Improve entrypoint to ensure fresh startup and termination works

Tehsmash · Sam Betts · commit 85ab5a7884db · 2023-05-02T16:02:00.000+01:00
Add signal trap's to the script to ensure that the container
doesn't hang on either SIGINT or SIGTERM.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -2,13 +2,66 @@
 
 set -euo pipefail
 
-# Run update once and then start cron in the background which will run the
-# updater script periodically
-(/update.sh; crond -f) &
+cronPid=0
+serverPid=0
+firstUpdatePid=0
 
-# Start go-exploitdb server
+# gracefully handlei SIGINT and SIGTERM
+term_handler() {
+    set +e
+    echo "Terminating..."
+
+    if [ $firstUpdatePid -ne 0 ]; then
+        echo "Ending firstUpdate..."
+        kill -SIGTERM "$firstUpdatePid"
+        wait $firstUpdatePid
+        echo "firstUpdate ended."
+    fi
+
+    if [ $cronPid -ne 0 ]; then
+        echo "Ending cron..."
+        kill -SIGTERM "$cronPid"
+        wait $cronPid
+        echo "Cron ended."
+    fi
+
+    if [ $serverPid -ne 0 ]; then
+        echo "Ending server..."
+        kill -SIGTERM "$serverPid"
+        wait $serverPid
+        echo "Server ended."
+    fi
+
+    exit 143
+}
+
+trap 'term_handler' SIGTERM
+trap 'term_handler' SIGINT
+
+# Start go-exploitdb server listening and setup/migrate exploit db file
+echo "Starting server listening on 0.0.0.0:1326..."
 go-exploitdb server --bind 0.0.0.0 --dbpath /vuls/go-exploitdb.sqlite3 &
+serverPid=$!
+
+# Wait until the server is up and running healthy and can respond to a query
+# before starting the updater to avoid migration conflicts between the server
+# command and the updating commands.
+# TODO(sambetts) use curl here if we can get it installed in the container
+sleep 5
+
+# Run update once on container start to ensure we're up to date.
+/update.sh &
+firstUpdatePid=$!
+wait $firstUpdatePid
+firstUpdatePid=0
+
+# Start cron in the background which will run the updater script periodically,
+echo "Starting periodic updates..."
+crond -f &
+cronPid=$!
 
-wait -n
+# Wait on Server PID to complete, if it ends then terminate
+wait $serverPid
 
-exit $?
+# Clean up everything
+term_handler
diff --git a/update.sh b/update.sh
@@ -1,6 +1,15 @@
 #!/bin/sh
 
+set -euo pipefail
+
+echo "Updating from awesomepoc..."
 go-exploitdb --dbpath /vuls/go-exploitdb.sqlite3 fetch awesomepoc
+
+echo "Updating from exploitdb..."
 go-exploitdb --dbpath /vuls/go-exploitdb.sqlite3 fetch exploitdb
+
+echo "Updating from githubrepos..."
 go-exploitdb --dbpath /vuls/go-exploitdb.sqlite3 fetch githubrepos
+
+echo "Updating from inthewild..."
 go-exploitdb --dbpath /vuls/go-exploitdb.sqlite3 fetch inthewild
