From c9efe13c332c0d8347b453c91626888703c44a94 Mon Sep 17 00:00:00 2001 From: Christoph Schranz Date: Sat, 22 Feb 2020 19:13:22 +0100 Subject: [PATCH] deleting build scripts within src --- .gitignore | 2 +- src/fix-permissions | 35 -------- src/jupyter_notebook_config.py | 55 ------------ src/start-notebook.sh | 15 ---- src/start-singleuser.sh | 44 ---------- src/start.sh | 152 --------------------------------- 6 files changed, 1 insertion(+), 302 deletions(-) delete mode 100755 src/fix-permissions delete mode 100644 src/jupyter_notebook_config.py delete mode 100755 src/start-notebook.sh delete mode 100755 src/start-singleuser.sh delete mode 100755 src/start.sh diff --git a/.gitignore b/.gitignore index 49876db..20c2a00 100644 --- a/.gitignore +++ b/.gitignore @@ -113,4 +113,4 @@ venv.bak/ # Added config to hide hashe of changed password src/jupyter_notebook_config.json .build/docker-stacks -.idea \ No newline at end of file +.idea diff --git a/src/fix-permissions b/src/fix-permissions deleted file mode 100755 index 659b276..0000000 --- a/src/fix-permissions +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# set permissions on a directory -# after any installation, if a directory needs to be (human) user-writable, -# run this script on it. -# It will make everything in the directory owned by the group $NB_GID -# and writable by that group. -# Deployments that want to set a specific user id can preserve permissions -# by adding the `--group-add users` line to `docker run`. - -# uses find to avoid touching files that already have the right permissions, -# which would cause massive image explosion - -# right permissions are: -# group=$NB_GID -# AND permissions include group rwX (directory-execute) -# AND directories have setuid,setgid bits set - -set -e - -for d in "$@"; do - find "$d" \ - ! \( \ - -group $NB_GID \ - -a -perm -g+rwX \ - \) \ - -exec chgrp $NB_GID {} \; \ - -exec chmod g+rwX {} \; - # setuid,setgid *on directories only* - find "$d" \ - \( \ - -type d \ - -a ! -perm -6000 \ - \) \ - -exec chmod +6000 {} \; -done diff --git a/src/jupyter_notebook_config.py b/src/jupyter_notebook_config.py deleted file mode 100644 index 0bb03b5..0000000 --- a/src/jupyter_notebook_config.py +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -from jupyter_core.paths import jupyter_data_dir -import subprocess -import os -import errno -import stat - -c = get_config() -c.NotebookApp.ip = '0.0.0.0' -c.NotebookApp.port = 8888 -c.NotebookApp.open_browser = False - -# https://github.com/jupyter/notebook/issues/3130 -c.FileContentsManager.delete_to_trash = False - -# Generate a self-signed certificate -if 'GEN_CERT' in os.environ: - dir_name = jupyter_data_dir() - pem_file = os.path.join(dir_name, 'notebook.pem') - try: - os.makedirs(dir_name) - except OSError as exc: # Python >2.5 - if exc.errno == errno.EEXIST and os.path.isdir(dir_name): - pass - else: - raise - - # Generate an openssl.cnf file to set the distinguished name - cnf_file = os.path.join(os.getenv('CONDA_DIR', '/usr/lib'), 'ssl', 'openssl.cnf') - if not os.path.isfile(cnf_file): - with open(cnf_file, 'w') as fh: - fh.write('''\ -[req] -distinguished_name = req_distinguished_name -[req_distinguished_name] -''') - - # Generate a certificate if one doesn't exist on disk - subprocess.check_call(['openssl', 'req', '-new', - '-newkey', 'rsa:2048', - '-days', '365', - '-nodes', '-x509', - '-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated', - '-keyout', pem_file, - '-out', pem_file]) - # Restrict access to the file - os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR) - c.NotebookApp.certfile = pem_file - -# Change default umask for all subprocesses of the notebook server if set in -# the environment -if 'NB_UMASK' in os.environ: - os.umask(int(os.environ['NB_UMASK'], 8)) diff --git a/src/start-notebook.sh b/src/start-notebook.sh deleted file mode 100755 index fd55953..0000000 --- a/src/start-notebook.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then - # launched by JupyterHub, use single-user entrypoint - exec /usr/local/bin/start-singleuser.sh "$@" -elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then - . /usr/local/bin/start.sh jupyter lab "$@" -else - . /usr/local/bin/start.sh jupyter notebook "$@" -fi - diff --git a/src/start-singleuser.sh b/src/start-singleuser.sh deleted file mode 100755 index f5ec3b0..0000000 --- a/src/start-singleuser.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -# set default ip to 0.0.0.0 -if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then - NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS" -fi - -# handle some deprecated environment variables -# from DockerSpawner < 0.8. -# These won't be passed from DockerSpawner 0.9, -# so avoid specifying --arg=empty-string -if [ ! -z "$NOTEBOOK_DIR" ]; then - NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_PORT" ]; then - NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_USER" ]; then - NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_COOKIE_NAME" ]; then - NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_BASE_URL" ]; then - NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_HUB_PREFIX" ]; then - NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_HUB_API_URL" ]; then - NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS" -fi -if [ ! -z "$JUPYTER_ENABLE_LAB" ]; then - NOTEBOOK_BIN="jupyter labhub" -else - NOTEBOOK_BIN="jupyterhub-singleuser" -fi - -. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS "$@" - diff --git a/src/start.sh b/src/start.sh deleted file mode 100755 index ad39498..0000000 --- a/src/start.sh +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -# Exec the specified command or fall back on bash -if [ $# -eq 0 ]; then - cmd=( "bash" ) -else - cmd=( "$@" ) -fi - -run-hooks () { - # Source scripts or run executable files in a directory - if [[ ! -d "$1" ]] ; then - return - fi - echo "$0: running hooks in $1" - for f in "$1/"*; do - case "$f" in - *.sh) - echo "$0: running $f" - source "$f" - ;; - *) - if [[ -x "$f" ]] ; then - echo "$0: running $f" - "$f" - else - echo "$0: ignoring $f" - fi - ;; - esac - done - echo "$0: done running hooks in $1" -} - -run-hooks /usr/local/bin/start-notebook.d - -# Handle special flags if we're root -if [ $(id -u) == 0 ] ; then - - # Only attempt to change the jovyan username if it exists - if id jovyan &> /dev/null ; then - echo "Set username to: $NB_USER" - usermod -d /home/$NB_USER -l $NB_USER jovyan - fi - - # Handle case where provisioned storage does not have the correct permissions by default - # Ex: default NFS/EFS (no auto-uid/gid) - if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then - echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" - chown $CHOWN_HOME_OPTS $NB_UID:$NB_GID /home/$NB_USER - fi - if [ ! -z "$CHOWN_EXTRA" ]; then - for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do - echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" - chown $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir - done - fi - - # handle home and working directory if the username changed - if [[ "$NB_USER" != "jovyan" ]]; then - # changing username, make sure homedir exists - # (it could be mounted, and we shouldn't create it if it already exists) - if [[ ! -e "/home/$NB_USER" ]]; then - echo "Relocating home dir to /home/$NB_USER" - mv /home/jovyan "/home/$NB_USER" - fi - # if workdir is in /home/jovyan, cd to /home/$NB_USER - if [[ "$PWD/" == "/home/jovyan/"* ]]; then - newcwd="/home/$NB_USER/${PWD:13}" - echo "Setting CWD to $newcwd" - cd "$newcwd" - fi - fi - - # Change UID of NB_USER to NB_UID if it does not match - if [ "$NB_UID" != $(id -u $NB_USER) ] ; then - echo "Set $NB_USER UID to: $NB_UID" - usermod -u $NB_UID $NB_USER - fi - - # Set NB_USER primary gid to NB_GID (after making the group). Set - # supplementary gids to NB_GID and 100. - if [ "$NB_GID" != $(id -g $NB_USER) ] ; then - echo "Add $NB_USER to group: $NB_GID" - groupadd -g $NB_GID -o ${NB_GROUP:-${NB_USER}} - usermod -g $NB_GID -aG 100 $NB_USER - fi - - # Enable sudo if requested - if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then - echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" - echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook - fi - - # Add $CONDA_DIR/bin to sudo secure_path - sed -r "s#Defaults\s+secure_path=\"([^\"]+)\"#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path - - # Exec the command as NB_USER with the PATH and the rest of - # the environment preserved - run-hooks /usr/local/bin/before-notebook.d - echo "Executing the command: ${cmd[@]}" - exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=/home/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" -else - if [[ "$NB_UID" == "$(id -u jovyan)" && "$NB_GID" == "$(id -g jovyan)" ]]; then - # User is not attempting to override user/group via environment - # variables, but they could still have overridden the uid/gid that - # container runs as. Check that the user has an entry in the passwd - # file and if not add an entry. - STATUS=0 && whoami &> /dev/null || STATUS=$? && true - if [[ "$STATUS" != "0" ]]; then - if [[ -w /etc/passwd ]]; then - echo "Adding passwd file entry for $(id -u)" - cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd - echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd - cat /tmp/passwd > /etc/passwd - rm /tmp/passwd - else - echo 'Container must be run with group "root" to update passwd file' - fi - fi - - # Warn if the user isn't going to be able to write files to $HOME. - if [[ ! -w /home/jovyan ]]; then - echo 'Container must be run with group "users" to update files' - fi - else - # Warn if looks like user want to override uid/gid but hasn't - # run the container as root. - if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then - echo 'Container must be run as root to set $NB_UID' - fi - if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then - echo 'Container must be run as root to set $NB_GID' - fi - fi - - # Warn if looks like user want to run in sudo mode but hasn't run - # the container as root. - if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then - echo 'Container must be run as root to grant sudo permissions' - fi - - # Execute the command - run-hooks /usr/local/bin/before-notebook.d - echo "Executing the command: ${cmd[@]}" - exec "${cmd[@]}" -fi -