Merge pull request #132 from linuxserver/focal-s6v3

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15 as rootfs-stage
+FROM alpine:3.16 as rootfs-stage
 
 # environment
 ENV REL=focal
@@ -8,8 +8,6 @@ RUN \
   apk add --no-cache \
     bash \
     curl \
-    patch \
-    tar \
     tzdata \
     xz
 
@@ -21,7 +19,9 @@ RUN \
     https://partner-images.canonical.com/core/${REL}/current/ubuntu-${REL}-core-cloudimg-${ARCH}-root.tar.gz && \
   tar xf \
     /rootfs.tar.gz -C \
-    /root-out
+    /root-out && \
+  rm -rf \
+    /root-out/var/log/*
 
 # set version for s6 overlay
 ARG S6_OVERLAY_VERSION="3.1.2.1"
@@ -39,28 +39,26 @@ RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
 RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
 
-# copy ci-checks
-COPY ci-check/ /root-out/package/admin/s6-overlay-${S6_OVERLAY_VERSION}/etc/s6-rc/sources/top/contents.d
-
-# patch cont-init for docker-mods
-COPY patch/ /tmp/patch
-RUN  patch -u /root-out/package/admin/s6-overlay-${S6_OVERLAY_VERSION}/etc/s6-linux-init/skel/rc.init -i /tmp/patch/package/admin/s6-overlay-@VERSION@/etc/s6-linux-init/skel/rc.init.patch
-
 # Runtime stage
 FROM scratch
 COPY --from=rootfs-stage /root-out/ /
 ARG BUILD_DATE
 ARG VERSION
+ARG MODS_VERSION="v3"
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="TheLamer"
 
+ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods"
+
 # set environment variables
 ARG DEBIAN_FRONTEND="noninteractive"
 ENV HOME="/root" \
 LANGUAGE="en_US.UTF-8" \
 LANG="en_US.UTF-8" \
 TERM="xterm" \
-S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0"
+S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
+S6_VERBOSITY=1 \
+S6_STAGE2_HOOK=/docker-mods
 
 # copy sources
 COPY sources.list /etc/apt/
@@ -107,6 +105,8 @@ RUN \
   apt-get install -y \
     curl \
     gnupg \
+    jq \
+    netcat \
     tzdata && \
   echo "**** generate locale ****" && \
   locale-gen en_US.UTF-8 && \
@@ -123,7 +123,8 @@ RUN \
   rm -rf \
     /tmp/* \
     /var/lib/apt/lists/* \
-    /var/tmp/*
+    /var/tmp/* \
+    /var/log/*
 
 # add local files
 COPY root/ /

Dockerfile.aarch64

@@ -1,4 +1,4 @@
-FROM alpine:3.15 as rootfs-stage
+FROM alpine:3.16 as rootfs-stage
 
 # environment
 ENV REL=focal
@@ -8,8 +8,6 @@ RUN \
   apk add --no-cache \
     bash \
     curl \
-    patch \
-    tar \
     tzdata \
     xz
 
@@ -21,7 +19,9 @@ RUN \
     https://partner-images.canonical.com/core/${REL}/current/ubuntu-${REL}-core-cloudimg-${ARCH}-root.tar.gz && \
   tar xf \
     /rootfs.tar.gz -C \
-    /root-out
+    /root-out && \
+  rm -rf \
+    /root-out/var/log/*
 
 # set version for s6 overlay
 ARG S6_OVERLAY_VERSION="3.1.2.1"
@@ -39,28 +39,26 @@ RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
 RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
 
-# copy ci-checks
-COPY ci-check/ /root-out/package/admin/s6-overlay-${S6_OVERLAY_VERSION}/etc/s6-rc/sources/top/contents.d
-
-# patch cont-init for docker-mods
-COPY patch/ /tmp/patch
-RUN  patch -u /root-out/package/admin/s6-overlay-${S6_OVERLAY_VERSION}/etc/s6-linux-init/skel/rc.init -i /tmp/patch/package/admin/s6-overlay-@VERSION@/etc/s6-linux-init/skel/rc.init.patch
-
 # Runtime stage
 FROM scratch
 COPY --from=rootfs-stage /root-out/ /
 ARG BUILD_DATE
 ARG VERSION
+ARG MODS_VERSION="v3"
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="TheLamer"
 
+ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods"
+
 # set environment variables
 ARG DEBIAN_FRONTEND="noninteractive"
 ENV HOME="/root" \
 LANGUAGE="en_US.UTF-8" \
 LANG="en_US.UTF-8" \
 TERM="xterm" \
-S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0"
+S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
+S6_VERBOSITY=1 \
+S6_STAGE2_HOOK=/docker-mods
 
 # copy sources
 COPY sources.list.arm /etc/apt/sources.list
@@ -107,6 +105,8 @@ RUN \
   apt-get install -y \
     curl \
     gnupg \
+    jq \
+    netcat \
     tzdata && \
   echo "**** generate locale ****" && \
   locale-gen en_US.UTF-8 && \
@@ -128,7 +128,8 @@ RUN \
   rm -rf \
     /tmp/* \
     /var/lib/apt/lists/* \
-    /var/tmp/*
+    /var/tmp/* \
+    /var/log/*
 
 # add local files
 COPY root/ /

Dockerfile.armhf

@@ -1,4 +1,4 @@
-FROM alpine:3.15 as rootfs-stage
+FROM alpine:3.16 as rootfs-stage
 
 # environment
 ENV REL=focal
@@ -8,8 +8,6 @@ RUN \
   apk add --no-cache \
     bash \
     curl \
-    patch \
-    tar \
     tzdata \
     xz
 
@@ -21,7 +19,9 @@ RUN \
     https://partner-images.canonical.com/core/${REL}/current/ubuntu-${REL}-core-cloudimg-${ARCH}-root.tar.gz && \
   tar xf \
     /rootfs.tar.gz -C \
-    /root-out
+    /root-out && \
+  rm -rf \
+    /root-out/var/log/*
 
 # set version for s6 overlay
 ARG S6_OVERLAY_VERSION="3.1.2.1"
@@ -39,28 +39,26 @@ RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
 ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
 RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
 
-# copy ci-checks
-COPY ci-check/ /root-out/package/admin/s6-overlay-${S6_OVERLAY_VERSION}/etc/s6-rc/sources/top/contents.d
-
-# patch cont-init for docker-mods
-COPY patch/ /tmp/patch
-RUN  patch -u /root-out/package/admin/s6-overlay-${S6_OVERLAY_VERSION}/etc/s6-linux-init/skel/rc.init -i /tmp/patch/package/admin/s6-overlay-@VERSION@/etc/s6-linux-init/skel/rc.init.patch
-
 # Runtime stage
 FROM scratch
 COPY --from=rootfs-stage /root-out/ /
 ARG BUILD_DATE
 ARG VERSION
+ARG MODS_VERSION="v3"
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="TheLamer"
 
+ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods"
+
 # set environment variables
 ARG DEBIAN_FRONTEND="noninteractive"
 ENV HOME="/root" \
 LANGUAGE="en_US.UTF-8" \
 LANG="en_US.UTF-8" \
 TERM="xterm" \
-S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0"
+S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
+S6_VERBOSITY=1 \
+S6_STAGE2_HOOK=/docker-mods
 
 # copy sources
 COPY sources.list.arm /etc/apt/sources.list
@@ -107,6 +105,8 @@ RUN \
   apt-get install -y \
     curl \
     gnupg \
+    jq \
+    netcat \
     tzdata && \
   echo "**** generate locale ****" && \
   locale-gen en_US.UTF-8 && \
@@ -128,7 +128,8 @@ RUN \
   rm -rf \
     /tmp/* \
     /var/lib/apt/lists/* \
-    /var/tmp/*
+    /var/tmp/* \
+    /var/log/*
 
 # add local files
 COPY root/ /

patch/package/admin/s6-overlay-@VERSION@/etc/s6-linux-init/skel/rc.init.patch

@@ -1,11 +0,0 @@
---- rc.init	2022-05-20 17:41:11.195721000 -0500
-+++ rc.init.patched	2022-05-20 17:41:37.646586700 -0500
-@@ -6,6 +6,8 @@
-   s6-chmod 0755 /run/s6/container_environment
- fi
- 
-+/docker-mods
-+
- if profile=`printcontenv S6_RUNTIME_PROFILE` ; then
-   etc="/etc/cont-profile.d/$profile"
- else

root/docker-mods

@@ -1,207 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-# Set executable bit on cont-init and services built into the image
-set_legacy_executable_bits() {
-    mkdir -p /etc/{cont-init.d,services.d}
-    chmod +x \
-        /etc/cont-init.d/* \
-        /etc/services.d/*/* 2>/dev/null || true
-}
-
-tamper_check() {
-    #Tamper check custom service locations
-    if [[ -d "${SERVICES_DIR}" ]] && [[ -n "$(find ${SERVICES_DIR}/* ! -user root 2>/dev/null)" ]]; then
-        echo "[custom-init] **** Some of the contents of the folder '${SERVICES_DIR}' are not owned by root, which is a security risk. ****"
-        echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
-    elif [[ -d "${SERVICES_DIR}" ]] && [[ -n "$(find ${SERVICES_DIR}/* -perm -o+w 2>/dev/null)" ]]; then
-        echo "[custom-init] **** Some of the contents of the folder '${SERVICES_DIR}' have write permissions for others, which is a security risk. ****"
-        echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
-    fi
-    #Tamper check custom script locations
-    if [[ -d "${SCRIPTS_DIR}" ]] && [[ -n "$(find ${SCRIPTS_DIR}/* ! -user root 2>/dev/null)" ]]; then
-        echo "[custom-init] **** Some of the contents of the folder '${SCRIPTS_DIR}' are not owned by root, which is a security risk. ****"
-        echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
-    elif [[ -d "${SCRIPTS_DIR}" ]] && [[ -n "$(find ${SCRIPTS_DIR}/* -perm -o+w 2>/dev/null)" ]]; then
-        echo "[custom-init] **** Some of the contents of the folder '${SCRIPTS_DIR}' have write permissions for others, which is a security risk. ****"
-        echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
-    fi
-}
-
-process_custom_services() {
-    # Remove all existing custom services before continuing to ensure
-    # we aren't running anything the user may have removed
-    if [[ -n "$(/bin/ls -A /etc/s6-overlay/s6-rc.d/custom-svc-* 2>/dev/null)" ]]; then
-        echo "[custom-init] removing existing custom services..."
-        rm -rf /etc/s6-overlay/s6-rc.d/custom-svc-*
-        rm /etc/s6-overlay/s6-rc.d/user/contents.d/custom-svc-*
-    fi
-
-    # Make sure custom service directory exists and has files in it
-    if [[ -e "${SERVICES_DIR}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]]; then
-        echo "[custom-init] Service files found in ${SERVICES_DIR}"
-        for SERVICE in "${SERVICES_DIR}"/*; do
-            NAME="$(basename "${SERVICE}")"
-            if [[ -f "${SERVICE}" ]]; then
-                echo "[custom-init] ${NAME}: service detected, copying..."
-                mkdir -p /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/dependencies.d/
-                cp "${SERVICE}" /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run
-                chmod +x /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run
-                echo "longrun" >/etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/type
-                touch /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/dependencies.d/init-services
-                touch /etc/s6-overlay/s6-rc.d/user/contents.d/custom-svc-"${NAME}"
-                echo "[custom-init] ${NAME}: copied"
-            elif [[ ! -f "${SERVICE}" ]]; then
-                echo "[custom-init] ${NAME}: is not a file"
-            fi
-        done
-    else
-        echo "[custom-init] No custom services found, skipping..."
-    fi
-}
-
-# Check for curl
-curl_check() {
-    if [[ ! -f /usr/bin/curl ]] || [[ ! -f /usr/bin/jq ]]; then
-        echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing"
-        if [[ -f /usr/bin/apt ]]; then
-            ## Ubuntu
-            export DEBIAN_FRONTEND="noninteractive"
-            apt-get update
-            apt-get install --no-install-recommends -y \
-                curl \
-                jq
-        elif [[ -f /sbin/apk ]]; then
-            # Alpine
-            apk add --no-cache \
-                curl \
-                jq
-        fi
-    fi
-}
-
-# Use different filtering depending on URL
-get_blob_sha() {
-    if [[ $1 == "ghcr" ]]; then
-        curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
-            --silent \
-            --location \
-            --request GET \
-            --header "Authorization: Bearer $2" \
-            "$3" | jq -r '.layers[0].digest'
-    else
-        curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
-            --silent \
-            --location \
-            --request GET \
-            --header "Authorization: Bearer $2" \
-            "$3" | jq -r '.fsLayers[0].blobSum'
-    fi
-}
-
-# Main run logic
-run_mods() {
-    echo "[mod-init] Attempting to run Docker Modification Logic"
-    for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do
-        # Support alternative endpoints
-        if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then
-            DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}"
-            ENDPOINT="${DOCKER_MOD%%:*}"
-            USERNAME="${DOCKER_MOD%%/*}"
-            REPO="${ENDPOINT#*/}"
-            TAG="${DOCKER_MOD#*:}"
-            if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
-                TAG="latest"
-            fi
-            FILENAME="${USERNAME}.${REPO}.${TAG}"
-            AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull"
-            MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests/${TAG}"
-            BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/"
-            MODE="ghcr"
-        else
-            ENDPOINT="${DOCKER_MOD%%:*}"
-            USERNAME="${DOCKER_MOD%%/*}"
-            REPO="${ENDPOINT#*/}"
-            TAG="${DOCKER_MOD#*:}"
-            if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
-                TAG="latest"
-            fi
-            FILENAME="${USERNAME}.${REPO}.${TAG}"
-            AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
-            MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests/${TAG}"
-            BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/"
-            MODE="dockerhub"
-        fi
-        # Kill off modification logic if any of the usernames are banned
-        for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do
-            if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then
-                if [[ -z ${RUN_BANNED_MODS+x} ]]; then
-                    echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic"
-                    return
-                else
-                    echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied"
-                fi
-            fi
-        done
-        echo "[mod-init] Applying ${DOCKER_MOD} files to container"
-        # Get Dockerhub token for api operations
-        TOKEN="$(
-            curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
-                --silent \
-                --header 'GET' \
-                "${AUTH_URL}" |
-                jq -r '.token'
-        )"
-        # Determine first and only layer of image
-        SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}")
-        # Check if we have allready applied this layer
-        if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then
-            echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping"
-        else
-            # Download and extract layer to /
-            curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
-                --silent \
-                --location \
-                --request GET \
-                --header "Authorization: Bearer ${TOKEN}" \
-                "${BLOB_URL}${SHALAYER}" -o \
-                /modtarball.tar.xz
-            mkdir -p /tmp/mod
-            tar xzf /modtarball.tar.xz -C /tmp/mod
-            if [[ -d /tmp/mod/etc/s6-overlay ]]; then
-                if [[ -d /tmp/mod/etc/cont-init.d ]]; then
-                    rm -rf /tmp/mod/etc/cont-init.d
-                fi
-                if [[ -d /tmp/mod/etc/services.d ]]; then
-                    rm -rf /tmp/mod/etc/services.d
-                fi
-            fi
-            shopt -s dotglob
-            cp -R /tmp/mod/* /
-            shopt -u dotglob
-            rm -rf /tmp/mod
-            rm -rf /modtarball.tar.xz
-            echo "${SHALAYER}" >"/${FILENAME}"
-            echo "[mod-init] ${DOCKER_MOD} applied to container"
-        fi
-    done
-}
-
-# Main script loop
-
-SCRIPTS_DIR="/custom-cont-init.d"
-SERVICES_DIR="/custom-services.d"
-
-if [ -d "/custom-cont-init.d" ] || [ -d "/custom-services.d" ]; then
-    tamper_check
-    process_custom_services
-fi
-
-# Run mod logic
-if [[ -n "${DOCKER_MODS+x}" ]]; then
-    curl_check
-    run_mods
-fi
-
-# Set executable bit on legacy cont-init and services built into the image and anything legacy unpacked by mods
-set_legacy_executable_bits

root/etc/cont-init.d/01-envfile

@@ -1,16 +0,0 @@
-#! /bin/bash
-
-if [[ "$(ls /var/run/s6/container_environment/ | xargs)" == *"FILE__"* ]]; then
-  for FILENAME in /var/run/s6/container_environment/*; do
-    if [[ "${FILENAME##*/}" == "FILE__"* ]]; then
-      SECRETFILE=$(cat ${FILENAME})
-      if [[ -f ${SECRETFILE} ]]; then
-        FILESTRIP=${FILENAME//FILE__/}
-        cat ${SECRETFILE} > ${FILESTRIP}
-        echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
-      else
-        echo "[env-init] cannot find secret in ${FILENAME##*/}"
-      fi
-    fi
-  done
-fi

root/etc/s6-overlay/s6-rc.d/init-adduser/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 PUID=${PUID:-911}
 PGID=${PGID:-911}
@@ -37,7 +38,7 @@ User gid:    $(id -g abc)
 time32="$(date +%Y)"
 
 if [[ "${time32}" == "1970" || "${time32}" == "1969" ]] && [ "$(uname -m)" == "armv7l" ]; then
-  echo '
+    echo '
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 Your DockerHost is running an outdated version of libseccomp
@@ -48,7 +49,7 @@ Apps will not behave correctly without this
 
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 '
-sleep infinity
+    sleep infinity
 fi
 
 chown abc:abc /app

root/etc/s6-overlay/s6-rc.d/init-adduser/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-adduser/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-adduser/run

root/etc/s6-overlay/s6-rc.d/init-config-end/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-config-end/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the end of the downstream image init process

root/etc/s6-overlay/s6-rc.d/init-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-config/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the start of the downstream image init process

root/etc/s6-overlay/s6-rc.d/init-custom-files/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-custom-files/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-custom-files/run

root/etc/s6-overlay/s6-rc.d/init-envfile/run

@@ -0,0 +1,17 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+if find /run/s6/container_environment/*"FILE__"* -maxdepth 1 > /dev/null 2>&1; then
+    for FILENAME in /run/s6/container_environment/*; do
+        if [[ "${FILENAME##*/}" == "FILE__"* ]]; then
+            SECRETFILE=$(cat "${FILENAME}")
+            if [[ -f ${SECRETFILE} ]]; then
+                FILESTRIP=${FILENAME//FILE__/}
+                cat "${SECRETFILE}" >"${FILESTRIP}"
+                echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
+            else
+                echo "[env-init] cannot find secret in ${FILENAME##*/}"
+            fi
+        fi
+    done
+fi

root/etc/s6-overlay/s6-rc.d/init-envfile/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-envfile/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-envfile/run

root/etc/s6-overlay/s6-rc.d/init-migrations/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-migrations/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-migrations/run

root/etc/s6-overlay/s6-rc.d/init-mods-package-install/run

@@ -4,7 +4,7 @@
 if [[ -f "/mod-repo-packages-to-install.list" ]]; then
     IFS=' ' read -ra REPO_PACKAGES <<< "$(tr '\n' ' ' < /mod-repo-packages-to-install.list)"
     if [[ ${#REPO_PACKAGES[@]} -ne 0 ]] && [[ ${REPO_PACKAGES[*]} != "" ]]; then
-        echo "**** Installing all mod packages ****"
+        echo "[mod-init] **** Installing all mod packages ****"
         if [[ -f /usr/bin/apt ]]; then
             export DEBIAN_FRONTEND="noninteractive"
             apt-get update
@@ -20,7 +20,7 @@ fi
 if [[ -f "/mod-pip-packages-to-install.list" ]]; then
     IFS=' ' read -ra PIP_PACKAGES <<< "$(tr '\n' ' ' < /mod-pip-packages-to-install.list)"
     if [[ ${#PIP_PACKAGES[@]} -ne 0 ]] && [[ ${PIP_PACKAGES[*]} != "" ]]; then
-        echo "**** Installing all pip packages ****"
+        echo "[mod-init] **** Installing all pip packages ****"
         python3 -m pip install -U pip wheel setuptools
         PIP_ARGS=()
         if [[ -f /usr/bin/apt ]]; then

root/etc/s6-overlay/s6-rc.d/init-os-end/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-os-end/up

@@ -0,0 +1 @@
+# This file doesn't do anything, it's just the end of the mod init process

root/etc/s6-overlay/s6-rc.d/init-services/up

@@ -1 +1 @@
-# This file doesn't do anything, it's just the start of the service init process
+# This file doesn't do anything, it just signals that services can start

root/usr/bin/with-contenv

@@ -1,9 +1,9 @@
-#! /bin/bash
+#!/bin/bash
 
-if [[ -f /var/run/s6/container_environment/UMASK ]] && \
-    { [[ "$(pwdx $$)" =~ "/run/s6/legacy-services/" ]] || \
-    [[ "$(pwdx $$)" =~ "/run/s6/services/" ]] || \
-    [[ "$(pwdx $$)" =~ "/servicedirs/svc-" ]]; }; then
-    umask $(cat /var/run/s6/container_environment/UMASK)
+if [[ -f /run/s6/container_environment/UMASK ]] &&
+    { [[ "$(pwdx $$)" =~ "/run/s6/legacy-services/" ]] ||
+        [[ "$(pwdx $$)" =~ "/run/s6/services/" ]] ||
+        [[ "$(pwdx $$)" =~ "/servicedirs/svc-" ]]; }; then
+    umask "$(cat /run/s6/container_environment/UMASK)"
 fi
 exec /command/with-contenv "$@"