#!/bin/sh set -f [ -n "${IEP_TRACE}" ] || IEP_TRACE=0 [ "${IEP_TRACE}" = 1 ] || IEP_TRACE=0 [ "${IEP_TRACE}" = 0 ] || echo "# trace: $(date +'%Y-%m-%d %H:%M:%S.%03N %z'): start" >&2 iep_prepare_env() { ## Angie: unset core variables unset ANGIE ANGIE_BPF_MAPS } iep_preserve_env() { ## preserve LD_PRELOAD unset __IEP_LD_PRELOAD __IEP_LD_PRELOAD="${LD_PRELOAD:-}" unset LD_PRELOAD ## glibc: preserve GLIBC_TUNABLES unset __IEP_GLIBC_TUNABLES __IEP_GLIBC_TUNABLES="${GLIBC_TUNABLES:-}" unset GLIBC_TUNABLES ## glibc: preserve MALLOC_ARENA_MAX unset __IEP_MALLOC_ARENA_MAX __IEP_MALLOC_ARENA_MAX="${MALLOC_ARENA_MAX:-4}" export MALLOC_ARENA_MAX=2 } iep_restore_env() { unset IEP_DEBUG IEP_VERBOSE IEP_TRACE IEP_ROOT IEP_RETAIN_ENV ## restore LD_PRELOAD if [ -n "${__IEP_LD_PRELOAD:-}" ] ; then export LD_PRELOAD="${__IEP_LD_PRELOAD}" fi unset __IEP_LD_PRELOAD ## glibc: restore GLIBC_TUNABLES if [ -n "${__IEP_GLIBC_TUNABLES:-}" ] ; then export GLIBC_TUNABLES="${__IEP_GLIBC_TUNABLES}" fi unset __IEP_GLIBC_TUNABLES ## glibc: restore MALLOC_ARENA_MAX if [ -n "${__IEP_MALLOC_ARENA_MAX:-}" ] ; then export MALLOC_ARENA_MAX="${__IEP_MALLOC_ARENA_MAX}" fi unset __IEP_MALLOC_ARENA_MAX } iep_flush_volume() { ## try to flush volume twice (heisenbug) unset i ; for i in 1 2 ; do find /run/ngx/ -mindepth 1 -maxdepth 1 -exec rm -rf {} + || : sleep 0.1 done ; unset i if find /run/ngx/ -mindepth 1 -maxdepth 1 -printf . -quit | grep -Fq . ; then exec 1>&2 echo '========================================================================' echo "unable to fully flush /run/ngx/:" find /run/ngx/ -mindepth 1 -maxdepth 1 -exec ls -ld {} + echo '========================================================================' echo "injecting delay for 15 seconds" echo '========================================================================' sleep 15 exit 1 fi } iep_prepare_env iep_preserve_env iep_flush_volume ## early setup TMPDIR (affects "mktemp") export TMPDIR=/run/ngx/tmp install -d -m 03777 "${TMPDIR}" install -d /run/ngx/iep overlaydirs --merge /run/ngx/iep /image-entry.dist /image-entry /image-entry.local unset __IEP_SRC ; __IEP_SRC="${0##*/}" . /run/ngx/iep/00-common.envsh # IEP_TRACE=$(gobool_to_int "${IEP_TRACE:-0}" 0) IEP_DEBUG=$(gobool_to_int "${IEP_DEBUG:-0}" 0) IEP_VERBOSE=$(gobool_to_int "${IEP_VERBOSE:-${IEP_DEBUG}}" "${IEP_DEBUG}") export IEP_TRACE IEP_DEBUG IEP_VERBOSE IEP_INIT=$(gobool_to_int "${IEP_INIT:-0}" 0) ## unexport IEP_INIT unset x ; x="${IEP_INIT}" ; unset IEP_INIT ; IEP_INIT="$x" ; unset x ## run parts (if any) unset __IEP_SCRIPT while read -r __IEP_SCRIPT ; do [ -n "${__IEP_SCRIPT}" ] || continue [ -f "${__IEP_SCRIPT}" ] || continue case "${__IEP_SCRIPT}" in *.envsh ) if ! [ -x "${__IEP_SCRIPT}" ] ; then log "NOT sourcing ${__IEP_SCRIPT} - not executable" continue fi if [ "${IEP_TRACE}" = 1 ] ; then echo "# trace: $(date +'%Y-%m-%d %H:%M:%S.%03N %z'): source ${__IEP_SCRIPT}" >&2 else log "sourcing ${__IEP_SCRIPT}" fi __IEP_SRC="${__IEP_SCRIPT}" . "${__IEP_SCRIPT}" __IEP_SRC="${0##*/}" ;; * ) if ! [ -x "${__IEP_SCRIPT}" ] ; then log "NOT running ${__IEP_SCRIPT} - not executable" continue fi if [ "${IEP_TRACE}" = 1 ] ; then echo "# trace: $(date +'%Y-%m-%d %H:%M:%S.%03N %z'): run ${__IEP_SCRIPT}" >&2 else log "running ${__IEP_SCRIPT}" fi "${__IEP_SCRIPT}" ;; esac done <&2 if [ "${IEP_DEBUG}" = 1 ] ; then log_always "ready to run application: $*" else log_always "ready to run application" fi echo >&2 iep_restore_env ## variables that are not so easily unsettable unset IEP_ENV_CMD for i in '_' 'SHLVL' ; do IEP_ENV_CMD="${IEP_ENV_CMD:-}${IEP_ENV_CMD:+ }-u $i" done ## unexport IEP_INIT unset x ; x="${IEP_INIT}" ; unset IEP_INIT ; IEP_INIT="$x" ; unset x if [ "${IEP_INIT}" = 1 ] ; then exec \ ${IEP_ENV_CMD:+ env ${IEP_ENV_CMD} } \ catatonit \ "$@" else exec \ ${IEP_ENV_CMD:+ env ${IEP_ENV_CMD} } \ "$@" fi