 source $LIB_DIR/verbose.lib
+
+[[ -f ./custom-core.sh ]] && echo "sourcing custom core script" && source "./custom-core.sh" 
 echo appending pkg commands to core_run.env
 echo appending sourcing of $ENV_DIR/run.env if it exists
 cat <<ENV >> /opt/core_run.env
@@ -21,14 +23,16 @@ quiet cat /opt/core_run.env
 mkdir -p /etc/profile.d
 echo creating login sourcing file for core_run.env in /etc/profile.d
 echo "source /opt/core_run.env" > /etc/profile.d/01-core-run-env.sh
-quiet ls -la /etc/profile.d
+
+# if UCI_SHELL is set then USER must be login user 
 [[ $USER_PW ]] && export USER=${USER:-host}
 if [[ $USER ]]; then
     export UHID=${UHID:-1000}
     chown -R -h $UHID:$UHID /opt $VOLUME_DIRS
-    /bin/bash user.sh
+    $LIB_DIR/user-create
 fi
-[[ $UCI_SHELL ]] && /bin/bash uci-shell.sh
-
+[[ $UCI_SHELL ]] && $LIB_DIR/uci-shell
+quiet ls -la /etc/profile.d
+quiet cat /etc/profile
 ls -la /opt
 echo "done ------------- CORE INSTALLATION ------------"

core/rootfs/etc/profile

@@ -1,83 +0,0 @@
-#!/bin/bash
-
-# do not add code here for non-interative login shell
-# rather put additional non-interactive profile script code in files in /etc/profile.d
-
-# this files is sourced for all login shells and also interactive non-login shells via /etc/bash.bashrc
-# more info see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/profile.html
-
-# interactive non-login and login shells will call the BASH_SHELL_LOAD script below
-# non-interative login shells only source /etc/profile.d 
-# in profile.d is 03-startup.sh which will call 
-# any of the scripts in a repo's startup subdirectory 
-# non-interactive non-login shells are not handled here only via /etc/bash.bashrc
-# interactive login 
-
-
-([ -n "$SSH_CONNECTION" ] || [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]) && export SSH_SESSION=true
-[[ $- == *i* ]] && export SHELL_INTERACTIVE=true
-shopt -q login_shell && export SHELL_LOGIN=true 
-[ $EUID -eq 0 ] && export USER_ROOT=true
-
-# uncomment for debugging non-interactive login shell, i.e. $ . /etc/profile
-#unset SHELL_INTERACTIVE
-
-#uncomment these for debugging.
-#  echo ---- sourcing system /etc/profile ---
-#  [[ $USER_ROOT ]] && echo 'Root User' || echo 'Non Root User'
-#  [[ $SHELL_INTERACTIVE ]] && echo 'Interactive' || echo 'Not interactive'
-#  [[ $SHELL_LOGIN ]] && echo 'Login shell' || echo 'Not login shell'
-#  [[ $SSH_SESSION ]] && echo ssh remote user || echo local user
-#  echo ---------------------
-
-# Set the initial path
-export PATH=/bin:/usr/bin:/usr/local/bin
-# set directory for base shell repo
-export BASH_SHELL_BASE=/shell
-# now bootstrap by souring the shell repo envinroment
-source $BASH_SHELL_BASE/shell.env
-# set $BASH_SAFE_MODE=true in shell.env to disable UCI interactive shell from loading
-# TODO see if  $NO_BASH_SHELL_SSH=true in user or host directory (at the remote machine)
-# if so don't source the load command below and make just a simple prompt.
-if [[ $SHELL_INTERACTIVE ]]; then 
- if [[ ! $BASH_SAFE_MODE ]]; then
-   # echo interactive shell loading $BASH_SHELL_LOAD
-   source "$BASH_SHELL_LOAD"
- else
-   # safe mode
-   # just set a simple prompt instead
-   NORMAL="\[\e[0m\]"
-   RED="\[\e[1;31m\]"
-   GREEN="\[\e[1;32m\]"
-   YELLOW='\e[1;33m'
-   if [[ $EUID == 0 ]] ; then
-     PS1="${YELLOW}SAFE:$RED\u [ $NORMAL\w$RED ]# $NORMAL"
-   else
-     PS1="${YELLOW}SAFE:$GREEN \u [ $NORMAL\w$GREEN ]\$ $NORMAL"
-   fi
-   unset RED GREEN NORMAL YELLOW
- fi
-else
-  # this is non-interactive login (e.g. at user machine login)
-  if [[ $EUID -ne 0 ]] && [[ ! $SSH_SESSION ]]; then
-    export LOGIN_LOG=$HOME/logs/login.log
-    mkdir -p $HOME/logs
-    touch $LOGIN_LOG
-    llog () {
-       echo "$@" >> $LOGIN_LOG 2>&1
-    }
-    export -f llog
-    llog "$(env | grep BASH)"
-    echo "$(date)" > $LOGIN_LOG
-    llog "non-interactive login shell for $USER"
-    if [ -d /etc/profile.d ]; then
-       for i in /etc/profile.d/*.sh; do
-         if [ -r $i ]; then
-           llog "sourcing $i"
-           source $i
-         fi
-       done
-       unset i
-    fi
-  fi
-fi

core/rootfs/etc/profile.d/02-root.sh

@@ -1,6 +0,0 @@
-# root login setup only, put in if block
-if [ $EUID -eq 0 ] ; then # if root user
-        echo login profile, root specific setup
-        export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin
-        unset HISTFILE
-fi

core/rootfs/etc/profile.d/03-startup.sh

@@ -1,10 +0,0 @@
-# this runs startups for bash shell base system
- # don't run statup if user logs in via su
-  if  [ "$SHELL" = "/bin/bash" ] && [ "${BASH_SHELL_STARTUP}" ] && [ "$(ps -o comm= $PPID)" != "su" ]; then
-    # uncomment for debugging
-    if [[ -f $BASH_SHELL_STARTUP ]] && [[ $EUID -ne 0 ]]; then
-     llog "sourcing startup script $BASH_SHELL_STARTUP"
-    #  (${BASH_SHELL_STARTUP}) &
-    source ${BASH_SHELL_STARTUP}
-   fi
- fi

core/rootfs/opt/bin/entrypoint

@@ -1,18 +1,23 @@
 #!/bin/bash
 source /opt/core_run.env
-case "$1" in
 
+cmd=$1
+
+# [[ $DEVELOPMENT && $cmd == "${ENTRYPOINT_CMD:-start}" ]] && echo "development mode enabled, idling container" && cmd=idle  
+
+case "$cmd" in
 
 maphostid)
 shift 1
-/bin/bash -l -c '$BIN_DIR/map-host-id $@' $0 "$@"
+/bin/bash -l -c '$:LIB_DIR/map-host-id $@' $0 "$@"
 ;;
 idle)
+echo container put in idle mode, use docker terminal to access
 sleep infinity
 ;;
 image)
 shift 1
-/bin/bash -l -c '$BIN_DIR/image-info $@' $0 "$@"
+/bin/bash -l -c '$LIB_DIR/image-info $@' $0 "$@"
 ;;
 shell)
 shift 1
@@ -29,7 +34,7 @@ cat | /bin/bash -l
 ;;
 ${ENTRYPOINT_CMD:-start})
 shift 1
-/bin/bash -l -c '${ENTRYPOINT_CMD_PATH:-$BIN_DIR/start} $@' $0 "$@"
+/bin/bash -l -c '${ENTRYPOINT_CMD_PATH:-$BIN_DIR/${ENTRYPOINT_CMD:-start}} $@' $0 "$@"
 ;;
 *)
 echo "--- command passed to container: $* ---"

core/rootfs/opt/lib/uci-shell

@@ -0,0 +1,29 @@
+#!/bin/bash
+echo -e "\n------------ ADD UCI-SHELL ---------------"
+/bin/cp -R -f -p shell/. /shell
+ls -la /
+ls -ls /shell
+# mkdir -p /shell
+# _url=https://git.kebler.net/bash/shell-base.git
+# git clone $_url /shell
+
+source /shell/base/install/install.sh 
+usermod --shell /bin/bash root
+
+if [[ $USER_PW ]]; then
+echo adding shell for login user $USER
+homedir=$( getent passwd "$USER" | cut -d: -f6 )
+mkdir -p $homedir/shell 
+uci_bash_shell_install $USER
+chown -R :$USER /shell 
+chmod -R g+r /shell
+# setfacl -d --set u::rwx,g::rwx,o::- /shell
+chown -R :host $homedir/shell 
+chmod -R g+rw $homedir/shell
+# setfacl -d --set u::rwx,g::rwx,o::- /home/$USER/shell
+else 
+ uci_bash_shell_install 
+fi
+
+echo "----------- uci shell install complete ------"
+

core/rootfs/opt/lib/user-create

@@ -0,0 +1,66 @@
+#!/bin/bash
+USER=${1:-$USER}
+USER_PW=${2-$USER_PW}
+UHID=${UHID:-1000}
+
+# TODO make SUDO conditional on USER_SUDO=true
+
+if [[ $USER ]]; then
+echo "------- Adding USER: $USER with ID: $UHID ------"
+
+cat <<DOC >> /etc/login.defs
+SYS_UID_MAX   $UHID"
+SYS_GID_MAX   $UHID"
+DOC
+
+    source $LIB_DIR/verbose.lib
+    # echo loading acl package
+    # silence $INSTALL_PKGS acl
+    groupadd -g $UHID $USER
+    # user passwords implies system (sudo) login user
+    
+    if [[ $USER_PW ]]; then
+        echo "$USER is being created as a login user"
+        useradd -rm -s /bin/bash -G $USER,$([[ $(getent group sudo) ]] && echo sudo || echo wheel) -g $USER -u $UHID $USER
+        echo $USER groups: $(groups $USER)
+        chpasswd <<< "${USER}:${USER_PW}"
+
+# SUDOERS Setup 
+        cat <<SUDO >> /etc/sudoers.d/01-sudo-wheel
+Defaults lecture = never     
+%wheel ALL=(ALL:ALL) ALL
+%sudo  ALL=(ALL:ALL) ALL
+SUDO
+    chmod 440 /etc/sudoers.d/01-sudo-wheel
+
+        cat <<USER >> /etc/sudoers.d/02-$USER
+$USER ALL = NOPASSWD:/bin/chown
+$USER ALL = NOPASSWD:/bin/chmod
+USER
+        chmod 440 /etc/sudoers.d/02-$USER
+        if [[ -f $USER-permits ]]; then
+            echo "--- $USER-permits file supplied copying to /etc/sudoers.d ---"
+            cat $USER-permits 
+            cat $USER-permits >> /etc/sudoers.d/02-$USER
+        fi 
+    else
+        echo $USER will be a non login user
+        # home_dir=${USER_HOME:-/home/$USER}
+        # mkdir -p $home_dir
+        useradd -rM -s /sbin/nologin -G $USER -g $USER -u $UHID $USER -p '*' -d /dev/null
+        # usermod -p '*' $USER
+        # -d $home_dir
+        # chown $USER:$USER $home_dir
+fi   
+ # shellcheck enable=add-default-case      
+# chmod -R g+rw /opt
+# setfacl -d --set u::rwx,g::rwx,o::- /opt
+cat /etc/passwd | grep $USER
+id $USER
+echo "done------- Adding USER: $USER ------"
+
+fi
+
+
+
+

core/uci-shell.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-echo -e "\n------------ ADD UCI-SHELL ---------------"
-mkdir -p /shell
-_url=https://git.kebler.net/bash/shell-base.git
-git clone $_url /shell
-source /shell/install/install.sh 
-
-
-if [[ $USER_PW ]]; then
-echo adding shell for login user $USER
-mkdir -p /home/$USER/shell 
-uci_bash_shell_install $USER
-chown -R $USER:$USER /shell 
-chmod -R g+rw /shell
-# setfacl -d --set u::rwx,g::rwx,o::- /shell
-chown -R :host /home/$USER/shell 
-chmod -R g+rw /home/$USER/shell
-# setfacl -d --set u::rwx,g::rwx,o::- /home/$USER/shell
-else 
- uci_bash_shell_install 
-fi
-
-echo "----------- uci shell install complete ------"
-

core/user.sh

@@ -1,58 +0,0 @@
-#!/bin/bash
-USER=${1:-$USER}
-USER_PW=${2-$USER_PW}
-UHID=${UHID:-1000}
-
-if [[ $USER ]]; then
-echo "------- Adding USER: $USER with ID: $UHID ------"
-
-cat <<DOC >> /etc/login.defs
-SYS_UID_MAX   $UHID"
-SYS_GID_MAX   $UHID"
-DOC
-
-    source $LIB_DIR/verbose.lib
-    # echo loading acl package
-    # silence $INSTALL_PKGS acl
-    groupadd -g $UHID $USER
-    # user passwords implies system (sudo) login user
-    if [[ $USER_PW ]]; then
-    echo "login system user being created"
-    useradd -rm -s /bin/bash -G $USER,$([[ $(getent group sudo) ]] && echo sudo || echo wheel) -g $USER -u $UHID $USER
-    echo $USER groups: $(groups $USER)
-    chpasswd <<< "${USER}:${USER_PW}"
-
-# SUDOERS Setup 
-cat <<SUDO >> /etc/sudoers.d/01-sudo-wheel
-Defaults lecture = never     
-%wheel ALL=(ALL:ALL) ALL
-%sudo  ALL=(ALL:ALL) ALL
-SUDO
-    chmod 440 /etc/sudoers.d/01-sudo-wheel
-
-cat <<USER >> /etc/sudoers.d/02-$USER
-$USER ALL = NOPASSWD:/bin/chown
-$USER ALL = NOPASSWD:/bin/chmod
-USER
-    chmod 440 /etc/sudoers.d/02-$USER
-    if [[ -f $USER-permits ]]; then
-        echo "--- $USER-permits file supplied copying to /etc/sudoers.d ---"
-        cat $USER-permits 
-        cat $USER-permits >> /etc/sudoers.d/02-$USER
-    fi 
-  else
-    home_dir=$([[ $USER_HOME ]] && echo "$USER_HOME" || echo "/opt/user" )
-    mkdir -p $home_dir
-    useradd -s /sbin/nologin -G $USER -g $USER -u $UHID $USER -d $home_dir
-    chown $USER:$USER $home_dir
-fi   
- # shellcheck enable=add-default-case      
-# chmod -R g+rw /opt
-# setfacl -d --set u::rwx,g::rwx,o::- /opt
-cat /etc/passwd | grep $USER
-echo "done------- Adding USER: $USER ------"
-fi
-
-
-
-