Entrypoint Fixes

* fix exec check on .envsh files
* work with /usr/bin/env rather than sh/bash directly
* chang `$VAR` to `${VAR}` for better read

Author: ns-agaltier

entrypoint/10-listen-on-ipv6-by-default.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 # vim:sw=4:ts=4:et
 
 set -e
@@ -9,59 +9,59 @@ entrypoint_log() {
     fi
 }
 
-ME=$(basename "$0")
+ME=$(basename "${0}")
 DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
 
 # check if we have ipv6 available
 if [ ! -f "/proc/net/if_inet6" ]; then
-    entrypoint_log "$ME: info: ipv6 not available"
+    entrypoint_log "${ME}: info: ipv6 not available"
     exit 0
 fi
 
-if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
-    entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
+if [ ! -f "/${DEFAULT_CONF_FILE}" ]; then
+    entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} is not a file or does not exist"
     exit 0
 fi
 
 # check if the file can be modified, e.g. not on a r/o filesystem
-touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
+touch /${DEFAULT_CONF_FILE} 2>/dev/null || { entrypoint_log "${ME}: info: can not modify /${DEFAULT_CONF_FILE} (read-only file system?)"; exit 0; }
 
 # check if the file is already modified, e.g. on a container restart
-grep -q "listen  \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
+grep -q "listen  \[::]\:8080;" /${DEFAULT_CONF_FILE} && { entrypoint_log "${ME}: info: IPv6 listen already enabled"; exit 0; }
 
 if [ -f "/etc/os-release" ]; then
     . /etc/os-release
 else
-    entrypoint_log "$ME: info: can not guess the operating system"
+    entrypoint_log "${ME}: info: can not guess the operating system"
     exit 0
 fi
 
-entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE"
+entrypoint_log "${ME}: info: Getting the checksum of /${DEFAULT_CONF_FILE}"
 
-case "$ID" in
+case "${ID}" in
     "debian")
-        CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3)
-        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || {
-            entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
+        CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 3)
+        echo "${CHECKSUM}  /${DEFAULT_CONF_FILE}" | md5sum -c - >/dev/null 2>&1 || {
+            entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version"
             exit 0
         }
         ;;
     "alpine")
-        CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2)
-        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || {
-            entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
+        CHECKSUM=$(apk manifest nginx 2>/dev/null| grep ${DEFAULT_CONF_FILE} | cut -d' ' -f 1 | cut -d ':' -f 2)
+        echo "${CHECKSUM}  /${DEFAULT_CONF_FILE}" | sha1sum -c - >/dev/null 2>&1 || {
+            entrypoint_log "${ME}: info: /${DEFAULT_CONF_FILE} differs from the packaged version"
             exit 0
         }
         ;;
     *)
-        entrypoint_log "$ME: info: Unsupported distribution"
+        entrypoint_log "${ME}: info: Unsupported distribution"
         exit 0
         ;;
 esac
 
 # enable ipv6 on default.conf listen sockets
-sed -i -E 's,listen       8080;,listen       8080;\n    listen  [::]:8080;,' /$DEFAULT_CONF_FILE
+sed -i -E 's,listen       8080;,listen       8080;\n    listen  [::]:8080;,' /${DEFAULT_CONF_FILE}
 
-entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
+entrypoint_log "${ME}: info: Enabled listen on IPv6 in /${DEFAULT_CONF_FILE}"
 
 exit 0

entrypoint/15-local-resolvers.envsh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 # vim:sw=2:ts=2:sts=2:et
 
 set -eu

entrypoint/20-envsubst-on-templates.sh

@@ -1,8 +1,8 @@
-#!/bin/sh
+#!/usr/bin/env sh
 
 set -e
 
-ME=$(basename "$0")
+ME=$(basename "${0}")
 
 entrypoint_log() {
   if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
@@ -13,16 +13,16 @@ entrypoint_log() {
 add_stream_block() {
   local conffile="/etc/nginx/nginx.conf"
 
-  if grep -q -E "\s*stream\s*\{" "$conffile"; then
-    entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates"
+  if grep -q -E "\s*stream\s*\{" "${conffile}"; then
+    entrypoint_log "${ME}: ${conffile} contains a stream block; include ${stream_output_dir}/*.conf to enable stream templates"
   else
     # check if the file can be modified, e.g. not on a r/o filesystem
-    touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; }
-    entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf"
-    cat << END >> "$conffile"
-# added by "$ME" on "$(date)"
+    touch "${conffile}" 2>/dev/null || { entrypoint_log "${ME}: info: can not modify ${conffile} (read-only file system?)"; exit 0; }
+    entrypoint_log "${ME}: Appending stream block to ${conffile} to include ${stream_output_dir}/*.conf"
+    cat << END >> "${conffile}"
+# added by "${ME}" on "$(date)"
 stream {
-  include $stream_output_dir/*.conf;
+  include ${stream_output_dir}/*.conf;
 }
 END
   fi
@@ -38,37 +38,37 @@ auto_envsubst() {
 
   local template defined_envs relative_path output_path subdir
   defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null ))
-  [ -d "$template_dir" ] || return 0
-  if [ ! -w "$output_dir" ]; then
-    entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable"
+  [ -d "${template_dir}" ] || return 0
+  if [ ! -w "${output_dir}" ]; then
+    entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${output_dir} is not writable"
     return 0
   fi
-  find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do
-    relative_path="${template#"$template_dir/"}"
-    output_path="$output_dir/${relative_path%"$suffix"}"
-    subdir=$(dirname "$relative_path")
+  find "${template_dir}" -follow -type f -name "*${suffix}" -print | while read -r template; do
+    relative_path="${template#"${template_dir}/"}"
+    output_path="${output_dir}/${relative_path%"${suffix}"}"
+    subdir=$(dirname "${relative_path}")
     # create a subdirectory where the template file exists
-    mkdir -p "$output_dir/$subdir"
-    entrypoint_log "$ME: Running envsubst on $template to $output_path"
-    envsubst "$defined_envs" < "$template" > "$output_path"
+    mkdir -p "${output_dir}/${subdir}"
+    entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}"
+    envsubst "${defined_envs}" < "${template}" > "${output_path}"
   done
 
   # Print the first file with the stream suffix, this will be false if there are none
-  if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then
-    mkdir -p "$stream_output_dir"
-    if [ ! -w "$stream_output_dir" ]; then
-      entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable"
+  if test -n "$(find "${template_dir}" -name "*${stream_suffix}" -print -quit)"; then
+    mkdir -p "${stream_output_dir}"
+    if [ ! -w "${stream_output_dir}" ]; then
+      entrypoint_log "${ME}: ERROR: ${template_dir} exists, but ${stream_output_dir} is not writable"
       return 0
     fi
     add_stream_block
-    find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do
-      relative_path="${template#"$template_dir/"}"
-      output_path="$stream_output_dir/${relative_path%"$stream_suffix"}"
-      subdir=$(dirname "$relative_path")
+    find "${template_dir}" -follow -type f -name "*${stream_suffix}" -print | while read -r template; do
+      relative_path="${template#"${template_dir}/"}"
+      output_path="${stream_output_dir}/${relative_path%"${stream_suffix}"}"
+      subdir=$(dirname "${relative_path}")
       # create a subdirectory where the template file exists
-      mkdir -p "$stream_output_dir/$subdir"
-      entrypoint_log "$ME: Running envsubst on $template to $output_path"
-      envsubst "$defined_envs" < "$template" > "$output_path"
+      mkdir -p "${stream_output_dir}/${subdir}"
+      entrypoint_log "${ME}: Running envsubst on ${template} to ${output_path}"
+      envsubst "${defined_envs}" < "${template}" > "${output_path}"
     done
   fi
 }