process_linux.go

// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
// LICENSE.md file distributed with the sources of this project regarding your
// rights to use or distribute this software.

package singularity

import (
	"bufio"
	"bytes"
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"net"
	"os"
	"os/exec"
	"os/signal"
	"path/filepath"
	"regexp"
	"runtime"
	"strconv"
	"strings"
	"sync"
	"syscall"
	"time"
	"unsafe"

	specs "github.com/opencontainers/runtime-spec/specs-go"
	"github.com/sylabs/singularity/v4/internal/pkg/instance"
	"github.com/sylabs/singularity/v4/internal/pkg/plugin"
	"github.com/sylabs/singularity/v4/internal/pkg/security"
	"github.com/sylabs/singularity/v4/internal/pkg/util/env"
	"github.com/sylabs/singularity/v4/internal/pkg/util/fs/files"
	"github.com/sylabs/singularity/v4/internal/pkg/util/machine"
	"github.com/sylabs/singularity/v4/internal/pkg/util/shell"
	"github.com/sylabs/singularity/v4/internal/pkg/util/shell/interpreter"
	"github.com/sylabs/singularity/v4/internal/pkg/util/user"
	singularitycallback "github.com/sylabs/singularity/v4/pkg/plugin/callback/runtime/engine/singularity"
	singularityConfig "github.com/sylabs/singularity/v4/pkg/runtime/engine/singularity/config"
	"github.com/sylabs/singularity/v4/pkg/sylog"
	"github.com/sylabs/singularity/v4/pkg/util/rlimit"
	"golang.org/x/sys/unix"
	"golang.org/x/term"
	"mvdan.cc/sh/v3/interp"
)

const defaultShell = "/bin/sh"

// StartProcess is called during stage2 after RPC server finished
// environment preparation. This is the container process itself.
//
// No additional privileges can be gained during this call (unless container
// is executed as root intentionally) as starter will set uid/euid/suid
// to the targetUID (PrepareConfig will set it by calling starter.Config.SetTargetUID).
//
//nolint:maintidx
func (e *EngineOperations) StartProcess(masterConn net.Conn) error {
	// Manage all signals.
	// Queue them until they're ready to be handled below.
	// Use a channel size of two here, since we may receive SIGURG, which is
	// used for non-cooperative goroutine preemption starting with Go 1.14.
	signals := make(chan os.Signal, 2)
	signal.Notify(signals)

	if err := e.runFuseDrivers(true, -1); err != nil {
		return err
	}

	isInstance := e.EngineConfig.GetInstance()
	bootInstance := isInstance && e.EngineConfig.GetBootInstance()
	shimProcess := false

	if err := os.Chdir(e.EngineConfig.OciConfig.Process.Cwd); err != nil {
		if err := os.Chdir(e.EngineConfig.GetHomeDest()); err != nil {
			os.Chdir("/")
		}
	}

	if e.EngineConfig.File.MountDev == "minimal" || e.EngineConfig.GetContain() {
		// If on a terminal, reopen /dev/console so /proc/self/fd/[0-2
		//   will point to /dev/console.  This is needed so that tty and
		//   ttyname() on el6 will return the correct answer.  Newer
		//   ttyname() functions might work because they will search
		//   /dev if the value of /proc/self/fd/X doesn't exist, but
		//   they won't work if another /dev/pts/X is allocated in its
		//   place.  Also, programs that don't use ttyname() and instead
		//   directly do readlink() on /proc/self/fd/X need this.
		for fd := 0; fd <= 2; fd++ {
			if !term.IsTerminal(fd) {
				continue
			}
			consfile, err := os.OpenFile("/dev/console", os.O_RDWR, 0o600)
			if err != nil {
				sylog.Debugf("Could not open minimal /dev/console, skipping replacing tty descriptors")
				break
			}
			sylog.Debugf("Replacing tty descriptors with /dev/console")
			consfd := int(consfile.Fd())
			for ; fd <= 2; fd++ {
				if !term.IsTerminal(fd) {
					continue
				}
				syscall.Close(fd)
				syscall.Dup3(consfd, fd, 0)
			}
			consfile.Close()
			break
		}
	}

	if e.EngineConfig.OciConfig.Linux != nil {
		namespaces := e.EngineConfig.OciConfig.Linux.Namespaces
		for _, ns := range namespaces {
			if ns.Type == specs.PIDNamespace {
				if !e.EngineConfig.GetNoInit() {
					shimProcess = true
				}
				break
			}
		}
	}

	for _, img := range e.EngineConfig.GetImageList() {
		// bad file descriptor error is ignored because
		// the file descriptor has been previously closed
		// in this loop, happens when a SIF image contains
		// overlay partition in it as each SIF overlay
		// partition is considered as a single image with
		// different offset/size but pointing to the same
		// opened image file descriptor
		if err := syscall.Close(int(img.Fd)); err != nil && err != syscall.EBADF {
			return fmt.Errorf("failed to close file descriptor for %s: %s", img.Path, err)
		}
	}

	for _, fd := range e.EngineConfig.GetOpenFd() {
		if err := syscall.Close(fd); err != nil {
			return fmt.Errorf("aborting failed to close file descriptor: %s", err)
		}
	}

	// restore the stack size limit for setuid workflow
	for _, limit := range e.EngineConfig.OciConfig.Process.Rlimits {
		if limit.Type == "RLIMIT_STACK" {
			if err := rlimit.Set(limit.Type, limit.Soft, limit.Hard); err != nil {
				return fmt.Errorf("while restoring stack size limit: %s", err)
			}
			break
		}
	}

	if err := security.Configure(&e.EngineConfig.OciConfig.Spec); err != nil {
		return fmt.Errorf("failed to apply security configuration: %s", err)
	}

	// If necessary, set the umask that was saved from the calling environment
	// https://github.com/hpcng/singularity/issues/5214
	if e.EngineConfig.GetRestoreUmask() {
		sylog.Debugf("Setting umask in container to %04o", e.EngineConfig.GetUmask())
		_ = syscall.Umask(e.EngineConfig.GetUmask())
	}

	if (!isInstance && !shimProcess) || bootInstance || e.EngineConfig.GetInstanceJoin() {
		args := e.EngineConfig.OciConfig.Process.Args
		env := e.EngineConfig.OciConfig.Process.Env

		if !bootInstance {
			var err error

			args, env, err = runActionScript(e.EngineConfig)
			if err != nil {
				return err
			} else if len(args) == 0 {
				// nothing to execute and no error was reported
				return nil
			}
		}

		return e.execProcess(args, env)
	}

	errChan := make(chan error, 1)
	statusChan := make(chan syscall.WaitStatus, 1)
	cmdPid := -2

	args, env, err := runActionScript(e.EngineConfig)
	if err != nil {
		return err
	} else if len(args) > 0 {
	cmdexec:
		// Spawn and wait container process, signal handler
		cmd := exec.Command(args[0], args[1:]...)
		cmd.Stdout = os.Stdout
		cmd.Stderr = os.Stderr
		cmd.Stdin = os.Stdin
		cmd.Env = env
		cmd.SysProcAttr = &syscall.SysProcAttr{
			Setpgid: isInstance,
		}
		if err := cmd.Start(); err != nil {
			if e, ok := err.(*os.PathError); ok {
				//nolint:forcetypeassert
				if e.Err.(syscall.Errno) == syscall.ENOEXEC && args[0] != defaultShell {
					args = append([]string{defaultShell}, args...)
					goto cmdexec
				}
			}
			return fmt.Errorf("exec %s failed: %s", args[0], err)
		}
		cmdPid = cmd.Process.Pid

		go func() {
			errChan <- cmd.Wait()
		}()
	}

	// Modify argv argument and program name shown in /proc/self/comm
	name := "sinit"

	argv0 := unsafe.Slice(unsafe.StringData(os.Args[0]), len(os.Args[0]))
	progname := make([]byte, len(os.Args[0]))

	if len(name) > len(progname) {
		return fmt.Errorf("program name too short")
	}

	copy(progname, name)

	// Set name by overwriting argv[0]
	copy(argv0, progname)

	// Set name by PR_SET_NAME (only affects PR_GET_NAME)
	ptr := unsafe.Pointer(&progname[0])
	if _, _, err := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_NAME, uintptr(ptr), 0); err != 0 {
		return syscall.Errno(err)
	}

	masterConn.Close()

	for {
		select {
		case s := <-signals:
			sylog.Debugf("Received signal %s", s.String())
			switch s {
			case syscall.SIGCHLD:
				for {
					var status syscall.WaitStatus

					wpid, err := syscall.Wait4(-1, &status, syscall.WNOHANG, nil)
					if wpid <= 0 || err != nil {
						// We break the loop since an error occurred
						break
					}

					if wpid == cmdPid {
						e.stopFuseDrivers()
						statusChan <- status
					}
				}
			case syscall.SIGURG:
				// Ignore SIGURG, which is used for non-cooperative goroutine
				// preemption starting with Go 1.14. For more information, see
				// https://github.com/golang/go/issues/24543.
				break
			default:
				//nolint:forcetypeassert
				signal := s.(syscall.Signal)
				// EPERM and EINVAL are deliberately ignored because they can't be
				// returned in this context, this process is PID 1, so it has the
				// permissions to send signals to its childs and EINVAL would
				// mean to update the Go runtime or the kernel to something more
				// stable :)
				if isInstance && cmdPid > 0 {
					if err := syscall.Kill(-cmdPid, signal); err == syscall.ESRCH {
						sylog.Debugf("No child process, exiting ...")
						os.Exit(128 + int(signal))
					}
				} else if e.EngineConfig.GetSignalPropagation() && cmdPid > 0 {
					if err := syscall.Kill(cmdPid, signal); err == syscall.ESRCH {
						sylog.Debugf("No child process, exiting ...")
						os.Exit(128 + int(signal))
					}
				}
			}
		case err := <-errChan:
			if e, ok := err.(*exec.ExitError); ok {
				status, ok := e.Sys().(syscall.WaitStatus)
				if !ok {
					return fmt.Errorf("command exit with error: %s", err)
				}
				statusChan <- status
			} else if e, ok := err.(*os.SyscallError); ok {
				// handle possible race with Wait4 call above by ignoring ECHILD
				// error because child process was already caught
				//nolint:forcetypeassert
				if e.Err.(syscall.Errno) != syscall.ECHILD {
					sylog.Fatalf("error while waiting container process: %s", e.Error())
				}
			}
			if !isInstance {
				if len(statusChan) > 0 {
					status := <-statusChan
					if status.Signaled() {
						os.Exit(128 + int(status.Signal()))
					}
					os.Exit(status.ExitStatus())
				} else if err == nil {
					os.Exit(0)
				}
				sylog.Fatalf("command exited with unknown error: %s", err)
			}
		}
	}
}

// PostStartProcess is called from master after successful
// execution of the container process. It will write instance
// state/config files (if any).
//
// Additional privileges may be gained when running
// in suid flow. However, when a user namespace is requested and it is not
// a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
// and thus no additional privileges can be gained.
//
// Here, however, singularity engine does not escalate privileges.
func (e *EngineOperations) PostStartProcess(_ context.Context, pid int) error {
	sylog.Debugf("Post start process")

	callbackType := (singularitycallback.PostStartProcess)(nil)
	callbacks, err := plugin.LoadCallbacks(callbackType)
	if err != nil {
		return fmt.Errorf("while loading plugins callbacks '%T': %s", callbackType, err)
	}
	for _, cb := range callbacks {
		//nolint:forcetypeassert
		if err := cb.(singularitycallback.PostStartProcess)(e.CommonConfig, pid); err != nil {
			return err
		}
	}

	if e.EngineConfig.GetInstance() {
		name := e.CommonConfig.ContainerID

		if err := os.Chdir("/"); err != nil {
			return fmt.Errorf("failed to change directory to /: %s", err)
		}

		file, err := instance.Add(name, instance.SingSubDir)
		if err != nil {
			return err
		}

		pw, err := user.CurrentOriginal()
		if err != nil {
			return err
		}

		logErrPath, logOutPath, err := instance.GetLogFilePaths(name, instance.LogSubDir)
		if err != nil {
			return fmt.Errorf("could not find log paths: %s", err)
		}

		file.User = pw.Name
		file.Pid = pid
		file.PPid = os.Getpid()
		file.Image = e.EngineConfig.GetImage()
		file.LogErrPath = logErrPath
		file.LogOutPath = logOutPath

		ip, err := e.getIP()
		if err != nil {
			sylog.Warningf("Could not get ip for %s: %s", pw.Name, err)
		}
		file.IP = ip

		// by default we add all namespaces except the user namespace which
		// is added conditionally. This delegates checks to the C starter code
		// which will determine if a namespace needs to be joined by
		// comparing namespace inodes
		path := fmt.Sprintf("/proc/%d/ns", pid)
		namespaces := []struct {
			nstype string
			ns     specs.LinuxNamespaceType
		}{
			{"pid", specs.PIDNamespace},
			{"uts", specs.UTSNamespace},
			{"ipc", specs.IPCNamespace},
			{"mnt", specs.MountNamespace},
			{"cgroup", specs.CgroupNamespace},
			{"net", specs.NetworkNamespace},
		}
		for _, n := range namespaces {
			nspath := filepath.Join(path, n.nstype)
			e.EngineConfig.OciConfig.AddOrReplaceLinuxNamespace(n.ns, nspath)
		}
		for _, ns := range e.EngineConfig.OciConfig.Linux.Namespaces {
			if ns.Type == specs.UserNamespace {
				nspath := filepath.Join(path, "user")
				e.EngineConfig.OciConfig.AddOrReplaceLinuxNamespace(specs.UserNamespace, nspath)
				file.UserNs = true
				break
			}
		}

		// If we are using cgroups with this instance then mark that in the instance config.
		// We don't store the path, as we will get the cgroup manager by Pid.
		if e.EngineConfig.GetCgroupsJSON() != "" {
			file.Cgroup = true
		}

		// grab configuration to store in instance file
		file.Config, err = json.Marshal(e.CommonConfig)
		if err != nil {
			return err
		}

		err = file.Update()

		// send SIGUSR1 to the parent process in order to tell it
		// to detach container process and run as instance.
		// Sleep a bit in case child would exit
		time.Sleep(100 * time.Millisecond)
		if err := syscall.Kill(os.Getppid(), syscall.SIGUSR1); err != nil {
			return err
		}

		return err
	}
	return nil
}

func (e *EngineOperations) setPathEnv() {
	env := e.EngineConfig.OciConfig.Process.Env
	for _, keyval := range env {
		if strings.HasPrefix(keyval, "PATH=") {
			os.Setenv("PATH", keyval[5:])
			break
		}
	}
}

// runFuseDrivers execute FUSE drivers and returns the list of FUSE process ID.
func (e *EngineOperations) runFuseDrivers(fromContainer bool, usernsFd int) error {
	// set PATH for the command
	oldpath := os.Getenv("PATH")
	defer func() {
		os.Setenv("PATH", oldpath)
	}()

	if fromContainer {
		e.setPathEnv()
	} else {
		os.Setenv("PATH", env.DefaultPath)
	}

	for _, fd := range e.EngineConfig.GetUnixSocketPair() {
		if fd >= 0 {
			unix.Close(fd)
		}
	}

	var usernsFh *os.File

	if usernsFd >= 0 {
		usernsFh = os.NewFile(uintptr(usernsFd), "/proc/self/ns/user")
		if usernsFh == nil {
			// this should never happen
			return errors.New("cannot map /proc/self/ns/user file descriptor to a file handle")
		}
		defer usernsFh.Close()
	}

	fuseMounts := e.EngineConfig.GetFuseMount()
	for i := range fuseMounts {
		if fromContainer != fuseMounts[i].FromContainer {
			syscall.Close(fuseMounts[i].Fd)
			continue
		}

		mnt := fuseMounts[i].MountPoint
		program := fuseMounts[i].Program
		fd := fuseMounts[i].Fd

		sylog.Debugf("Running FUSE driver for %s as %v, fd %d", mnt, program, fd)

		fh := os.NewFile(uintptr(fd), "/dev/fuse")
		if fh == nil {
			// this should never happen
			return errors.New("cannot map /dev/fuse file descriptor to a file handle")
		}
		// the master process does not need this file descriptor after
		// running the program, make sure it gets closed; ignore any
		// errors that happen here
		defer fh.Close()

		// as we pass file handle as first element in ExtraFiles
		// the fuse file descriptor becomes 3 for the FUSE program
		args := append(program, "/dev/fd/3")

		// add -f to run FUSE in foreground mode
		if !fuseMounts[i].Daemon {
			args = append(args, "-f")
		}

		cmd := exec.Command(args[0], args[1:]...)
		cmd.Stderr = os.Stderr
		cmd.Stdout = os.Stdout

		// Add the /dev/fuse file descriptor to the list of file
		// descriptors to be passed to the new process.
		// The Go library will set things up so that stdin, stdout
		// and stderr are 0, 1, and 2, so the first element of
		// ExtraFiles gets 3
		cmd.ExtraFiles = make([]*os.File, 1)
		cmd.ExtraFiles[0] = fh

		// Add /proc/<container_pid>/ns/user file descriptor for nsenter
		// so it could join the container user namespace by using /dev/fd/4
		if usernsFh != nil {
			cmd.ExtraFiles = append(cmd.ExtraFiles, usernsFh)
		}

		if fuseMounts[i].Daemon {
			if err := cmd.Run(); err != nil {
				cmdline := strings.Join(args, " ")
				return fmt.Errorf("could not start program %s: %s", cmdline, err)
			}
		} else {
			if err := cmd.Start(); err != nil {
				cmdline := strings.Join(args, " ")
				return fmt.Errorf("could not start program %s: %s", cmdline, err)
			}
			fuseMounts[i].Cmd = cmd
		}
	}

	return nil
}

// stopFuseDrivers notifies FUSE drivers running in foreground mode
// with a SIGTERM signal.
func (e *EngineOperations) stopFuseDrivers() {
	for _, fuseMount := range e.EngineConfig.GetFuseMount() {
		if fuseMount.Cmd != nil {
			cmd := fuseMount.Cmd
			if err := cmd.Process.Signal(syscall.SIGTERM); err != nil {
				sylog.Warningf("Can not send SIGTERM to FUSE process: %s", err)
				continue
			}
			mnt := fuseMount.MountPoint
			_, err := cmd.Process.Wait()
			if err != nil {
				sylog.Warningf("FUSE process for mount point %s terminated with error: %s", mnt, err)
			} else {
				sylog.Debugf("FUSE process for mount point %s terminated", mnt)
			}
		}
	}
}

func (e *EngineOperations) getIP() (string, error) {
	if networkSetup == nil {
		return "", nil
	}

	net := strings.Split(e.EngineConfig.GetNetwork(), ",")

	ip, err := networkSetup.GetNetworkIP(net[0], "4")
	if err == nil {
		return ip.String(), nil
	}
	sylog.Warningf("Could not get ipv4 %s", err)

	ip, err = networkSetup.GetNetworkIP(net[0], "6")
	if err == nil {
		return ip.String(), nil
	}
	sylog.Warningf("Could not get ipv6 %s", err)

	return "", errors.New("could not get ip")
}

func getExecError(err error, args []string, shell string) error {
	// We know the shell exists at this point, so let's inspect its architecture
	if shell == "" {
		shell = defaultShell
	}
	elfArch, elfErr := machine.ArchFromElf(shell)
	if elfErr != nil && elfErr != machine.ErrUnknownArch {
		return fmt.Errorf("failed to open %s for inspection: %s", shell, elfErr)
	} else if elfErr == machine.ErrUnknownArch {
		elfArch = "unknown architecture"
	}
	if elfArch != runtime.GOARCH {
		return fmt.Errorf("image targets '%s', cannot run on '%s'", elfArch, runtime.GOARCH)
	}
	// Assume a missing shared library on ENOENT
	if err == syscall.ENOENT {
		return fmt.Errorf("exec %s failed: a shared library is likely missing in the image", args[0])
	}
	// Return the raw error as a last resort
	return fmt.Errorf("exec %s failed: %s", args[0], err)
}

func (e *EngineOperations) execProcess(args, env []string) error {
	err := syscall.Exec(args[0], args, env)
	if err == nil {
		return nil
	}
	if err == syscall.ENOEXEC && args[0] != defaultShell {
		args = append([]string{defaultShell}, args...)
		return e.execProcess(args, env)
	}
	return getExecError(err, args, e.EngineConfig.GetShell())
}

// bufferCloser wraps a bytes.Buffer with a Close method
// required by the open handler of the shell interpreter.
type bufferCloser struct {
	bytes.Buffer
}

func (b *bufferCloser) Close() error {
	b.Reset()
	return nil
}

// Register a virtual file /.singularity.d/env/inject-singularity-env.sh sourced
// after /.singularity.d/env/99-base.sh or /environment.
// This handler turns all SINGUALRITYENV_KEY=VAL defined variables into their form:
// export KEY=VAL. It can be sourced only once otherwise it returns an empty content.
// If noEval is true then exports are single quoted so their content is not evaluated
// when the script is sourced (OCI compatible behavior).
// If noEval is false then exports are double quoted, and their content is evaluated,
// consuming one level of shell escaping and performing any unescaped var substitution,
// subshell execution etc (Singularity historic behavior).
func injectEnvHandler(senv map[string]string, noEval bool) interpreter.OpenHandler {
	var once sync.Once

	return func(_ string, _ int, _ os.FileMode) (io.ReadWriteCloser, error) {
		b := new(bufferCloser)

		once.Do(func() {
			defaultPathSnippet := `
			if ! test -v PATH; then
				export PATH=%q
			fi
			`
			b.WriteString(fmt.Sprintf(defaultPathSnippet, env.DefaultPath))

			snippet := `
			if test -v %[1]s; then
				sylog debug "Overriding %[1]s environment variable"
			fi
			export %[1]s=%[2]s
			`
			for key, value := range senv {
				if key == "LD_LIBRARY_PATH" && value != "" {
					value = value + ":/.singularity.d/libs"
				}
				if noEval {
					// No evaluation when the export is sourced
					value = "'" + shell.EscapeSingleQuotes(value) + "'"
				} else {
					// Shell evaluation when the export is sourced
					value = "\"" + shell.EscapeDoubleQuotes(value) + "\""
				}
				b.WriteString(fmt.Sprintf(snippet, key, value))
			}
		})

		return b, nil
	}
}

func runtimeVarsHandler() interpreter.OpenHandler {
	var once sync.Once

	return func(path string, _ int, _ os.FileMode) (io.ReadWriteCloser, error) {
		b := new(bufferCloser)

		once.Do(func() {
			b.WriteString(files.RuntimeVars)
		})

		return b, nil
	}
}

// sylogBuiltin allows to use sylog logger from shell script.
func sylogBuiltin(_ context.Context, argv []string) error {
	if len(argv) < 2 {
		return fmt.Errorf("sylog builtin requires two arguments")
	}
	switch argv[0] {
	case "info":
		sylog.Infof(argv[1])
	case "error":
		sylog.Errorf(argv[1])
	case "verbose":
		sylog.Verbosef(argv[1])
	case "debug":
		sylog.Debugf(argv[1])
	case "warning":
		sylog.Warningf(argv[1])
	}
	return nil
}

// getAllEnvBuiltin display all exported variables in the form KEY=VALUE.
func getAllEnvBuiltin() interpreter.ShellBuiltin {
	return func(ctx context.Context, argv []string) error {
		hc := interp.HandlerCtx(ctx)

		keyRe := regexp.MustCompile(`^[a-zA-Z_]+[a-zA-Z0-9_]*$`)

		for _, env := range interpreter.GetEnv(hc) {
			// Exclude environment vars that contain invalid characters
			// in their KEY - e.g. bash functions in the environment
			// like "BASH_FUNC_module%%"
			key := strings.SplitN(env, "=", 2)[0]
			if !keyRe.MatchString(key) {
				sylog.Debugf("Not exporting %q to container environment: invalid key", key)
				continue
			}
			// Because we are using IFS=\n we need to escape newlines here and
			// unescape them in the action script when we export the var again.
			//
			// This is imperfect - it is not possible to represent a string
			// containing a literal '\u000A' (unicode escaped newline) in it.
			//
			// Full escaping / unescaping requires iterative parsing of the
			// string in the action script. This is too awkward and slow in
			// shell code. If we can use `printf -v VAR "%b" ...` from mvdan.cc/sh
			// in future, we may be able to revisit this.
			env := strings.Replace(env, "\n", "\\u000A", -1)
			fmt.Fprintf(hc.Stdout, "%s\n", env)
		}
		return nil
	}
}

// fixPathBuiltin takes the current path value to fix it by injecting
// missing default path and returns value on shell interpreter output.
func fixPathBuiltin(ctx context.Context, _ []string) error {
	hc := interp.HandlerCtx(ctx)

	currentPath := filepath.SplitList(hc.Env.Get("PATH").String())
	finalPath := currentPath

	for _, d := range filepath.SplitList(env.DefaultPath) {
		found := false
		for _, p := range currentPath {
			if d == p {
				found = true
				continue
			}
		}
		if !found {
			finalPath = append(finalPath, d)
		}
	}

	listSep := string(os.PathListSeparator)
	fmt.Fprintf(hc.Stdout, "%s\n", strings.Join(finalPath, listSep))
	return nil
}

// hashBuiltin is a noop function for hash bash builtin, since we don't
// store resolved path in a hash table, there is nothing to do.
func hashBuiltin(context.Context, []string) error {
	return nil
}

func umaskBuiltin(ctx context.Context, argv []string) error {
	hc := interp.HandlerCtx(ctx)

	if len(argv) == 0 {
		old := unix.Umask(0)
		unix.Umask(old)
		fmt.Fprintf(hc.Stdout, "%#.4o\n", old)
	} else {
		umask, err := strconv.ParseUint(argv[0], 8, 16)
		if err != nil {
			return fmt.Errorf("umask: %s: invalid octal number: %s", argv[0], err)
		}
		unix.Umask(int(umask))
	}

	return nil
}

// runActionScript interprets and executes the action script within
// an embedded shell interpreter.
func runActionScript(engineConfig *singularityConfig.EngineConfig) ([]string, []string, error) {
	args := engineConfig.OciConfig.Process.Args
	env := append(engineConfig.OciConfig.Process.Env, "SINGULARITY_COMMAND="+filepath.Base(args[0]))

	b := bytes.NewBufferString(files.ActionScript)

	shell, err := interpreter.New(b, args[0], args[1:], env)
	if err != nil {
		return nil, nil, err
	}

	execBuiltin := func(ctx context.Context, argv []string) error {
		cmd, err := shell.LookPath(ctx, argv[0])
		if err != nil {
			return err
		}
		env = interpreter.GetEnv(interp.HandlerCtx(ctx))
		argv[0] = cmd
		args = argv
		return nil
	}

	// inject SINGULARITYENV_ defined variables
	senv := engineConfig.GetSingularityEnv()
	shell.RegisterOpenHandler("/.inject-singularity-env.sh", injectEnvHandler(senv, engineConfig.GetNoEval()))

	shell.RegisterOpenHandler("/.singularity.d/env/99-runtimevars.sh", runtimeVarsHandler())

	// register few builtin
	shell.RegisterShellBuiltin("getallenv", getAllEnvBuiltin())
	shell.RegisterShellBuiltin("sylog", sylogBuiltin)
	shell.RegisterShellBuiltin("fixpath", fixPathBuiltin)
	shell.RegisterShellBuiltin("hash", hashBuiltin)
	shell.RegisterShellBuiltin("umask_builtin", umaskBuiltin)

	// exec builtin won't execute the command but instead
	// it returns arguments and environment variables and
	// let the responsibility to the caller of this
	// function to execute the command
	shell.RegisterShellBuiltin("exec", execBuiltin)

	err = shell.Run(context.TODO())
	if err != nil {
		if shell.Status() != 0 {
			os.Exit(int(shell.Status()))
		}
		return nil, nil, err
	}

	if len(args) > 0 && args[0] == "/.singularity.d/runscript" {
		b, err := getDockerRunscript(args[0])
		if err != nil {
			return nil, nil, err
		} else if b != nil {
			interp, err := interpreter.New(b, args[0], args[1:], env)
			if err != nil {
				return nil, nil, err
			}
			interp.RegisterShellBuiltin("exec", execBuiltin)
			err = interp.Run(context.TODO())
			if err != nil {
				if interp.Status() != 0 {
					os.Exit(int(interp.Status()))
				}
				return nil, nil, err
			}
		}
	}

	return args, env, nil
}

// getDockerRunscript returns the content as a reader of
// the default runscript set for docker images if any.
func getDockerRunscript(path string) (io.Reader, error) {
	r, err := os.ReadFile(path)
	if err != nil {
		return nil, fmt.Errorf("while reading %s: %s", path, err)
	}
	var b bytes.Buffer

	if _, err := b.Write(r); err != nil {
		return nil, err
	}

	scanner := bufio.NewScanner(&b)

	for scanner.Scan() {
		if scanner.Text() == "eval \"set ${SINGULARITY_OCI_RUN}\"" {
			b.Reset()
			if _, err := b.Write(r); err != nil {
				return nil, err
			}
			return &b, nil
		}
	}

	return nil, nil
}