Unable to source initdb.d shell script

[lacek]

• OS: macOS 12.2.1 (on M1 Pro)
• Docker: Docker Desktop 5.8.2 (79419)
• docker-compose.yml:

  version: '3.4'
  services:
    db:
      image: mysql:8.0.29
      platform: linux/amd64
      container_name: mysql_test
      environment:
        - MYSQL_ROOT_PASSWORD=root
      hostname: db
      cap_add:
        - SYS_NICE
      volumes:
        - ./init:/docker-entrypoint-initdb.d
        - ./runtime:/var/lib/mysql

• init/init.sh (file mode 644):

  #!/bin/bash
  
  echo "SOCKET=$SOCKET"

Spin up the container with docker-compose up, and it stops with error as below:

2022-06-03 02:37:19+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.29-1debian10 started.
2022-06-03 02:37:20+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-06-03 02:37:20+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.29-1debian10 started.
2022-06-03 02:37:21+00:00 [Note] [Entrypoint]: Initializing database files
2022-06-03T02:37:21.689910Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.29) initializing of server in progress as process 99
2022-06-03T02:37:21.716775Z 0 [Warning] [MY-010159] [Server] Setting lower_case_table_names=2 because file system for /var/lib/mysql/ is case insensitive
2022-06-03T02:37:21.785976Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-06-03T02:37:21.819714Z 1 [ERROR] [MY-012585] [InnoDB] Linux Native AIO interface is not supported on this platform. Please check your OS documentation and install appropriate binary of InnoDB.
2022-06-03T02:37:21.820089Z 1 [Warning] [MY-012654] [InnoDB] Linux Native AIO disabled.
2022-06-03T02:37:26.494433Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2022-06-03T02:37:32.655054Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2022-06-03 02:37:41+00:00 [Note] [Entrypoint]: Database files initialized
2022-06-03 02:37:41+00:00 [Note] [Entrypoint]: Starting temporary server
2022-06-03T02:37:42.275933Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.29) starting as process 152
2022-06-03T02:37:42.309638Z 0 [Warning] [MY-010159] [Server] Setting lower_case_table_names=2 because file system for /var/lib/mysql/ is case insensitive
2022-06-03T02:37:42.428205Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-06-03T02:37:42.581391Z 1 [ERROR] [MY-012585] [InnoDB] Linux Native AIO interface is not supported on this platform. Please check your OS documentation and install appropriate binary of InnoDB.
2022-06-03T02:37:42.582990Z 1 [Warning] [MY-012654] [InnoDB] Linux Native AIO disabled.
2022-06-03T02:37:43.911062Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2022-06-03T02:37:45.858579Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2022-06-03T02:37:45.859648Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2022-06-03T02:37:45.870359Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2022-06-03T02:37:46.081428Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: /var/run/mysqld/mysqlx.sock
2022-06-03T02:37:46.082572Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.29'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  MySQL Community Server - GPL.
2022-06-03 02:37:46+00:00 [Note] [Entrypoint]: Temporary server started.
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.

2022-06-03 02:38:04+00:00 [Note] [Entrypoint]: /usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/init.sh
/usr/local/bin/docker-entrypoint.sh: /docker-entrypoint-initdb.d/init.sh: /bin/bash: bad interpreter: Permission denied

To check the file permission of the init.sh in a separate container:

% docker run -it --rm --platform linux/amd64 -v $PWD/init:/docker-entrypoint-initdb.d mysql:8.0.29 bash
# ls -l /docker-entrypoint-initdb.d/
total 4
-rw-r--r-- 1 root root 35 Jun  3 02:33 init.sh
# [ -x /docker-entrypoint-initdb.d/init.sh ] && echo yes || echo no
yes

Apparently the -x test doesn't work as expected, so the init.sh is being run instead of sourced at

mysql/8.0/docker-entrypoint.sh

Lines 67 to 73 in 275e982

	if [ -x "$f" ]; then
	mysql_note "$0: running $f"
	"$f"
	else
	mysql_note "$0: sourcing $f"
	. "$f"
	fi

I didn't encounter this error with Docker 20.10.14 on a Ubuntu 20.04.4.

At the moment, I have to workaround by making the init.sh executable instead, which involes:

• add executable permission to init.sh: chmod +x init/init.sh
• modify the script to source entrypoint.sh with setup as I am using functions like docker_process_sql in my actual script:

  #/bin/bash
  source /entrypoint.sh
  docker_setup_env mysqld
  mysql_socket_fix
  # do whatever to init

[xfxf]

Also having this issue on OS X, both with and without the exec bit set. Oddly did not have this issue on the same codebase yesterday on a WSL2 (Windows) machine.

[yosifkit]

# ls -l /docker-entrypoint-initdb.d/
total 4
-rw-r--r-- 1 root root 35 Jun  3 02:33 init.sh
# [ -x /docker-entrypoint-initdb.d/init.sh ] && echo yes || echo no
yes

-x should be giving the same answer as ls is showing (relative to the effective user/groups), so this definitely looks like a bug in Docker Desktop on OS X.

$ ls -ln
total 8
drwxrwsr-x 2 1000 1000 4096 Dec  5  2019 data
-rwxrwxr-x 1 1000 1000 1458 Dec  5  2019 init-only-entry.sh
-rw-r--r-- 1 1000 1000    0 Jun  3 09:57 sourced.sh
$ [ -x ./init-only-entry.sh ] && echo yes || echo no
yes
$ [ -x ./sourced.sh ] && echo yes || echo no
no

The workaround to just source the entrypoint is fine. You could alternatively drop the initdb.d volume and build an image to COPY in the script and that should work everywhere.

[DexM]

It doesn't seem to be macOS related issue. Something was broken in mysql:8.0.29 version. Here's what I get in CircleCI (Linux environment):

8.0.28

$ docker run --rm -v '/home/circleci/workspace/infrastructure/migrations:/docker-entrypoint-initdb.d' --entrypoint ls mysql:8.0.28 -lah
total 76K
drwxr-xr-x   1 root root 4.0K Jul  7 10:09 .
drwxr-xr-x   1 root root 4.0K Jul  7 10:09 ..
-rwxr-xr-x   1 root root    0 Jul  7 10:09 .dockerenv
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 bin
drwxr-xr-x   2 root root 4.0K Mar 19 13:44 boot
drwxr-xr-x   5 root root  340 Jul  7 10:09 dev
drwxr-xr-x   2 root root 4.0K Jul  7 09:03 docker-entrypoint-initdb.d
lrwxrwxrwx   1 root root   34 Apr 20 10:05 entrypoint.sh -> usr/local/bin/docker-entrypoint.sh
drwxr-xr-x   1 root root 4.0K Jul  7 10:09 etc
drwxr-xr-x   2 root root 4.0K Mar 19 13:44 home
drwxr-xr-x   1 root root 4.0K Apr 20 10:04 lib
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 lib64
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 media
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 mnt
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 opt
dr-xr-xr-x 136 root root    0 Jul  7 10:09 proc
drwx------   1 root root 4.0K Apr 20 10:04 root
drwxr-xr-x   1 root root 4.0K Apr 20 10:05 run
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 sbin
drwxr-xr-x   2 root root 4.0K Apr 18 00:00 srv
dr-xr-xr-x  13 root root    0 Jul  7 10:06 sys
drwxrwxrwt   1 root root 4.0K Apr 20 10:05 tmp
drwxr-xr-x   1 root root 4.0K Apr 18 00:00 usr
drwxr-xr-x   1 root root 4.0K Apr 18 00:00 var

8.0.29

$ docker run --rm -v '/home/circleci/workspace/infrastructure/migrations:/docker-entrypoint-initdb.d' --entrypoint ls mysql:8.0.29 -lah
ls: cannot access 'sys': Operation not permitted
ls: cannot access 'usr': Operation not permitted
ls: cannot access 'run': Operation not permitted
ls: cannot access 'etc': Operation not permitted
ls: cannot access 'sbin': Operation not permitted
ls: cannot access '.': Operation not permitted
ls: cannot access 'root': Operation not permitted
ls: cannot access 'lib': Operation not permitted
ls: cannot access '..': Operation not permitted
ls: cannot access 'home': Operation not permitted
ls: cannot access 'var': Operation not permitted
ls: cannot access 'bin': Operation not permitted
ls: cannot access 'boot': Operation not permitted
ls: cannot access 'mnt': Operation not permitted
ls: cannot access 'lib64': Operation not permitted
ls: cannot access 'dev': Operation not permitted
ls: cannot access 'proc': Operation not permitted
ls: cannot access 'opt': Operation not permitted
ls: cannot access 'tmp': Operation not permitted
ls: cannot access 'media': Operation not permitted
ls: cannot access 'srv': Operation not permitted
ls: cannot access '.dockerenv': Operation not permitted
ls: cannot access 'docker-entrypoint-initdb.d': Operation not permitted
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..
-????????? ? ? ? ?            ? .dockerenv
l????????? ? ? ? ?            ? bin
d????????? ? ? ? ?            ? boot
d????????? ? ? ? ?            ? dev
d????????? ? ? ? ?            ? docker-entrypoint-initdb.d
d????????? ? ? ? ?            ? etc
d????????? ? ? ? ?            ? home
l????????? ? ? ? ?            ? lib
l????????? ? ? ? ?            ? lib64
d????????? ? ? ? ?            ? media
d????????? ? ? ? ?            ? mnt
d????????? ? ? ? ?            ? opt
d????????? ? ? ? ?            ? proc
d????????? ? ? ? ?            ? root
d????????? ? ? ? ?            ? run
l????????? ? ? ? ?            ? sbin
d????????? ? ? ? ?            ? srv
d????????? ? ? ? ?            ? sys
d????????? ? ? ? ?            ? tmp
d????????? ? ? ? ?            ? usr
d????????? ? ? ? ?            ? var

This happens on the same machine (same kernel, same Docker, same everything). The only difference is MySQL Docker Image version.

[tianon]

Ah, that looks like a seccomp failure -- if you run it with --security-opt seccomp=unconfined (to disable that security feature), it should succeed. The correct fix if that works is to update Docker and libseccomp on the host.

[Arkemlar]

Got exactly same problem as issue starter. This is definetely something with Macos setup. I made script that worked perfectly in my linux machine, and it fails in Macos.
Things mentioned in @yosifkit 's comment above also true #862 (comment)
test -x /docker-entrypoint-initdb.d/99-exit.sh returns 0 code, while there is no x bit.

[Arkemlar]

The problem above forces me to make even more stupid solution because of limitations in docker-entrypoint.sh that I mentioned in this issue #357 (comment)
Moving exec "$@" to the

if ! _is_sourced; then
	_main "$@"
fi

block could solve a lot of porblems.