Replace PHP-FPM entrypoint

Now we can rely on correct signal handling via dumb-init and only use
shush when there's actually encrypted variables

Author: renatomefi

Dockerfile-fpm

@@ -40,7 +40,8 @@ RUN install-shush && rm -f /usr/local/bin/install-shush \
 
 STOPSIGNAL SIGTERM
 
-CMD ["/usr/local/bin/shush", "exec", "php-fpm", "--force-stderr"]
+ENTRYPOINT [ "docker-php-entrypoint-init" ]
+CMD ["--force-stderr"]
 
 # Base images don't need healthcheck since they are not running applications
 # this can be overriden in the child images
@@ -54,6 +55,3 @@ FROM fpm as fpm-dev
 # Install Xdebug and development specific configuration
 RUN docker-php-dev-mode xdebug \
     && docker-php-dev-mode config
-
-# Change entrypoint back to the default because we don't need shush in development
-CMD ["docker-php-entrypoint", "--force-stderr"]

src/php/utils/docker/docker-php-entrypoint-init

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+# first arg is `-f` or `--some-option` or if it's empty
+if [ -z "$1" ] || [ "${1#-}" != "$1" ]; then
+	set -- php-fpm "$@"
+fi
+
+if [ "$1" = php-fpm ]; then
+    if env | grep -E "^KMS_ENCRYPTED"; then
+        set -- shush exec -- "$@"
+    fi
+
+    # Rewrite SIGINT  to SIGQUIT
+    # Rewrite SIGTERM to SIGQUIT
+    # Rewrite SIGHUP  to SIGUSR2
+    set -- dumb-init --rewrite 2:3 --rewrite 15:3 --rewrite 1:17 -- "$@"
+fi
+
+exec "$@"