From ed286a3f526402c1d79af7e9df03eeafd2afdced Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 10 Apr 2023 22:19:19 +0200
Subject: [PATCH] New modality of building the images

---
 01_set_env.sh                   |  16 -----
 02_userconf.sh                  | 120 --------------------------------
 03_setup_root_path.sh           |  11 ---
 04_copy_env.sh                  |   5 --
 05_setup_rsession_parameters.sh |  13 ----
 06-fuse-logback.xml             |  24 -------
 06_workspace_mount.sh           |  64 -----------------
 Dockerfile                      |  89 ++---------------------
 README.md                       |  12 +---
 rsession.conf                   |  11 +++
 10 files changed, 17 insertions(+), 348 deletions(-)
 delete mode 100644 01_set_env.sh
 delete mode 100644 02_userconf.sh
 delete mode 100644 03_setup_root_path.sh
 delete mode 100644 04_copy_env.sh
 delete mode 100644 05_setup_rsession_parameters.sh
 delete mode 100644 06-fuse-logback.xml
 delete mode 100644 06_workspace_mount.sh
 create mode 100644 rsession.conf

diff --git a/01_set_env.sh b/01_set_env.sh
deleted file mode 100644
index 17eb16f..0000000
--- a/01_set_env.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# shellcheck shell=bash
-
-if [ -d "/var/run/s6/container_environment" ] ; then
-  ## Set our dynamic variables in Renviron.site to be reflected by RStudio Server or Shiny Server
-  exclude_vars="HOME PASSWORD RSTUDIO_VERSION BATCH_USER_CREATION"
-  for file in /var/run/s6/container_environment/*
-  do
-    sed -i "/^${file##*/}=/d" ${R_HOME}/etc/Renviron.site
-    regex="(^| )${file##*/}($| )"
-    [[ ! $exclude_vars =~ $regex ]] && echo "${file##*/}=$(cat $file)" >> ${R_HOME}/etc/Renviron.site || echo "skipping $file"
-  done
-
-  ## only file-owner (root) should read container_environment files:
-  chmod 600 /var/run/s6/container_environment/*
-fi
diff --git a/02_userconf.sh b/02_userconf.sh
deleted file mode 100644
index 467cd3b..0000000
--- a/02_userconf.sh
+++ /dev/null
@@ -1,120 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-## Set defaults for environmental variables in case they are undefined
-DEFAULT_USER=${DEFAULT_USER:-rstudio}
-USER=${USER:=${DEFAULT_USER}}
-USERID=${USERID:=1000}
-GROUPID=${GROUPID:=1000}
-ROOT=${ROOT:=FALSE}
-UMASK=${UMASK:=022}
-LANG=${LANG:=en_US.UTF-8}
-TZ=${TZ:=Etc/UTC}
-HOME=/home/${USER}
-
-bold=$(tput bold)
-normal=$(tput sgr0)
-
-if [[ ${DISABLE_AUTH,,} == "true" ]]
-
-then
-        mv /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
-        echo "USER=$USER" >> /etc/environment
-fi
-
-if grep --quiet "auth-none=1" /etc/rstudio/rserver.conf
-then
-        echo "Skipping authentication as requested"
-elif [ -z "$PASSWORD" ]
-then
-    PASSWORD=$(pwgen 16 1)
-    printf "\n\n"
-    tput bold
-    printf "The password is set to \e[31m%s\e[39m\n" "$PASSWORD"
-    printf "If you want to set your own password, set the PASSWORD environment variable. e.g. run with:\n"
-    printf "docker run -e PASSWORD=\e[92m<YOUR_PASS>\e[39m -p 8787:8787 rocker/rstudio\n"
-    tput sgr0
-    printf "\n\n"
-fi
-
-if [ "$USERID" -lt 1000 ]
-# Probably a macOS user, https://github.com/rocker-org/rocker/issues/205
-  then
-    echo "$USERID is less than 1000"
-    check_user_id=$(grep -F "auth-minimum-user-id" /etc/rstudio/rserver.conf)
-    if [[ ! -z $check_user_id ]]
-    then
-      echo "minumum authorised user already exists in /etc/rstudio/rserver.conf: $check_user_id"
-    else
-      echo "setting minumum authorised user to 499"
-      echo auth-minimum-user-id=499 >> /etc/rstudio/rserver.conf
-    fi
-fi
-
-if [ "$USERID" -ne 1000 ]
-## Configure user with a different USERID if requested.
-  then
-    echo "deleting the default user"
-    userdel $DEFAULT_USER
-    echo "creating new $USER with UID $USERID"
-    useradd -m $USER -u $USERID
-    mkdir -p /home/$USER
-    chown -R $USER /home/$USER
-    usermod -a -G staff $USER
-elif [ "$USER" != "$DEFAULT_USER" ]
-  then
-    ## cannot move home folder when it's a shared volume, have to copy and change permissions instead
-    if ! [ -f /home/$USER/.profile ]
-      then
-        cp -r /home/$DEFAULT_USER/.??* /home/$USER || true
-    fi
-    ## RENAME the user
-    usermod -l $USER -d /home/$USER $DEFAULT_USER
-    groupmod -n $USER $DEFAULT_USER
-    usermod -a -G staff $USER
-    chown -R $USER:$USER /home/$USER
-    echo "USER is now $USER"
-fi
-
-[ "$USER" != "rstudio" ] && rm -fr /home/rstudio
-
-if [ "$GROUPID" -ne 1000 ]
-## Configure the primary GID (whether rstudio or $USER) with a different GROUPID if requested.
-  then
-    echo "Modifying primary group $(id $USER -g -n)"
-    groupmod -g $GROUPID $(id $USER -g -n)
-    echo "Primary group ID is now custom_group $GROUPID"
-fi
-
-if [[ ${DISABLE_AUTH,,} != "true" ]]
-then
-    ## Add a password to user
-    echo "$USER:$PASSWORD" | chpasswd
-fi
-
-# Use Env flag to know if user should be added to sudoers
-if [[ ${ROOT,,} == "true" ]]
-  then
-    adduser $USER sudo && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
-    echo "$USER added to sudoers"
-fi
-
-## Change Umask value if desired
-if [ "$UMASK" -ne 022 ]
-  then
-    echo "server-set-umask=false" >> /etc/rstudio/rserver.conf
-    echo "Sys.umask(mode=$UMASK)" >> /home/$USER/.Rprofile
-fi
-
-## Next one for timezone setup
-if [ "$TZ" !=  "Etc/UTC" ]
-  then
-    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-fi
-
-## Update Locale if needed
-if [ "$LANG" !=  "en_US.UTF-8" ]
-  then
-    /usr/sbin/locale-gen --lang $LANG
-    /usr/sbin/update-locale --reset LANG=$LANG
-fi
diff --git a/03_setup_root_path.sh b/03_setup_root_path.sh
deleted file mode 100644
index e282d68..0000000
--- a/03_setup_root_path.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-echo "root path: $WWW_ROOT_PATH"
-
-if [[ ! -z $WWW_ROOT_PATH ]]
-then
-        echo "Set www-root-path to $WWW_ROOT_PATH"
-        echo "www-root-path=$WWW_ROOT_PATH" >> /etc/rstudio/rserver.conf
-else
-        echo "Not setting www-root-path"
-fi
diff --git a/04_copy_env.sh b/04_copy_env.sh
deleted file mode 100644
index 7a378e6..0000000
--- a/04_copy_env.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-printenv >> /etc/R/Renviron.site
-
-printenv > /home/$USER/.Renviron
diff --git a/05_setup_rsession_parameters.sh b/05_setup_rsession_parameters.sh
deleted file mode 100644
index bacdb6d..0000000
--- a/05_setup_rsession_parameters.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
-echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
-echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
-echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
-echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
-#echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
-echo "allow-shell=1" >> /etc/rstudio/rsession.conf
-#echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
-echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
-echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
-#echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf
diff --git a/06-fuse-logback.xml b/06-fuse-logback.xml
deleted file mode 100644
index dd761e2..0000000
--- a/06-fuse-logback.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration scan="true" scanPeriod="60 seconds" debug="false">
-  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <file>/var/log/workspace-lib/fuse-workspace.log</file>
-    <append>true</append>
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{0}: %msg%n
-      </pattern>
-    </encoder>
-    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-      <fileNamePattern>./var/log/workspace-lib/fuse-workspace.log%d{yyyy-MM-dd}.log</fileNamePattern>
-      <maxHistory>30</maxHistory>
-      <maxFileSize>10MB</maxFileSize>
-      <totalSizeCap>100MB</totalSizeCap>
-    </rollingPolicy>
-  </appender>
-
-  <logger name="org.gcube.data.access.storagehub.fs" level="WARN" />
-  <logger name="org.gcube" level="WARN" />
-
-  <root level="WARN">
-    <appender-ref ref="FILE" />
-  </root>
-</configuration>
diff --git a/06_workspace_mount.sh b/06_workspace_mount.sh
deleted file mode 100644
index 2963402..0000000
--- a/06_workspace_mount.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Functions that decode a JWT token
-_decode_base64_url() {
-  local len=$((${#1} % 4))
-  local result="$1"
-  if [ $len -eq 2 ]; then result="$1"'=='
-  elif [ $len -eq 3 ]; then result="$1"'='
-  fi
-  echo "$result" | tr '_-' '/+' | base64 -d
-}
-
-# $1 => JWT to decode
-# $2 => either 1 for header or 2 for body (default is 2)
-decode_jwt() { _decode_base64_url $(echo -n $1 | cut -d "." -f ${2:-2}) | jq .; }
-
-_workspace_scope="/d4science.research-infrastructures.eu"
-echo "Manage the user's workspace"
-workspace_dir='/workspace'
-workspace_logdir='/var/log/workspace-lib'
-workspace_libdir='/opt/workspace-lib'
-workspace_fuse_jar="$workspace_libdir/fuse-workspace.jar"
-
-[[ ! -d "$workspace_dir" ]] || [[ -z `ls -A "$workspace_dir"` ]] || mv $workspace_dir ${workspace_dir}.old
-
-mkdir -p $workspace_dir
-chown ${USER}:${USER} $workspace_dir
-chown -R ${USER}:${USER} $workspace_logdir
-chmod 444 $workspace_fuse_jar
-
-_retval=
-if [ -d /home/${USER}/workspace ]; then
-  rmdir /home/${USER}/workspace
-  _retval=$?
-  if [ $_retval -ne 0 ]; then
-      echo "The user has a directory named 'workspace' inside their home directory and it is not empty."
-      echo "Not starting the workspace mount"
-      exit $_retval
-  fi
-fi
-
-echo "Mount the workspace"
-su - "$USER" -c "/usr/bin/java  -cp .:${workspace_dir}:${workspace_logdir}/ -Dlogback.configurationFile=${workspace_logdir}/logback.xml -jar $workspace_fuse_jar $SHINYPROXY_OIDC_ACCESS_TOKEN ${_workspace_scope} $workspace_dir" >/dev/null 2>&1 &
-
-sleep 5
-_retval=
-_fuse_process=$(ps auwwx | grep fuse | grep java)
-_retval=$?
-if [ $_retval -ne 0 ]; then
-  echo "The mount of the workspace failed"
-  exit 1
-else
-  pushd /home/${USER}
-  if [ $? -ne 0 ]; then
-    if ! [ -L workspace ]; then
-      su - "$USER" -c "ln -s $workspace_dir /workspace"
-    fi
-  else
-    echo "Cannot cd inside the user's home directory"
-    exit 1
-  fi
-  echo "The workspace has been mounted"
-  exit 0
-fi
diff --git a/Dockerfile b/Dockerfile
index 90dff6f..20fcc3b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,93 +1,12 @@
-FROM d4science/r-studio-requirement
+FROM d4science/rstudio-base:2023-03-R4-2
 
 LABEL org.d4science.image.licenses="EUPL-1.2" \
-      org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-requirement" \
+      org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-test" \
       org.d4science.image.vendor="D4Science <https://www.d4science.org>" \
       org.d4science.image.authors="Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>, Roberto Cirillo <roberto.cirillo@isti.cnr.it>" \
       org.d4science.image.r_version="2022.02.1+461"
 
-ARG NB_USER="jovyan"
-ARG NB_UID="1000"
-ARG NB_GID="100"
-ARG HOME="/home/${NB_USER}"
-ENV S6_VERSION=v2.1.0.2
-ENV RSTUDIO_VERSION=2022.02.1+461
-ENV DEFAULT_USER="jovyan"
-ENV USERID="1000"
-ENV GROUPID="100"
-ENV PANDOC_VERSION=default
-ENV PATH=/usr/lib/rstudio-server/bin:$PATH
-ENV DEBIAN_FRONTEND=noninteractive
-ENV R_HOME=/usr/local/lib/R
-# Configure environment
-ENV SHELL=/bin/bash \
-    NB_USER="${NB_USER}" \
-    NB_UID=${NB_UID} \
-    NB_GID=${NB_GID} \
-    LC_ALL=en_US.UTF-8 \
-    LANG=en_US.UTF-8 \
-    LANGUAGE=en_US.UTF-8
-ENV HOME="/home/${NB_USER}"
-
-RUN apt-get update --yes && \
-    apt-get upgrade --yes && \
-    apt-get install --yes --no-install-recommends \
-    python3 python3-pip \
-    curl
-RUN /rocker_scripts/install_rstudio.sh
-
-# This part comes from https://github.com/openanalytics/shinyproxy-rstudio-ide-demo/blob/master/Dockerfile
-RUN echo "www-frame-origin=same" >> /etc/rstudio/disable_auth_rserver.conf
-RUN echo "www-verify-user-agent=0" >> /etc/rstudio/disable_auth_rserver.conf
-
-# ADD 02_userconf.sh /etc/cont-init.d/02_userconf
-RUN mv -f /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
-RUN echo "USER=$NB_USER" >> /etc/environment
-
-# ADD 03_setup_root_path.sh /etc/cont-init.d/03_setup_root_path
-# ADD 05_setup_rsession_parameters.sh /etc/cont-init.d/05_setup_rsession_parameters
-RUN echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
-RUN echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
-RUN echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
-RUN echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
-RUN echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
-RUN #echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
-RUN echo "allow-shell=1" >> /etc/rstudio/rsession.conf
-RUN #echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
-RUN echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
-RUN echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
-RUN #echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf
+COPY rsession.conf /etc/rstudio/rsession.conf
+RUN chmod 0644 /etc/rstudio/rsession.conf
 RUN curl -o "${R_HOME}/etc/Rprofile.site" "https://code-repo.d4science.org/gCubeSystem/rstudio-rprofile/raw/branch/master/jupyter-Rprofile.site"
 
-# Copy a script that we will use to correct permissions after running certain commands
-COPY fix-permissions /usr/local/bin/fix-permissions
-RUN chmod a+rx /usr/local/bin/fix-permissions
-
-# Create NB_USER with name jovyan user with UID=1000 and in the 'users' group
-# and make sure these dirs are writable by the `users` group.
-RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
-    sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
-    sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
-    userdel -r "${NB_USER}" && \
-    useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
-    chmod g+w /etc/passwd && \
-    fix-permissions "${HOME}"
-
-# Install the jupiterhub proxy
-RUN pip3 install \
-    jsonschema'[format,format-nongpl]' \
-    jupyterhub \
-    jupyterlab \
-    jupyter-rsession-proxy \
-    jupyter-server-proxy \
-    notebook
-
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* && \
-    echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
-    locale-gen
-
-# Enable prompt color in the skeleton .bashrc before creating the default NB_USER
-# hadolint ignore=SC2016
-RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc
-
-WORKDIR ${HOME}
diff --git a/README.md b/README.md
index 3332270..b35daa0 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,4 @@
-# Pipeline-Docker-Template
+# Rstudio test image
 
-This is a template useful for building docker images and push to dockerhub.
-There is a jenkinsjob template on our jenkins with the same name.
+This image is built from the rstudio-base image, to test changes to packages and the environment.
 
-
-## USAGE TIPS:
-
-* REMEMBER TO FILL the jenkinsfile environment section with your values. The following field should be properly filled: imagename, git_url
-* REMEMBER TO PUT your Dockerfile in the root folder of your new project
-
-* You can find the related jenkinsjob template here: https://jenkins.d4science.org/job/Pipeline-Docker-Template/
diff --git a/rsession.conf b/rsession.conf
new file mode 100644
index 0000000..d76ebe1
--- /dev/null
+++ b/rsession.conf
@@ -0,0 +1,11 @@
+session-timeout-minutes=7200
+session-disconnected-timeout-minutes=1440
+session-quit-child-processes-on-exit=1
+session-default-working-dir=~
+session-default-new-project-dir=~
+session-save-action-default=no
+allow-shell=1
+allow-terminal-websockets=0
+limit-cpu-time-minutes=0
+limit-file-upload-size-mb=0
+limit-xfs-disk-quota=no