deleting build scripts within src
This commit is contained in:
parent
90ba960fda
commit
c9efe13c33
@ -1,35 +0,0 @@
|
||||
#!/bin/bash
|
||||
# set permissions on a directory
|
||||
# after any installation, if a directory needs to be (human) user-writable,
|
||||
# run this script on it.
|
||||
# It will make everything in the directory owned by the group $NB_GID
|
||||
# and writable by that group.
|
||||
# Deployments that want to set a specific user id can preserve permissions
|
||||
# by adding the `--group-add users` line to `docker run`.
|
||||
|
||||
# uses find to avoid touching files that already have the right permissions,
|
||||
# which would cause massive image explosion
|
||||
|
||||
# right permissions are:
|
||||
# group=$NB_GID
|
||||
# AND permissions include group rwX (directory-execute)
|
||||
# AND directories have setuid,setgid bits set
|
||||
|
||||
set -e
|
||||
|
||||
for d in "$@"; do
|
||||
find "$d" \
|
||||
! \( \
|
||||
-group $NB_GID \
|
||||
-a -perm -g+rwX \
|
||||
\) \
|
||||
-exec chgrp $NB_GID {} \; \
|
||||
-exec chmod g+rwX {} \;
|
||||
# setuid,setgid *on directories only*
|
||||
find "$d" \
|
||||
\( \
|
||||
-type d \
|
||||
-a ! -perm -6000 \
|
||||
\) \
|
||||
-exec chmod +6000 {} \;
|
||||
done
|
@ -1,55 +0,0 @@
|
||||
# Copyright (c) Jupyter Development Team.
|
||||
# Distributed under the terms of the Modified BSD License.
|
||||
|
||||
from jupyter_core.paths import jupyter_data_dir
|
||||
import subprocess
|
||||
import os
|
||||
import errno
|
||||
import stat
|
||||
|
||||
c = get_config()
|
||||
c.NotebookApp.ip = '0.0.0.0'
|
||||
c.NotebookApp.port = 8888
|
||||
c.NotebookApp.open_browser = False
|
||||
|
||||
# https://github.com/jupyter/notebook/issues/3130
|
||||
c.FileContentsManager.delete_to_trash = False
|
||||
|
||||
# Generate a self-signed certificate
|
||||
if 'GEN_CERT' in os.environ:
|
||||
dir_name = jupyter_data_dir()
|
||||
pem_file = os.path.join(dir_name, 'notebook.pem')
|
||||
try:
|
||||
os.makedirs(dir_name)
|
||||
except OSError as exc: # Python >2.5
|
||||
if exc.errno == errno.EEXIST and os.path.isdir(dir_name):
|
||||
pass
|
||||
else:
|
||||
raise
|
||||
|
||||
# Generate an openssl.cnf file to set the distinguished name
|
||||
cnf_file = os.path.join(os.getenv('CONDA_DIR', '/usr/lib'), 'ssl', 'openssl.cnf')
|
||||
if not os.path.isfile(cnf_file):
|
||||
with open(cnf_file, 'w') as fh:
|
||||
fh.write('''\
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
[req_distinguished_name]
|
||||
''')
|
||||
|
||||
# Generate a certificate if one doesn't exist on disk
|
||||
subprocess.check_call(['openssl', 'req', '-new',
|
||||
'-newkey', 'rsa:2048',
|
||||
'-days', '365',
|
||||
'-nodes', '-x509',
|
||||
'-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated',
|
||||
'-keyout', pem_file,
|
||||
'-out', pem_file])
|
||||
# Restrict access to the file
|
||||
os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR)
|
||||
c.NotebookApp.certfile = pem_file
|
||||
|
||||
# Change default umask for all subprocesses of the notebook server if set in
|
||||
# the environment
|
||||
if 'NB_UMASK' in os.environ:
|
||||
os.umask(int(os.environ['NB_UMASK'], 8))
|
@ -1,15 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) Jupyter Development Team.
|
||||
# Distributed under the terms of the Modified BSD License.
|
||||
|
||||
set -e
|
||||
|
||||
if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then
|
||||
# launched by JupyterHub, use single-user entrypoint
|
||||
exec /usr/local/bin/start-singleuser.sh "$@"
|
||||
elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then
|
||||
. /usr/local/bin/start.sh jupyter lab "$@"
|
||||
else
|
||||
. /usr/local/bin/start.sh jupyter notebook "$@"
|
||||
fi
|
||||
|
@ -1,44 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) Jupyter Development Team.
|
||||
# Distributed under the terms of the Modified BSD License.
|
||||
|
||||
set -e
|
||||
|
||||
# set default ip to 0.0.0.0
|
||||
if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then
|
||||
NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS"
|
||||
fi
|
||||
|
||||
# handle some deprecated environment variables
|
||||
# from DockerSpawner < 0.8.
|
||||
# These won't be passed from DockerSpawner 0.9,
|
||||
# so avoid specifying --arg=empty-string
|
||||
if [ ! -z "$NOTEBOOK_DIR" ]; then
|
||||
NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JPY_PORT" ]; then
|
||||
NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JPY_USER" ]; then
|
||||
NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JPY_COOKIE_NAME" ]; then
|
||||
NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JPY_BASE_URL" ]; then
|
||||
NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JPY_HUB_PREFIX" ]; then
|
||||
NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JPY_HUB_API_URL" ]; then
|
||||
NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS"
|
||||
fi
|
||||
if [ ! -z "$JUPYTER_ENABLE_LAB" ]; then
|
||||
NOTEBOOK_BIN="jupyter labhub"
|
||||
else
|
||||
NOTEBOOK_BIN="jupyterhub-singleuser"
|
||||
fi
|
||||
|
||||
. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS "$@"
|
||||
|
152
src/start.sh
152
src/start.sh
@ -1,152 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) Jupyter Development Team.
|
||||
# Distributed under the terms of the Modified BSD License.
|
||||
|
||||
set -e
|
||||
|
||||
# Exec the specified command or fall back on bash
|
||||
if [ $# -eq 0 ]; then
|
||||
cmd=( "bash" )
|
||||
else
|
||||
cmd=( "$@" )
|
||||
fi
|
||||
|
||||
run-hooks () {
|
||||
# Source scripts or run executable files in a directory
|
||||
if [[ ! -d "$1" ]] ; then
|
||||
return
|
||||
fi
|
||||
echo "$0: running hooks in $1"
|
||||
for f in "$1/"*; do
|
||||
case "$f" in
|
||||
*.sh)
|
||||
echo "$0: running $f"
|
||||
source "$f"
|
||||
;;
|
||||
*)
|
||||
if [[ -x "$f" ]] ; then
|
||||
echo "$0: running $f"
|
||||
"$f"
|
||||
else
|
||||
echo "$0: ignoring $f"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
echo "$0: done running hooks in $1"
|
||||
}
|
||||
|
||||
run-hooks /usr/local/bin/start-notebook.d
|
||||
|
||||
# Handle special flags if we're root
|
||||
if [ $(id -u) == 0 ] ; then
|
||||
|
||||
# Only attempt to change the jovyan username if it exists
|
||||
if id jovyan &> /dev/null ; then
|
||||
echo "Set username to: $NB_USER"
|
||||
usermod -d /home/$NB_USER -l $NB_USER jovyan
|
||||
fi
|
||||
|
||||
# Handle case where provisioned storage does not have the correct permissions by default
|
||||
# Ex: default NFS/EFS (no auto-uid/gid)
|
||||
if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then
|
||||
echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'"
|
||||
chown $CHOWN_HOME_OPTS $NB_UID:$NB_GID /home/$NB_USER
|
||||
fi
|
||||
if [ ! -z "$CHOWN_EXTRA" ]; then
|
||||
for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do
|
||||
echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'"
|
||||
chown $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir
|
||||
done
|
||||
fi
|
||||
|
||||
# handle home and working directory if the username changed
|
||||
if [[ "$NB_USER" != "jovyan" ]]; then
|
||||
# changing username, make sure homedir exists
|
||||
# (it could be mounted, and we shouldn't create it if it already exists)
|
||||
if [[ ! -e "/home/$NB_USER" ]]; then
|
||||
echo "Relocating home dir to /home/$NB_USER"
|
||||
mv /home/jovyan "/home/$NB_USER"
|
||||
fi
|
||||
# if workdir is in /home/jovyan, cd to /home/$NB_USER
|
||||
if [[ "$PWD/" == "/home/jovyan/"* ]]; then
|
||||
newcwd="/home/$NB_USER/${PWD:13}"
|
||||
echo "Setting CWD to $newcwd"
|
||||
cd "$newcwd"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Change UID of NB_USER to NB_UID if it does not match
|
||||
if [ "$NB_UID" != $(id -u $NB_USER) ] ; then
|
||||
echo "Set $NB_USER UID to: $NB_UID"
|
||||
usermod -u $NB_UID $NB_USER
|
||||
fi
|
||||
|
||||
# Set NB_USER primary gid to NB_GID (after making the group). Set
|
||||
# supplementary gids to NB_GID and 100.
|
||||
if [ "$NB_GID" != $(id -g $NB_USER) ] ; then
|
||||
echo "Add $NB_USER to group: $NB_GID"
|
||||
groupadd -g $NB_GID -o ${NB_GROUP:-${NB_USER}}
|
||||
usermod -g $NB_GID -aG 100 $NB_USER
|
||||
fi
|
||||
|
||||
# Enable sudo if requested
|
||||
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
|
||||
echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH"
|
||||
echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
|
||||
fi
|
||||
|
||||
# Add $CONDA_DIR/bin to sudo secure_path
|
||||
sed -r "s#Defaults\s+secure_path=\"([^\"]+)\"#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path
|
||||
|
||||
# Exec the command as NB_USER with the PATH and the rest of
|
||||
# the environment preserved
|
||||
run-hooks /usr/local/bin/before-notebook.d
|
||||
echo "Executing the command: ${cmd[@]}"
|
||||
exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=/home/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}"
|
||||
else
|
||||
if [[ "$NB_UID" == "$(id -u jovyan)" && "$NB_GID" == "$(id -g jovyan)" ]]; then
|
||||
# User is not attempting to override user/group via environment
|
||||
# variables, but they could still have overridden the uid/gid that
|
||||
# container runs as. Check that the user has an entry in the passwd
|
||||
# file and if not add an entry.
|
||||
STATUS=0 && whoami &> /dev/null || STATUS=$? && true
|
||||
if [[ "$STATUS" != "0" ]]; then
|
||||
if [[ -w /etc/passwd ]]; then
|
||||
echo "Adding passwd file entry for $(id -u)"
|
||||
cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd
|
||||
echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd
|
||||
cat /tmp/passwd > /etc/passwd
|
||||
rm /tmp/passwd
|
||||
else
|
||||
echo 'Container must be run with group "root" to update passwd file'
|
||||
fi
|
||||
fi
|
||||
|
||||
# Warn if the user isn't going to be able to write files to $HOME.
|
||||
if [[ ! -w /home/jovyan ]]; then
|
||||
echo 'Container must be run with group "users" to update files'
|
||||
fi
|
||||
else
|
||||
# Warn if looks like user want to override uid/gid but hasn't
|
||||
# run the container as root.
|
||||
if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then
|
||||
echo 'Container must be run as root to set $NB_UID'
|
||||
fi
|
||||
if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then
|
||||
echo 'Container must be run as root to set $NB_GID'
|
||||
fi
|
||||
fi
|
||||
|
||||
# Warn if looks like user want to run in sudo mode but hasn't run
|
||||
# the container as root.
|
||||
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
|
||||
echo 'Container must be run as root to grant sudo permissions'
|
||||
fi
|
||||
|
||||
# Execute the command
|
||||
run-hooks /usr/local/bin/before-notebook.d
|
||||
echo "Executing the command: ${cmd[@]}"
|
||||
exec "${cmd[@]}"
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user