From 36f1d9c40621f51d4a4e46eec1ec40273e310029 Mon Sep 17 00:00:00 2001
From: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
Date: Mon, 11 Mar 2024 11:28:18 +0200
Subject: [PATCH] Replace /bin/sh with a wrapper to /bin/bash

This is needed to be able to set umask=022 for the Linux aarch64
images that use umask=027 by default.

/bin/sh does not load /etc/profile nor any other rcfile.

See https://github.com/bioconda/bioconda-recipes/pull/46177 for full
details and https://github.com/galaxyproject/galaxy/issues/17631 for a
summary.

Signed-off-by: Martin Tzvetanov Grigorov <mgrigorov@apache.org>
---
 .github/workflows/base-glibc-busybox-bash.yaml    |  2 +-
 .github/workflows/base-glibc-debian-bash.yaml     |  2 +-
 .github/workflows/create-env.yaml                 |  2 +-
 images/base-glibc-busybox-bash/Dockerfile.busybox | 10 ++++++++++
 images/base-glibc-debian-bash/Dockerfile          |  9 +++++++++
 images/bin-sh-wrapper.sh                          |  3 +++
 images/create-env/Dockerfile                      |  9 +++++++++
 7 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100755 images/bin-sh-wrapper.sh

diff --git a/.github/workflows/base-glibc-busybox-bash.yaml b/.github/workflows/base-glibc-busybox-bash.yaml
index 9f76c16d..1d2f785d 100644
--- a/.github/workflows/base-glibc-busybox-bash.yaml
+++ b/.github/workflows/base-glibc-busybox-bash.yaml
@@ -19,7 +19,7 @@ jobs:
       # The base image is not intended to change often and should be used with
       # version tags or checksum IDs, but not via "latest".
       MAJOR_VERSION: 3
-      MINOR_VERSION: 0
+      MINOR_VERSION: 1
       IMAGE_NAME: base-glibc-busybox-bash
       BUSYBOX_VERSION: '1.36.1'
       DEBIAN_VERSION: '12.2'
diff --git a/.github/workflows/base-glibc-debian-bash.yaml b/.github/workflows/base-glibc-debian-bash.yaml
index 331f44ea..dc128ba1 100644
--- a/.github/workflows/base-glibc-debian-bash.yaml
+++ b/.github/workflows/base-glibc-debian-bash.yaml
@@ -19,7 +19,7 @@ jobs:
       # The base image is not intended to change often and should be used with
       # version tags or checksum IDs, but not via "latest".
       MAJOR_VERSION: 3
-      MINOR_VERSION: 0
+      MINOR_VERSION: 1
       IMAGE_NAME: base-glibc-debian-bash
       DEBIAN_VERSION: '12.2'
 
diff --git a/.github/workflows/create-env.yaml b/.github/workflows/create-env.yaml
index 21162b41..ab528979 100644
--- a/.github/workflows/create-env.yaml
+++ b/.github/workflows/create-env.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-22.04
     env:
       MAJOR_VERSION: 3
-      MINOR_VERSION: 0
+      MINOR_VERSION: 1
       IMAGE_NAME: create-env
 
     steps:
diff --git a/images/base-glibc-busybox-bash/Dockerfile.busybox b/images/base-glibc-busybox-bash/Dockerfile.busybox
index fcbd60bd..94d14368 100644
--- a/images/base-glibc-busybox-bash/Dockerfile.busybox
+++ b/images/base-glibc-busybox-bash/Dockerfile.busybox
@@ -17,6 +17,16 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \
 WORKDIR /build
 COPY build-busybox ./
 ARG busybox_version
+
+RUN echo "umask 022" >> /etc/profile
+RUN echo "umask 022" >> /root/.bashrc
+
+SHELL ["/bin/bash", "-c"]
+# replace /bin/sh with a wrapper to /bin/bash
+RUN ls -la /bin/sh && unlink /bin/sh
+COPY ./images/bin-sh-wrapper.sh /bin/sh
+RUN chmod +x /bin/sh && ls -la /bin/sh && cat /bin/sh
+
 RUN ./build-busybox \
     "${busybox_version}" \
     x86_64 aarch64
diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile
index c0adc292..17f5c78c 100644
--- a/images/base-glibc-debian-bash/Dockerfile
+++ b/images/base-glibc-debian-bash/Dockerfile
@@ -127,5 +127,14 @@ RUN touch /usr/local/env-activate.sh \
       > /usr/local/env-execute
 
 ENV LANG=C.UTF-8
+
+SHELL ["/bin/bash", "-c"]
+
+RUN echo "umask 022" >> /etc/profile
+RUN echo "umask 022" >> /root/.bashrc
+
+# replace /bin/sh with a wrapper to /bin/bash
+RUN unlink /bin/sh && echo 'bash -l "$@"' > /bin/sh && chmod +x /bin/sh
+
 ENTRYPOINT [ "/usr/local/env-execute" ]
 CMD [ "bash" ]
diff --git a/images/bin-sh-wrapper.sh b/images/bin-sh-wrapper.sh
new file mode 100755
index 00000000..79c14ef4
--- /dev/null
+++ b/images/bin-sh-wrapper.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+bash -l "$@"
\ No newline at end of file
diff --git a/images/create-env/Dockerfile b/images/create-env/Dockerfile
index 93b83948..c69addd8 100644
--- a/images/create-env/Dockerfile
+++ b/images/create-env/Dockerfile
@@ -40,5 +40,14 @@ RUN \
       >>   /etc/skel/.bashrc
 ENV ENV=/etc/profile.d/conda.sh
 
+SHELL ["/bin/bash", "-c"]
+
+RUN echo "umask 022" >> /etc/profile
+RUN echo "umask 022" >> /root/.bashrc
+
+# replace /bin/sh with a thin wrapper to /bin/bash
+RUN unlink /bin/sh && echo 'bash -l "$@"' > /bin/sh && chmod +x /bin/sh
+
+
 ENTRYPOINT [ "/opt/create-env/bin/tini", "--", "/opt/create-env/env-execute" ]
 CMD [ "bash" ]