Skip to content

Fix issue with SIGINT failing to stop analyzer

Oscar Tovar requested to merge otovar/make-analyzer-wrapper-pid-1 into master

What does this MR do?

The analyzer in gemnasium-maven is run using a wrapper script. This wrapper script ensures that we have the functionality needed to switch between Java runtimes correctly. When the wrapper runs, it is assigned PID 1 as is the norm by the Docker container, and spawns a separate child process for the analyzer binary. For Docker, this causes issues because it sends the SIGINT and SIGTERM signals to PID 1, which leaves the child processes in a zombie state, and the container running (you can force close it with a SIGKILL using docker stop, but it takes time and it's possible that a contributor might not know this).

The PID 1 issue is documented in the Dockerfile reference, which also has a solution - use exec to have the child process assume the PID of the parent, i.e. it becomes PID 1. There are other tools that can be used like tini, dumb-init, runit, and s6, but exec is a builtin for Bash, and is the boring solution, which is why the wrapper now executes using it.

TODO: Create a lint rule that enforces exec for the last command in a wrapper script.

For more info about the Docker ENTRYPOINT and CMD usage see https://docs.docker.com/engine/reference/builder/#entrypoint

What are the relevant issue numbers?

None, I discovered this locally and made the change.

Does this MR meet the acceptance criteria?

Merge request reports

Loading