Merge pull request #1335 from mathbunnyru/asalikhov/unify_bash_variables

Unify bash variables usage and add quotes where needed
jupyter · Jun 7, 2021 · 396024a · 396024a
2 parents 04fe694 + 7642ba8
commit 396024a
Show file tree

Hide file tree

Showing 26 changed files with 185 additions and 185 deletions.
diff --git a/README.md b/README.md
@@ -49,7 +49,7 @@ JupyterLab, where `hostname` is the name of the computer running docker and `tok
 token printed in the console. Docker destroys the container after notebook server exit, but any
 files written to `~/work` in the container remain intact on the host.
 
-    docker run --rm -p 10000:8888 -e JUPYTER_ENABLE_LAB=yes -v "$PWD":/home/jovyan/work jupyter/datascience-notebook:33add21fab64
+    docker run --rm -p 10000:8888 -e JUPYTER_ENABLE_LAB=yes -v "${PWD}":/home/jovyan/work jupyter/datascience-notebook:33add21fab64
 
 ## Contributing
 

diff --git a/all-spark-notebook/Dockerfile b/all-spark-notebook/Dockerfile
@@ -19,7 +19,7 @@ RUN apt-get update --yes && \
     gcc && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-USER $NB_UID
+USER ${NB_UID}
 
 # R packages including IRKernel which gets installed globally.
 RUN conda install --quiet --yes \

diff --git a/base-notebook/Dockerfile b/base-notebook/Dockerfile
@@ -60,14 +60,14 @@ RUN apt-get update --yes && \
 # Configure environment
 ENV CONDA_DIR=/opt/conda \
     SHELL=/bin/bash \
-    NB_USER=$NB_USER \
-    NB_UID=$NB_UID \
-    NB_GID=$NB_GID \
+    NB_USER="${NB_USER}" \
+    NB_UID=${NB_UID} \
+    NB_GID=${NB_GID} \
     LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8
-ENV PATH=$CONDA_DIR/bin:$PATH \
-    HOME=/home/$NB_USER \
+ENV PATH="${CONDA_DIR}/bin:${PATH}" \
+    HOME="/home/${NB_USER}" \
     CONDA_VERSION="${conda_version}" \
     MINIFORGE_VERSION="${miniforge_version}"
 
@@ -86,18 +86,18 @@ RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashr
 RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
     sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
     sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
-    useradd -l -m -s /bin/bash -N -u $NB_UID $NB_USER && \
-    mkdir -p $CONDA_DIR && \
-    chown $NB_USER:$NB_GID $CONDA_DIR && \
+    useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
+    mkdir -p "${CONDA_DIR}" && \
+    chown "${NB_USER}:${NB_GID}" "${CONDA_DIR}" && \
     chmod g+w /etc/passwd && \
     fix-permissions "${HOME}" && \
     fix-permissions "${CONDA_DIR}"
 
-USER $NB_UID
+USER ${NB_UID}
 ARG PYTHON_VERSION=default
 
 # Setup work directory for backward-compatibility
-RUN mkdir "/home/$NB_USER/work" && \
+RUN mkdir "/home/${NB_USER}/work" && \
     fix-permissions "/home/${NB_USER}"
 
 # Install conda as jovyan and check the sha256 sum provided on the download site
@@ -106,20 +106,20 @@ WORKDIR /tmp
 # Prerequisites installation: conda, mamba, pip, tini
 RUN wget --quiet "https://github.com/conda-forge/miniforge/releases/download/${miniforge_version}/${miniforge_installer}" && \
     echo "${miniforge_checksum} *${miniforge_installer}" | sha256sum --check && \
-    /bin/bash "${miniforge_installer}" -f -b -p $CONDA_DIR && \
+    /bin/bash "${miniforge_installer}" -f -b -p "${CONDA_DIR}" && \
     rm "${miniforge_installer}" && \
     # Conda configuration see https://conda.io/projects/conda/en/latest/configuration.html
-    echo "conda ${CONDA_VERSION}" >> $CONDA_DIR/conda-meta/pinned && \
+    echo "conda ${CONDA_VERSION}" >> "${CONDA_DIR}/conda-meta/pinned" && \
     conda config --system --set auto_update_conda false && \
     conda config --system --set show_channel_urls true && \
-    if [ ! $PYTHON_VERSION = 'default' ]; then conda install --yes python=$PYTHON_VERSION; fi && \
-    conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> $CONDA_DIR/conda-meta/pinned && \
+    if [[ "${PYTHON_VERSION}" != "default" ]]; then conda install --yes python="${PYTHON_VERSION}"; fi && \
+    conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> "${CONDA_DIR}/conda-meta/pinned" && \
     conda install --quiet --yes \
     "conda=${CONDA_VERSION}" \
     'pip' && \
     conda update --all --quiet --yes && \
     conda clean --all -f -y && \
-    rm -rf /home/$NB_USER/.cache/yarn && \
+    rm -rf "/home/${NB_USER}/.cache/yarn" && \
     fix-permissions "${CONDA_DIR}" && \
     fix-permissions "/home/${NB_USER}"
 
@@ -137,7 +137,7 @@ RUN conda install --quiet --yes \
     npm cache clean --force && \
     jupyter notebook --generate-config && \
     jupyter lab clean && \
-    rm -rf /home/$NB_USER/.cache/yarn && \
+    rm -rf "/home/${NB_USER}/.cache/yarn" && \
     fix-permissions "${CONDA_DIR}" && \
     fix-permissions "/home/${NB_USER}"
 
@@ -161,6 +161,6 @@ RUN sed -re "s/c.NotebookApp/c.ServerApp/g" \
     fix-permissions /etc/jupyter/
 
 # Switch back to jovyan to avoid accidental container runs as root
-USER $NB_UID
+USER ${NB_UID}
 
-WORKDIR $HOME
+WORKDIR "${HOME}"
diff --git a/base-notebook/fix-permissions b/base-notebook/fix-permissions
@@ -2,7 +2,7 @@
 # set permissions on a directory
 # after any installation, if a directory needs to be (human) user-writable,
 # run this script on it.
-# It will make everything in the directory owned by the group $NB_GID
+# It will make everything in the directory owned by the group ${NB_GID}
 # and writable by that group.
 # Deployments that want to set a specific user id can preserve permissions
 # by adding the `--group-add users` line to `docker run`.
@@ -11,22 +11,22 @@
 # which would cause massive image explosion
 
 # right permissions are:
-# group=$NB_GID
+# group=${NB_GID}
 # AND permissions include group rwX (directory-execute)
 # AND directories have setuid,setgid bits set
 
 set -e
 
 for d in "$@"; do
-    find "$d" \
+    find "${d}" \
         ! \( \
             -group "${NB_GID}" \
             -a -perm -g+rwX \
         \) \
         -exec chgrp "${NB_GID}" {} \; \
         -exec chmod g+rwX {} \;
     # setuid, setgid *on directories only*
-    find "$d" \
+    find "${d}" \
         \( \
             -type d \
             -a ! -perm -6000 \

diff --git a/base-notebook/start-notebook.sh b/base-notebook/start-notebook.sh
@@ -14,9 +14,9 @@ if [[ -n "${JUPYTERHUB_API_TOKEN}" ]]; then
     exec /usr/local/bin/start-singleuser.sh "$@"
 elif [[ -n "${JUPYTER_ENABLE_LAB}" ]]; then
     # shellcheck disable=SC1091
-    . /usr/local/bin/start.sh $wrapper jupyter lab "$@"
+    . /usr/local/bin/start.sh ${wrapper} jupyter lab "$@"
 else
     echo "WARN: Jupyter Notebook deprecation notice https://github.com/jupyter/docker-stacks#jupyter-notebook-deprecation-notice."
     # shellcheck disable=SC1091
-    . /usr/local/bin/start.sh $wrapper jupyter notebook "$@"
+    . /usr/local/bin/start.sh ${wrapper} jupyter notebook "$@"
 fi
diff --git a/base-notebook/start-singleuser.sh b/base-notebook/start-singleuser.sh
@@ -5,37 +5,37 @@
 set -e
 
 # set default ip to 0.0.0.0
-if [[ "$NOTEBOOK_ARGS $*" != *"--ip="* ]]; then
-    NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS"
+if [[ "${NOTEBOOK_ARGS} $*" != *"--ip="* ]]; then
+    NOTEBOOK_ARGS="--ip=0.0.0.0 ${NOTEBOOK_ARGS}"
 fi
 
 # handle some deprecated environment variables
 # from DockerSpawner < 0.8.
 # These won't be passed from DockerSpawner 0.9,
 # so avoid specifying --arg=empty-string
-if [ -n "$NOTEBOOK_DIR" ]; then
+if [ -n "${NOTEBOOK_DIR}" ]; then
     # shellcheck disable=SC2089
-    NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS"
+    NOTEBOOK_ARGS="--notebook-dir='${NOTEBOOK_DIR}' ${NOTEBOOK_ARGS}"
 fi
-if [ -n "$JPY_PORT" ]; then
-    NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS"
+if [ -n "${JPY_PORT}" ]; then
+    NOTEBOOK_ARGS="--port=${JPY_PORT} ${NOTEBOOK_ARGS}"
 fi
-if [ -n "$JPY_USER" ]; then
-    NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS"
+if [ -n "${JPY_USER}" ]; then
+    NOTEBOOK_ARGS="--user=${JPY_USER} ${NOTEBOOK_ARGS}"
 fi
-if [ -n "$JPY_COOKIE_NAME" ]; then
-    NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS"
+if [ -n "${JPY_COOKIE_NAME}" ]; then
+    NOTEBOOK_ARGS="--cookie-name=${JPY_COOKIE_NAME} ${NOTEBOOK_ARGS}"
 fi
-if [ -n "$JPY_BASE_URL" ]; then
-    NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS"
+if [ -n "${JPY_BASE_URL}" ]; then
+    NOTEBOOK_ARGS="--base-url=${JPY_BASE_URL} ${NOTEBOOK_ARGS}"
 fi
-if [ -n "$JPY_HUB_PREFIX" ]; then
-    NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS"
+if [ -n "${JPY_HUB_PREFIX}" ]; then
+    NOTEBOOK_ARGS="--hub-prefix=${JPY_HUB_PREFIX} ${NOTEBOOK_ARGS}"
 fi
-if [ -n "$JPY_HUB_API_URL" ]; then
-    NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS"
+if [ -n "${JPY_HUB_API_URL}" ]; then
+    NOTEBOOK_ARGS="--hub-api-url=${JPY_HUB_API_URL} ${NOTEBOOK_ARGS}"
 fi
 NOTEBOOK_BIN="jupyterhub-singleuser"
 
 # shellcheck disable=SC1091,SC2086,SC2090
-. /usr/local/bin/start.sh "$NOTEBOOK_BIN" $NOTEBOOK_ARGS "$@"
+. /usr/local/bin/start.sh "${NOTEBOOK_BIN}" ${NOTEBOOK_ARGS} "$@"
diff --git a/base-notebook/start.sh b/base-notebook/start.sh
@@ -13,28 +13,28 @@ fi
 
 run-hooks () {
     # Source scripts or run executable files in a directory
-    if [[ ! -d "$1" ]] ; then
+    if [[ ! -d "${1}" ]] ; then
         return
     fi
-    echo "$0: running hooks in $1"
-    for f in "$1/"*; do
-        case "$f" in
+    echo "${0}: running hooks in ${1}"
+    for f in "${1}/"*; do
+        case "${f}" in
             *.sh)
-                echo "$0: running $f"
+                echo "${0}: running ${f}"
                 # shellcheck disable=SC1090
-                source "$f"
+                source "${f}"
                 ;;
             *)
-                if [[ -x "$f" ]] ; then
-                    echo "$0: running $f"
-                    "$f"
+                if [[ -x "${f}" ]] ; then
+                    echo "${0}: running ${f}"
+                    "${f}"
                 else
-                    echo "$0: ignoring $f"
+                    echo "${0}: ignoring ${f}"
                 fi
                 ;;
         esac
     done
-    echo "$0: done running hooks in $1"
+    echo "${0}: done running hooks in ${1}"
 }
 
 run-hooks /usr/local/bin/start-notebook.d
@@ -44,73 +44,73 @@ if [ "$(id -u)" == 0 ] ; then
 
     # Only attempt to change the jovyan username if it exists
     if id jovyan &> /dev/null ; then
-        echo "Set username to: $NB_USER"
-        usermod -d "/home/$NB_USER" -l "$NB_USER" jovyan
+        echo "Set username to: ${NB_USER}"
+        usermod -d "/home/${NB_USER}" -l "${NB_USER}" jovyan
     fi
 
     # handle home and working directory if the username changed
-    if [[ "$NB_USER" != "jovyan" ]]; then
+    if [[ "${NB_USER}" != "jovyan" ]]; then
         # changing username, make sure homedir exists
         # (it could be mounted, and we shouldn't create it if it already exists)
-        if [[ ! -e "/home/$NB_USER" ]]; then
-            echo "Relocating home dir to /home/$NB_USER"
-            mv /home/jovyan "/home/$NB_USER" || ln -s /home/jovyan "/home/$NB_USER"
+        if [[ ! -e "/home/${NB_USER}" ]]; then
+            echo "Relocating home dir to /home/${NB_USER}"
+            mv /home/jovyan "/home/${NB_USER}" || ln -s /home/jovyan "/home/${NB_USER}"
         fi
-        # if workdir is in /home/jovyan, cd to /home/$NB_USER
-        if [[ "$PWD/" == "/home/jovyan/"* ]]; then
-            newcwd="/home/$NB_USER/${PWD:13}"
-            echo "Setting CWD to $newcwd"
-            cd "$newcwd"
+        # if workdir is in /home/jovyan, cd to /home/${NB_USER}
+        if [[ "${PWD}/" == "/home/jovyan/"* ]]; then
+            newcwd="/home/${NB_USER}/${PWD:13}"
+            echo "Setting CWD to ${newcwd}"
+            cd "${newcwd}"
         fi
     fi
 
     # Handle case where provisioned storage does not have the correct permissions by default
     # Ex: default NFS/EFS (no auto-uid/gid)
-    if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then
-        echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'"
+    if [[ "${CHOWN_HOME}" == "1" || "${CHOWN_HOME}" == 'yes' ]]; then
+        echo "Changing ownership of /home/${NB_USER} to ${NB_UID}:${NB_GID} with options '${CHOWN_HOME_OPTS}'"
         # shellcheck disable=SC2086
-        chown $CHOWN_HOME_OPTS "$NB_UID:$NB_GID" "/home/$NB_USER"
+        chown ${CHOWN_HOME_OPTS} "${NB_UID}:${NB_GID}" "/home/${NB_USER}"
     fi
-    if [ -n "$CHOWN_EXTRA" ]; then
-        for extra_dir in $(echo "$CHOWN_EXTRA" | tr ',' ' '); do
-            echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'"
+    if [ -n "${CHOWN_EXTRA}" ]; then
+        for extra_dir in $(echo "${CHOWN_EXTRA}" | tr ',' ' '); do
+            echo "Changing ownership of ${extra_dir} to ${NB_UID}:${NB_GID} with options '${CHOWN_EXTRA_OPTS}'"
             # shellcheck disable=SC2086
-            chown $CHOWN_EXTRA_OPTS "$NB_UID:$NB_GID" "$extra_dir"
+            chown ${CHOWN_EXTRA_OPTS} "${NB_UID}:${NB_GID}" "${extra_dir}"
         done
     fi
 
     # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match
-    if [ "$NB_UID" != "$(id -u "$NB_USER")" ] || [ "$NB_GID" != "$(id -g "$NB_USER")" ]; then
-        echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID"
-        if [ "$NB_GID" != "$(id -g "$NB_USER")" ]; then
-            groupadd -f -g "$NB_GID" -o "${NB_GROUP:-${NB_USER}}"
+    if [ "${NB_UID}" != "$(id -u "${NB_USER}")" ] || [ "${NB_GID}" != "$(id -g "${NB_USER}")" ]; then
+        echo "Set user ${NB_USER} UID:GID to: ${NB_UID}:${NB_GID}"
+        if [ "${NB_GID}" != "$(id -g "${NB_USER}")" ]; then
+            groupadd -f -g "${NB_GID}" -o "${NB_GROUP:-${NB_USER}}"
         fi
-        userdel "$NB_USER"
-        useradd --home "/home/$NB_USER" -u "$NB_UID" -g "$NB_GID" -G 100 -l "$NB_USER"
+        userdel "${NB_USER}"
+        useradd --home "/home/${NB_USER}" -u "${NB_UID}" -g "${NB_GID}" -G 100 -l "${NB_USER}"
     fi
 
     # Enable sudo if requested
-    if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
-        echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH"
-        echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
+    if [[ "${GRANT_SUDO}" == "1" || "${GRANT_SUDO}" == 'yes' ]]; then
+        echo "Granting ${NB_USER} sudo access and appending ${CONDA_DIR}/bin to sudo PATH"
+        echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
     fi
 
-    # Add $CONDA_DIR/bin to sudo secure_path
-    sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path
+    # Add ${CONDA_DIR}/bin to sudo secure_path
+    sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:${CONDA_DIR}/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path
 
     # Exec the command as NB_USER with the PATH and the rest of
     # the environment preserved
     run-hooks /usr/local/bin/before-notebook.d
     echo "Executing the command:" "${cmd[@]}"
-    exec sudo -E -H -u "$NB_USER" PATH="$PATH" XDG_CACHE_HOME="/home/$NB_USER/.cache" PYTHONPATH="${PYTHONPATH:-}" "${cmd[@]}"
+    exec sudo -E -H -u "${NB_USER}" PATH="${PATH}" XDG_CACHE_HOME="/home/${NB_USER}/.cache" PYTHONPATH="${PYTHONPATH:-}" "${cmd[@]}"
 else
-    if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then
+    if [[ "${NB_UID}" == "$(id -u jovyan 2>/dev/null)" && "${NB_GID}" == "$(id -g jovyan 2>/dev/null)" ]]; then
         # User is not attempting to override user/group via environment
         # variables, but they could still have overridden the uid/gid that
         # container runs as. Check that the user has an entry in the passwd
         # file and if not add an entry.
         STATUS=0 && whoami &> /dev/null || STATUS=$? && true
-        if [[ "$STATUS" != "0" ]]; then
+        if [[ "${STATUS}" != "0" ]]; then
             if [[ -w /etc/passwd ]]; then
                 echo "Adding passwd file entry for $(id -u)"
                 sed -e "s/^jovyan:/nayvoj:/" /etc/passwd > /tmp/passwd
@@ -122,24 +122,24 @@ else
             fi
         fi
 
-        # Warn if the user isn't going to be able to write files to $HOME.
+        # Warn if the user isn't going to be able to write files to ${HOME}.
         if [[ ! -w /home/jovyan ]]; then
             echo 'Container must be run with group "users" to update files'
         fi
     else
         # Warn if looks like user want to override uid/gid but hasn't
         # run the container as root.
-        if [[ -n "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then
-            echo "Container must be run as root to set NB_UID to $NB_UID"
+        if [[ -n "${NB_UID}" && "${NB_UID}" != "$(id -u)" ]]; then
+            echo "Container must be run as root to set NB_UID to ${NB_UID}"
         fi
-        if [[ -n "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then
-            echo "Container must be run as root to set NB_GID to $NB_GID"
+        if [[ -n "${NB_GID}" && "${NB_GID}" != "$(id -g)" ]]; then
+            echo "Container must be run as root to set NB_GID to ${NB_GID}"
         fi
     fi
 
     # Warn if looks like user want to run in sudo mode but hasn't run
     # the container as root.
-    if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
+    if [[ "${GRANT_SUDO}" == "1" || "${GRANT_SUDO}" == 'yes' ]]; then
         echo 'Container must be run as root to grant sudo permissions'
     fi