18657: Almost working again, stupid Ruby

[arvados.git] / tools / arvbox / lib / arvbox / docker / createusers.sh

diff --git a/tools/arvbox/lib/arvbox/docker/createusers.sh b/tools/arvbox/lib/arvbox/docker/createusers.sh
index e9721fd55d87c1e5a597f3a56b632310321bb8d1..6aeea1f076e3ded89ed8420aed9e8084d84ccf08 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/createusers.sh
+++ b/tools/arvbox/lib/arvbox/docker/createusers.sh
@@ -5,16 +5,19 @@
 
 set -e -o pipefail
 
+export GEM_HOME=/var/lib/arvados/lib/ruby/gems/2.7.0
+export ARVADOS_CONTAINER_PATH=/var/lib/arvados-arvbox
+
 if ! grep "^arvbox:" /etc/passwd >/dev/null 2>/dev/null ; then
     HOSTUID=$(ls -nd /usr/src/arvados | sed 's/ */ /' | cut -d' ' -f4)
     HOSTGID=$(ls -nd /usr/src/arvados | sed 's/ */ /' | cut -d' ' -f5)
 
-    mkdir -p /var/lib/arvados/git /var/lib/gems \
+    mkdir -p $ARVADOS_CONTAINER_PATH/git $GEM_HOME \
           /var/lib/passenger /var/lib/gopath \
           /var/lib/pip /var/lib/npm
 
     if test -z "$ARVBOX_HOME" ; then
-       ARVBOX_HOME=/var/lib/arvados
+        ARVBOX_HOME=$ARVADOS_CONTAINER_PATH
     fi
 
     groupadd --gid $HOSTGID --non-unique arvbox
@@ -25,32 +28,40 @@ if ! grep "^arvbox:" /etc/passwd >/dev/null 2>/dev/null ; then
             --groups docker \
             --shell /bin/bash \
             arvbox
-    useradd --home-dir /var/lib/arvados/git --uid $HOSTUID --gid $HOSTGID --non-unique git
+    useradd --home-dir $ARVADOS_CONTAINER_PATH/git --uid $HOSTUID --gid $HOSTGID --non-unique git
     useradd --groups docker crunch
 
-    chown arvbox:arvbox -R /usr/local /var/lib/arvados /var/lib/gems \
-          /var/lib/passenger /var/lib/postgresql \
-          /var/lib/nginx /var/log/nginx /etc/ssl/private \
-          /var/lib/gopath /var/lib/pip /var/lib/npm
-
-    mkdir -p /var/lib/gems/ruby
-    chown arvbox:arvbox -R /var/lib/gems/ruby
+    if [[ "$1" != --no-chown ]] ; then
+        chown arvbox:arvbox -R /usr/local $ARVADOS_CONTAINER_PATH $GEM_HOME \
+              /var/lib/passenger /var/lib/postgresql \
+              /var/lib/nginx /var/log/nginx /etc/ssl/private \
+              /var/lib/gopath /var/lib/pip /var/lib/npm \
+              /var/lib/arvados
+    fi
 
     mkdir -p /tmp/crunch0 /tmp/crunch1
     chown crunch:crunch -R /tmp/crunch0 /tmp/crunch1
 
+    # singularity needs to be owned by root and suid
+    chown root /var/lib/arvados/bin/singularity \
+         /var/lib/arvados/etc/singularity/singularity.conf \
+         /var/lib/arvados/etc/singularity/capability.json \
+         /var/lib/arvados/etc/singularity/ecl.toml
+    chmod u+s /var/lib/arvados/bin/singularity
+
     echo "arvbox    ALL=(crunch) NOPASSWD: ALL" >> /etc/sudoers
 
     cat <<EOF > /etc/profile.d/paths.sh
-export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/go/bin:/var/lib/gems/bin:$(ls -d /usr/local/node-*)/bin
-export GEM_HOME=/var/lib/gems
-export GEM_PATH=/var/lib/gems
+export PATH=/var/lib/arvados/bin:/usr/local/bin:/usr/bin:/bin
+export GEM_HOME=/var/lib/arvados/lib/ruby/gems/2.7.0
 export npm_config_cache=/var/lib/npm
 export npm_config_cache_min=Infinity
 export R_LIBS=/var/lib/Rlibs
 export GOPATH=/var/lib/gopath
 EOF
 
+    mkdir -p /etc/arvados
+    chown -R arvbox:arvbox /etc/arvados
 fi
 
 if ! grep "^fuse:" /etc/group >/dev/null 2>/dev/null ; then