Rebase spark user patch

Dockerfile.template

@@ -18,10 +18,13 @@ FROM {{ BASE_IMAGE }}
 
 ARG spark_uid=185
 
+RUN groupadd --system --gid=${spark_uid} spark && \
+    useradd --system --uid=${spark_uid} --gid=spark spark
+
 RUN set -ex && \
     apt-get update && \
     ln -s /lib /lib64 && \
-    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \
+    apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \
     {%- if HAVE_PY %}
     apt install -y python3 python3-pip && \
     pip3 install --upgrade pip setuptools && \
@@ -36,6 +39,7 @@ RUN set -ex && \
     mkdir -p /opt/spark/examples && \
     mkdir -p /opt/spark/work-dir && \
     touch /opt/spark/RELEASE && \
+    chown -R spark:spark /opt/spark && \
     rm /bin/sh && \
     ln -sv /bin/bash /bin/sh && \
     echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
@@ -61,6 +65,7 @@ RUN set -ex; \
     rm -rf "$GNUPGHOME" spark.tgz.asc; \
     \
     tar -xf spark.tgz --strip-components=1; \
+    chown -R spark:spark .; \
     mv jars /opt/spark/; \
     mv bin /opt/spark/; \
     mv sbin /opt/spark/; \
@@ -91,6 +96,3 @@ RUN chmod a+x /opt/decom.sh
 RUN chmod a+x /opt/entrypoint.sh
 
 ENTRYPOINT [ "/opt/entrypoint.sh" ]
-
-# Specify the User that the actual main process will run as
-USER ${spark_uid}

entrypoint.sh.template

@@ -103,5 +103,12 @@ case "$1" in
     ;;
 esac
 
+# Switch to spark if no USER specified (root by default) otherwise use USER directly
+switch_spark_if_root() {
+  if [ $(id -u) -eq 0 ]; then
+    echo gosu spark
+  fi
+}
+
 # Execute the container CMD under tini for better hygiene
-exec /usr/bin/tini -s -- "${CMD[@]}"
+exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}"