diff --git a/01_set_env.sh b/01_set_env.sh new file mode 100644 index 0000000..dda5dad --- /dev/null +++ b/01_set_env.sh @@ -0,0 +1,14 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +## Set our dynamic variables in Renviron.site to be reflected by RStudio Server or Shiny Server +exclude_vars="HOME PASSWORD RSTUDIO_VERSION BATCH_USER_CREATION" +for file in /var/run/s6/container_environment/* +do + sed -i "/^${file##*/}=/d" ${R_HOME}/etc/Renviron.site + regex="(^| )${file##*/}($| )" + [[ ! $exclude_vars =~ $regex ]] && echo "${file##*/}=$(cat $file)" >> ${R_HOME}/etc/Renviron.site || echo "skipping $file" +done + +## only file-owner (root) should read container_environment files: +chmod 600 /var/run/s6/container_environment/* diff --git a/02_userconf.sh b/02_userconf.sh new file mode 100644 index 0000000..a604569 --- /dev/null +++ b/02_userconf.sh @@ -0,0 +1,118 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +## Set defaults for environmental variables in case they are undefined +DEFAULT_USER=${DEFAULT_USER:-rstudio} +USER=${USER:=${DEFAULT_USER}} +USERID=${USERID:=1000} +GROUPID=${GROUPID:=1000} +ROOT=${ROOT:=FALSE} +UMASK=${UMASK:=022} +LANG=${LANG:=en_US.UTF-8} +TZ=${TZ:=Etc/UTC} +HOME=/home/${USER} + +bold=$(tput bold) +normal=$(tput sgr0) + +if [[ ${DISABLE_AUTH,,} == "true" ]] + +then + mv /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf + echo "USER=$USER" >> /etc/environment +fi + +if grep --quiet "auth-none=1" /etc/rstudio/rserver.conf +then + echo "Skipping authentication as requested" +elif [ -z "$PASSWORD" ] +then + PASSWORD=$(pwgen 16 1) + printf "\n\n" + tput bold + printf "The password is set to \e[31m%s\e[39m\n" "$PASSWORD" + printf "If you want to set your own password, set the PASSWORD environment variable. e.g. run with:\n" + printf "docker run -e PASSWORD=\e[92m\e[39m -p 8787:8787 rocker/rstudio\n" + tput sgr0 + printf "\n\n" +fi + +if [ "$USERID" -lt 1000 ] +# Probably a macOS user, https://github.com/rocker-org/rocker/issues/205 + then + echo "$USERID is less than 1000" + check_user_id=$(grep -F "auth-minimum-user-id" /etc/rstudio/rserver.conf) + if [[ ! -z $check_user_id ]] + then + echo "minumum authorised user already exists in /etc/rstudio/rserver.conf: $check_user_id" + else + echo "setting minumum authorised user to 499" + echo auth-minimum-user-id=499 >> /etc/rstudio/rserver.conf + fi +fi + +if [ "$USERID" -ne 1000 ] +## Configure user with a different USERID if requested. + then + echo "deleting the default user" + userdel $DEFAULT_USER + echo "creating new $USER with UID $USERID" + useradd -m $USER -u $USERID + mkdir -p /home/$USER + chown -R $USER /home/$USER + usermod -a -G staff $USER +elif [ "$USER" != "$DEFAULT_USER" ] + then + ## cannot move home folder when it's a shared volume, have to copy and change permissions instead + cp -r /home/$DEFAULT_USER/* /home/$USER + cp -r /home/$DEFAULT_USER/.??* /home/$USER + ## RENAME the user + usermod -l $USER -d /home/$USER $DEFAULT_USER + groupmod -n $USER $DEFAULT_USER + usermod -a -G staff $USER + chown -R $USER:$USER /home/$USER + echo "USER is now $USER" +fi + +[ "$USER" != "rstudio" ] && rm -fr /home/rstudio + +if [ "$GROUPID" -ne 1000 ] +## Configure the primary GID (whether rstudio or $USER) with a different GROUPID if requested. + then + echo "Modifying primary group $(id $USER -g -n)" + groupmod -g $GROUPID $(id $USER -g -n) + echo "Primary group ID is now custom_group $GROUPID" +fi + +if [[ ${DISABLE_AUTH,,} != "true" ]] +then + ## Add a password to user + echo "$USER:$PASSWORD" | chpasswd +fi + +# Use Env flag to know if user should be added to sudoers +if [[ ${ROOT,,} == "true" ]] + then + adduser $USER sudo && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + echo "$USER added to sudoers" +fi + +## Change Umask value if desired +if [ "$UMASK" -ne 022 ] + then + echo "server-set-umask=false" >> /etc/rstudio/rserver.conf + echo "Sys.umask(mode=$UMASK)" >> /home/$USER/.Rprofile +fi + +## Next one for timezone setup +if [ "$TZ" != "Etc/UTC" ] + then + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone +fi + +## Update Locale if needed +if [ "$LANG" != "en_US.UTF-8" ] + then + /usr/sbin/locale-gen --lang $LANG + /usr/sbin/update-locale --reset LANG=$LANG +fi diff --git a/Dockerfile b/Dockerfile index 264da0d..815b8cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,5 @@ -FROM rocker/r-ver:4.1.3 +FROM d4science/r-full:latest -LABEL org.opencontainers.image.licenses="GPL-2.0-or-later" \ - org.opencontainers.image.source="https://github.com/rocker-org/rocker-versioned2" \ - org.opencontainers.image.vendor="Rocker Project" \ - org.opencontainers.image.authors="Carl Boettiger " ENV S6_VERSION=v2.1.0.2 ENV RSTUDIO_VERSION=2022.02.1+461 @@ -11,52 +7,6 @@ ENV DEFAULT_USER=rstudio ENV PANDOC_VERSION=default ENV PATH=/usr/lib/rstudio-server/bin:$PATH -# Install OpenJDK -RUN apt-get update && apt-get install -y openjdk-8-jdk-headless openjdk-8-jre-headless - -# Some R dependencies -RUN apt-get update && apt-get install -y \ - libxml2 \ - git \ - gdal-bin \ - netcdf-bin \ - sshpass \ - p7zip-full \ - sox \ - imagemagick \ - proj-bin \ - proj-data \ - libgsl23 \ - postgresql-server-dev-all \ - libsecret-1-0 - -# Install the R packages we need, using the binary distribution -# at https://packagemanager.rstudio.com/client/#/repos/1/overview -ADD https://code-repo.d4science.org/gCubeSystem/r-packages-list/raw/branch/master/install2r-packages.txt /tmp -RUN for f in `cat /tmp/install2r-packages.txt` ; do install2.r --error --skipinstalled --ncpus -1 $f ; done - -# Non CRAN repositories -ADD https://code-repo.d4science.org/gCubeSystem/r-packages-list/raw/branch/master/r_non_cran_pkgs.txt /tmp -RUN for l in `cat /tmp/r_non_cran_pkgs.txt` ; do \ - pkg=`echo $l | cut -d : -f 1` ; \ - mirror=`echo $l | cut -d : -f 2-` ; \ - Rscript --slave --no-site-file --no-init-file --no-save --no-restore-history \ - -e "install.packages(pkgs='$pkg', repos=c('$mirror/'));" ; done - -# From github -ADD https://code-repo.d4science.org/gCubeSystem/r-packages-list/raw/branch/master/r_github_pkgs.txt /tmp -RUN mkdir -p /etc/R -#RUN echo "GITHUB_PAT=$GITHUB_PAT" >> /etc/R/Renviron.site -#RUN for g in `cat /tmp/r_github_pkgs.txt` ; do \ -# Rscript --slave --no-site-file --no-init-file --no-save --no-restore-history \ -# -e " require(devtools); devtools::install_github('$g')" ; done -#RUN for g in `cat /tmp/r_github_pkgs.txt` ; do installGithub.r -d TRUE -u FALSE -r https://packagemanager.rstudio.com/all/__linux__/focal/latest $g ; done -#RUN grep -v "GITHUB_PATH" /etc/R/Renviron.site > /etc/R/Renviron.site.1 -#RUN mv -f /etc/R/Renviron.site.1 /etc/R/Renviron.site -RUN installGithub.r -d TRUE -u FALSE -r https://packagemanager.rstudio.com/all/__linux__/focal/latest DanOvando/sraplus - -# Ensure that we remove the source packages -RUN rm -fr /tmp/downloaded_packages/* RUN /rocker_scripts/install_rstudio.sh RUN /rocker_scripts/install_pandoc.sh @@ -68,12 +18,14 @@ RUN mkdir /workspace RUN echo "www-frame-origin=same" >> /etc/rstudio/disable_auth_rserver.conf RUN echo "www-verify-user-agent=0" >> /etc/rstudio/disable_auth_rserver.conf -ADD 03_setup_root_path.sh /etc/cont-init.d/03_setup_root_path.sh +ADD 01_set_env.sh /etc/cont-init.d/01_set_env +ADD 02_userconf.sh /etc/cont-init.d/02_userconf +ADD 03_setup_root_path.sh /etc/cont-init.d/03_setup_root_path # By default RStudio does not give access to all enviornment variables defined in the container (e.g. using ShinyProxy). # Uncomment the next line, to change this behavior. -#ADD 04_copy_env.sh /etc/cont-init.d/04_copy_env.sh -ADD 05_setup_rsession_parameters.sh /etc/cont-init.d/05_setup_rsession_parameters.sh +#ADD 04_copy_env.sh /etc/cont-init.d/04_copy_env +ADD 05_setup_rsession_parameters.sh /etc/cont-init.d/05_setup_rsession_parameters EXPOSE 8787