Skip to content

Commit 135f791

Browse files
GreelanGreelan
committed
feat: refine gosu, harden ampstart user and group handling
1 parent df943d1 commit 135f791

File tree

1 file changed

+40
-10
lines changed

1 file changed

+40
-10
lines changed

scripts/base/ampstart.sh

Lines changed: 40 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,14 +15,31 @@ dbus-uuidgen --ensure=/etc/machine-id
1515
ln -s /etc/machine-id /var/lib/dbus/machine-id
1616

1717
# Set up amp user and group
18-
: "${AMPUSERID:?[Error] AMPUSERID not set}"
19-
: "${AMPGROUPID:?[Error] AMPGROUPID not set}"
18+
: "${AMPUSERID:?AMPUSERID not set}"
19+
: "${AMPGROUPID:?AMPGROUPID not set}"
20+
2021
echo "[Info] Setting up amp user and group..."
21-
getent group "${AMPGROUPID}" >/dev/null 2>&1 || groupadd -r -g "${AMPGROUPID}" amp
22-
id -u amp >/dev/null 2>&1 || useradd -m -d /home/amp -s /bin/bash -c "AMP Process User" -u "${AMPUSERID}" -g "${AMPGROUPID}" amp
23-
usermod -aG tty amp
22+
23+
if ! getent group "${AMPGROUPID}" >/dev/null; then
24+
if getent group amp >/dev/null; then
25+
groupmod -o -g "${AMPGROUPID}" amp
26+
else
27+
groupadd -r -g "${AMPGROUPID}" amp
28+
fi
29+
fi
30+
31+
if id amp &>/dev/null; then
32+
usermod -o -u "${AMPUSERID}" -g "${AMPGROUPID}" amp
33+
else
34+
useradd -m -d /home/amp -s /bin/bash -c "AMP Process User" \
35+
-u "${AMPUSERID}" -g "${AMPGROUPID}" amp
36+
fi
37+
38+
getent group tty >/dev/null && usermod -aG tty amp
39+
40+
install -d -m 0755 /home/amp
2441
touch /home/amp/.gitconfig
25-
chown -R amp:amp /home/amp 2> /dev/null
42+
chown -R amp:amp /home/amp
2643

2744
# Make AMP binary executable
2845
export AMP_BIN="/AMP/AMP_Linux_${ARCH}"
@@ -34,6 +51,7 @@ if [[ -n "${AMP_CONTAINER_DEPS:-}" ]]; then
3451
# shellcheck disable=SC2207
3552
REQUIRED_DEPS=($(jq -r '.[]? | select(type=="string" and length>0)' <<<"${AMP_CONTAINER_DEPS}" || echo))
3653
fi
54+
3755
if ((${#REQUIRED_DEPS[@]})); then
3856
echo "[Info] Installing extra dependencies..."
3957
apt-get update
@@ -61,7 +79,19 @@ fi
6179

6280
# Handoff
6381
echo "[Info] Starting AMP..."
64-
exec gosu amp:amp bash -lc '
65-
cd /AMP
66-
exec "${AMP_BIN}" "$@"
67-
' -- _ "$@"
82+
exec gosu amp:amp env -i \
83+
HOME=/home/amp \
84+
USER=amp LOGNAME=amp SHELL=/bin/bash \
85+
LANG="${LANG:-en_US.UTF-8}" LANGUAGE="${LANGUAGE:-en_US:en}" LC_ALL="${LC_ALL:-en_US.UTF-8}" \
86+
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games \
87+
AMPHOSTPLATFORM="${AMPHOSTPLATFORM:-}" \
88+
AMP_CONTAINER="${AMP_CONTAINER:-}" \
89+
AMPMEMORYLIMIT="${AMPMEMORYLIMIT:-}" \
90+
AMPSWAPLIMIT="${AMPSWAPLIMIT:-}" \
91+
AMPCONTAINERCPUS="${AMPCONTAINERCPUS:-}" \
92+
AMP_CONTAINER_HOST_NETWORK="${AMP_CONTAINER_HOST_NETWORK:-}" \
93+
AMP_BIN="$AMP_BIN" \
94+
bash -lc '
95+
cd /AMP
96+
exec "$AMP_BIN" "$@"
97+
' -- _ "$@"

0 commit comments

Comments
 (0)