Cleanup execution environment across wrappers and entrypoints

microk8s-resources/actions/common/utils.sh

@@ -89,35 +89,14 @@ remove_vxlan_interfaces() {
 }
 
 run_with_sudo() {
-  # As we call the sudo binary of the host we have to make sure we do not change the LD_LIBRARY_PATH used
-  if (is_strict)
-  then
-    if [ "$1" == "preserve_env" ]
-    then
-      shift
-    fi
+  if [ "$1" == "preserve_env" ]; then
+    shift
+  fi
+  if (is_strict); then
     "$@"
   else
-    if [ -n "${LD_LIBRARY_PATH-}" ]
-    then
-      GLOBAL_LD_LIBRARY_PATH="$LD_LIBRARY_PATH"
-      local LD_LIBRARY_PATH=""
-      if [ "$1" == "preserve_env" ]
-      then
-        shift
-        sudo -E LD_LIBRARY_PATH="$GLOBAL_LD_LIBRARY_PATH" "$@"
-      else
-        sudo LD_LIBRARY_PATH="$GLOBAL_LD_LIBRARY_PATH" "$@"
-      fi
-    else
-      if [ "$1" == "preserve_env" ]
-      then
-        shift
-        sudo -E "$@"
-      else
-        sudo "$@"
-      fi
-    fi
+    local SAVE_LD_LIBRARY_PATH="${LD_LIBRARY_PATH}"
+    LD_LIBRARY_PATH="" sudo -E PATH="${PATH}" LD_LIBRARY_PATH="${SAVE_LD_LIBRARY_PATH}" PYTHONPATH="${PYTHONPATH:-}" "$@"
   fi
 }
 
@@ -1152,30 +1131,6 @@ sign_certificate() {
   echo "$csr" | ${SNAP}/usr/bin/openssl x509 -req -sha256 -CA "${SNAP_DATA}/certs/ca.crt" -CAkey "${SNAP_DATA}/certs/ca.key" -CAcreateserial -days 3650 -extfile <(echo "${extensions}")
 }
 
-# check if this file is run with arguments
-if [[ "$0" == "${BASH_SOURCE}" ]] &&
-   [[ ! -z "$1" ]]
-then
-  # call help
-  if echo "$*" | $SNAP/bin/grep -q -- 'help'; then
-    echo "usage: $0 [function]"
-    echo ""
-    echo "Run a utility function and return the output."
-    echo ""
-    echo "available functions:"
-    declare -F | gawk '{print "- "$3}'
-    exit 0
-  fi
-
-  if declare -F "$1" > /dev/null
-  then
-    $1 ${@:2}
-    exit $?
-  else
-    echo "Function does not exist: $1" >&2
-    exit 1
-  fi
-fi
 
 exit_if_low_memory_guard() {
   if [ -e ${SNAP_DATA}/var/lock/low-memory-guard.lock ]
@@ -1385,3 +1340,56 @@ increase_sysctl_parameter() {
     fi
   fi
 }
+
+use_snap_env() {
+  # Configure snap paths for PATH LD_LIBRARY_PATH
+  export PATH="$SNAP/bin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/usr/sbin:$PATH"
+  export LD_LIBRARY_PATH="$SNAP_LIBRARY_PATH:$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$SNAPCRAFT_ARCH_TRIPLET:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/ceph:${LD_LIBRARY_PATH:-}"
+  export OPENSSL_CONF="$SNAP/etc/ssl/openssl.cnf"
+
+  # Python configuration
+  export PYTHONPATH="$SNAP/usr/lib/python3.8:$SNAP/lib/python3.8/site-packages:$SNAP/usr/lib/python3/dist-packages"
+  export PYTHONNOUSERSITE=false
+
+  # NOTE(neoaggelos/2023-08-14):
+  # we cannot list system locales from snap. instead, we attempt
+  # well-known locales for Ubuntu/Debian/CentOS and check whether
+  # they are available on the system.
+  # if they are, set them for the current shell.
+  for locale in C.UTF-8 en_US.UTF-8 en_US.utf8; do
+    if [ -z "$(export LC_ALL=$locale 2>&1)" ]; then
+      export LC_ALL="${LC_ALL:-$locale}"
+      export LANG="${LC_ALL:-$locale}"
+      break
+    fi
+  done
+
+  # Configure XDG_RUNTIME_DIR
+  export XDG_RUNTIME_DIR="${SNAP_COMMON}/run"
+  mkdir -p "${XDG_RUNTIME_DIR}"
+}
+
+# check if this file is run with arguments
+if [[ "$0" == "${BASH_SOURCE}" ]] &&
+   [[ ! -z "$1" ]]
+then
+  # call help
+  if echo "$*" | grep -q -- 'help'; then
+    echo "usage: $0 [function]"
+    echo ""
+    echo "Run a utility function and return the output."
+    echo ""
+    echo "available functions:"
+    declare -F | gawk '{print "- "$3}'
+    exit 0
+  fi
+
+  if declare -F "$1" > /dev/null
+  then
+    $1 ${@:2}
+    exit $?
+  else
+    echo "Function does not exist: $1" >&2
+    exit 1
+  fi
+fi

microk8s-resources/default-hooks/reconcile.d/90-calico-apply

@@ -1,7 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 . "${SNAP}/actions/common/utils.sh"
 
+use_snap_env
+
 KUBECTL="${SNAP}/microk8s-kubectl.wrapper"
 
 if [ -e "${SNAP_DATA}/args/cni-network/cni.yaml" ] &&

microk8s-resources/wrappers/apiservice-kicker

@@ -1,16 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-ARCH="$($SNAP/bin/uname -m)"
-export LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export LD_LIBRARY_PATH=$SNAP_LIBRARY_PATH:$LD_LIBRARY_PATH
-export LC_ALL="${LC_ALL:-C.UTF-8}"
-export LANG="${LANG:-C.UTF-8}"
-
 source $SNAP/actions/common/utils.sh
 
+use_snap_env
+
 if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
 then
   echo "api service kicker will not run on a cluster node"

microk8s-resources/wrappers/git.wrapper

@@ -1,6 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+. $SNAP/actions/common/utils.sh
+
+use_snap_env
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
 export GIT_EXEC_PATH="$SNAP/usr/lib/git-core"
 export GIT_TEMPLATE_DIR="$SNAP/usr/share/git-core/templates"
 export GIT_CONFIG_NOSYSTEM=1

microk8s-resources/wrappers/microk8s-add-node.wrapper

@@ -1,15 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-ARCH="$($SNAP/bin/uname -m)"
-export LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export PYTHONNOUSERSITE=false
-
 source $SNAP/actions/common/utils.sh
 
+use_snap_env
+
 if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
 then
   echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s add-node on the master."
@@ -18,7 +14,7 @@ fi
 
 if echo "$*" | grep -q -- 'help'; then
   # Call add_token.py help
-  LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py --help
+  ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py --help
   exit 0
 fi
 
@@ -55,4 +51,4 @@ then
 fi
 
 # Use python's built-in (3.6+) secrets generator to produce the token.
-LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py "${@}"
+${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py "${@}"

microk8s-resources/wrappers/microk8s-addons.wrapper

@@ -1,17 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
 source $SNAP/actions/common/utils.sh
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-
-ARCH="$($SNAP/bin/uname -m)"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export PYTHONNOUSERSITE=false
-export LC_ALL="${LC_ALL:-C.UTF-8}"
-export LANG="${LANG:-C.UTF-8}"
+use_snap_env
 
 exit_if_no_permissions
 
-LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/addons.py "${@}"
+${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/addons.py "${@}"

microk8s-resources/wrappers/microk8s-config.wrapper

@@ -1,11 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-
 source $SNAP/actions/common/utils.sh
 
+use_snap_env
+
 if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
 then
   echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s config on the master."

microk8s-resources/wrappers/microk8s-ctr.wrapper

@@ -1,27 +1,25 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-ARCH="$($SNAP/bin/uname -m)"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-
 source $SNAP/actions/common/utils.sh
 
-SNAPSHOTTER=$(snapshotter)
+use_snap_env
 
 exit_if_no_permissions
 
+export CONTAINERD_SNAPSHOTTER=$(snapshotter)
+
 if ! [ -e $SNAP_DATA/args/ctr ]
 then
   echo "Arguments file $SNAP_DATA/args/ctr is missing."
   exit 1
+fi
+
+declare -a args="($(cat $SNAP_DATA/args/ctr))"
+if is_strict
+then
+  "${SNAP}/bin/ctr" "${args[@]}" "$@"
 else
-  declare -a args="($(cat $SNAP_DATA/args/ctr))"
-  if is_strict
-  then
-    LD_LIBRARY_PATH="$IN_SNAP_LD_LIBRARY_PATH" CONTAINERD_SNAPSHOTTER="$SNAPSHOTTER" "${SNAP}/bin/ctr" "${args[@]}" "$@"
-  else
-    sudo -E LD_LIBRARY_PATH="$IN_SNAP_LD_LIBRARY_PATH" CONTAINERD_SNAPSHOTTER="$SNAPSHOTTER" "${SNAP}/bin/ctr" "${args[@]}" "$@"
-  fi
+  sudo -E "${SNAP}/bin/ctr" "${args[@]}" "$@"
 fi

microk8s-resources/wrappers/microk8s-dashboard-proxy.wrapper

@@ -1,16 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -eu
 
-ARCH="$($SNAP/bin/uname -m)"
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export PYTHONNOUSERSITE=false
 source $SNAP/actions/common/utils.sh
 
-export LC_ALL="${LC_ALL:-C.UTF-8}"
-export LANG="${LANG:-C.UTF-8}"
+use_snap_env
 
 exit_if_not_root
 exit_if_no_permissions
 
-LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH  ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dashboard_proxy.py
+${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dashboard_proxy.py

microk8s-resources/wrappers/microk8s-dbctl.wrapper

@@ -1,16 +1,13 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-ARCH="$($SNAP/bin/uname -m)"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export PYTHONNOUSERSITE=false
-
 source $SNAP/actions/common/utils.sh
 
+use_snap_env
+
 exit_if_not_root
 
 exit_if_no_permissions
 
-LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dbctl.py "${@}"
+${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dbctl.py "${@}"

microk8s-resources/wrappers/microk8s-disable.wrapper

@@ -1,16 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-ARCH="$($SNAP/bin/uname -m)"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export PYTHONNOUSERSITE=false
-export LC_ALL="${LC_ALL:-C.UTF-8}"
-export LANG="${LANG:-C.UTF-8}"
-
 source $SNAP/actions/common/utils.sh
 
+use_snap_env
+
 # avoid AppArmor denial in strict mode when running under sudo without -H
 
 if is_strict
@@ -22,4 +17,4 @@ exit_if_not_root
 
 exit_if_no_permissions
 
-LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/disable.py "${@}"
+${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/disable.py "${@}"

microk8s-resources/wrappers/microk8s-enable.wrapper

@@ -1,18 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -eu
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
-ARCH="$($SNAP/bin/uname -m)"
-export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
-export PYTHONNOUSERSITE=false
-export LC_ALL="${LC_ALL:-C.UTF-8}"
-export LANG="${LANG:-C.UTF-8}"
-
 source $SNAP/actions/common/utils.sh
 
-# avoid AppArmor denial in strict mode when running under sudo without -H
+use_snap_env
 
+# avoid AppArmor denial in strict mode when running under sudo without -H
 if is_strict
 then
   cd "$SNAP"
@@ -22,4 +16,4 @@ exit_if_not_root
 
 exit_if_no_permissions
 
-LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/enable.py "${@}"
+${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/enable.py "${@}"

microk8s-resources/wrappers/microk8s-helm.wrapper

@@ -1,8 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
 source $SNAP/actions/common/utils.sh
 
+use_snap_env
+
 if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
 then
   echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s helm on the master."