Commit graph

301 commits

Author SHA1 Message Date
Debarshi Ray
0ee5b592a2 Prepare 0.0.15 2019-09-30 16:21:56 +02:00
Debarshi Ray
88dc6bb0a9 Tweak the debug output and error messages
This should make it more obvious which part of the two-step process of
copying /etc/profile.d/toolbox.sh into a container the strings are
coming from.

https://github.com/debarshiray/toolbox/pull/279
2019-09-27 18:36:17 +02:00
Debarshi Ray
f647639b8a Be forgiving of a missing /etc/profile.d/toolbox.sh in 'run'
It's common for people to run the toolbox script straight out of the
source tree without installing it system-wide. In such cases, it's
likely that /etc/profile.d/toolbox.sh would be absent on the host, and
as a result also absent from the toolbox container.

The welcome messages and the primary shell prompt (or PS1) are set
through /etc/profile.d/toolbox.sh, so not having it does degrade the
user experience, but it's probably not severe enough to fail the 'run'
command.

This should have been part of commit 0db54946b4 which split the
copying of /etc/profile.d/toolbox.sh into a container into two steps to
avoid using 'podman cp'. It already tried to handle the missing file
in the first step, but not in the second step.

It's also nice to at least make the user aware of the situation by
printing an error message.

https://github.com/debarshiray/toolbox/pull/278
2019-09-27 18:20:57 +02:00
Jens Petersen
d517dc8b01 Update default release to 30 when running on non-fedora hosts
https://github.com/debarshiray/toolbox/pull/205
2019-09-27 17:13:39 +02:00
Debarshi Ray
32bd215f30 Unbreak 'create' on Silverblue
Podman defaults to bind-mounting locations as read-write when neither
'rw' nor 'ro' is explicitly specified.

On Silverblue /usr is mounted read-only on the host. Therefore, it's
not possible to bind-mount it as read-write inside the toolbox
container.

It turns out that Podman doesn't downgrade the default mount flag to
read-only when the source location is such, and this breaks creating
new toolbox containers on Silverblue. See:
https://github.com/containers/libpod/issues/4061

Fallout from d63b0a9c0f

https://github.com/debarshiray/toolbox/pull/276
2019-09-26 20:22:15 +02:00
Debarshi Ray
8308ea6bd6 images: Install only flatpak-spawn, not the rest of flatpak-xdg-utils
https://github.com/debarshiray/toolbox/issues/147
2019-09-24 21:04:32 +02:00
Jens Petersen
033ed71ec1 images: Don't worry about coreutils-single
The fedora base images no longer come with coreutils-single.

https://github.com/fedora-cloud/docker-brew-fedora/issues/58
2019-09-24 20:19:58 +02:00
Debarshi Ray
e265c34cec images: Add fedora-toolbox image definition for Fedora 32 2019-09-24 20:14:32 +02:00
Debarshi Ray
9145ae7690 Don't sanity check /etc/subgid and /etc/subuid when running as root
The /etc/subgid and /etc/subuid files are only meant to be used when
running rootless, and hence don't have an entry for root.

https://github.com/debarshiray/toolbox/issues/267
2019-09-23 18:23:33 +02:00
Debarshi Ray
691c551cd2 Log the real user ID into the debug output
Toolbox might be used as root or rootless. Including the real user ID
in the debug output can help understand bugs or oddities caused by
differences in root versus rootless scenarios.

https://github.com/debarshiray/toolbox/issues/267
2019-09-23 18:23:28 +02:00
Debarshi Ray
3a96feba47 Let the terminal know the active container only on some Fedora variants
In practice, the OSC 777 escape sequence is only supported in Fedora's
fork of VTE. It's completely useless on other distributions.

Moreover, the user experience of tracking and preserving the user's
current toolbox container in GNOME Terminal was designed specifically
for Fedora Silverblue and Workstation, and it still has some rough
edges. eg., not being able to request a shell running on the host from
inside the toolbox, which can make the user feel trapped. While those
kinks get worked out, it's better to not expose users of other Fedora
variants, like CoreOS, to this.

https://github.com/debarshiray/toolbox/pull/272
2019-09-23 17:35:04 +02:00
Debarshi Ray
0c967bcac9 Switch to using /usr/lib/os-release instead of /etc/os-release
On systemd-based systems /etc/os-release is a symbolic link to
/usr/lib/os-release. So this avoids one extra lookup.

https://github.com/debarshiray/toolbox/pull/271
2019-09-23 17:18:11 +02:00
Debarshi Ray
b6b484fa79 Simplify code by dropping compatibility with 'podman create' < 1.4.0
The '--dns=none --no-hosts' options were added to 'podman create' in
Podman 1.2.0, which is within the current minimum required Podman
version of 1.4.0.

https://github.com/debarshiray/toolbox/pull/270
2019-09-23 16:13:12 +02:00
Debarshi Ray
7747274f64 Simplify code
Fallout from 5d78707a21

https://github.com/debarshiray/toolbox/pull/270
2019-09-23 16:13:09 +02:00
Debarshi Ray
2c77778f04 Rely on 'podman system migrate' always being present
The 'podman system migrate' command was added in Podman 1.3.0, which is
within the current minimum required Podman version of 1.4.0.

https://github.com/debarshiray/toolbox/pull/269
2019-09-23 15:48:09 +02:00
Debarshi Ray
d0fefc8e30 Prepare 0.0.14 2019-09-18 18:47:43 +02:00
Debarshi Ray
d63b0a9c0f Expose a few more host locations inside the container under /run/host
This is meant to alleviate some of the pain of not being able to modify
the list of bind mounts once a toolbox container has been created. For
some cases, especially where read-only access is enough, one can get
by with setting up symbolic links inside the toolbox container.

Based on an idea from Colin Walters.

https://github.com/debarshiray/toolbox/pull/264
2019-09-18 17:11:39 +02:00
Erik Sjölund
28833fc95b Adjust the grep match pattern to be more specific
https://github.com/debarshiray/toolbox/pull/211

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2019-09-10 13:42:59 +02:00
Akira TAGOH
0ed441e471 Check if /run/media is available
No /run/media directory on Chromebook.

https://github.com/debarshiray/toolbox/pull/238
2019-09-10 13:24:49 +02:00
Debarshi Ray
341541ad53 Try to unbreak the terminal size when working nested
When running nested, stty(1) is invoked against the inner
pseudo-terminal pair created by 'podman exec --tty' which may not have
a valid size due to: https://github.com/containers/libpod/issues/3946

In such cases, the COLUMNS and LINES variables set by toolbox(1) in the
outer environment should be forwarded.

This should have been part of commit 05544fb271.

https://github.com/debarshiray/toolbox/issues/242
2019-09-10 12:52:51 +02:00
Debarshi Ray
b2d31e3ab8 Fix typo
It was working because the environment_options variable gets reset
soon afterwards.

Fallout from 05544fb271

https://github.com/debarshiray/toolbox/issues/242
2019-09-10 12:52:51 +02:00
Harry Míchal
44bfa7d304 Preserve the host's ulimits when creating toolbox containers
Since Podman supports '--ulimit host' only from version 1.5.0, which
is newer than the minimum required version of 1.4.0, this only works
if a new enough Podman is available.

https://github.com/debarshiray/toolbox/issues/213
2019-09-09 21:32:43 +02:00
Harry Míchal
49163a89aa Don't exit with a non-zero code from 'toolbox list -i'
When listing only images, 'exit' was picking up the non-zero exit code
from the following (failing) statement meant for containers. An
explicit 'if' branch prevents the exit code of the condition from
leaking out.

Fallout from 5e4e63a11b

https://github.com/debarshiray/toolbox/pull/258
2019-09-09 19:53:32 +02:00
Debarshi Ray
4f8759f759 Suppress error output unless --verbose is being used
https://github.com/debarshiray/toolbox/pull/258
2019-09-09 19:53:29 +02:00
Debarshi Ray
50432df0d6 Give access to the system libvirt instance
This is useful when the session libvirt instance doesn't offer all the
bells and whistles needed for running virtual machines.

https://github.com/debarshiray/toolbox/pull/257
2019-09-09 18:56:55 +02:00
Debarshi Ray
b2e3cbf661 Give access to the system Flatpak directory
This is helpful when running a development build of GNOME Shell from
within a toolbox container. It enables populating the application grid
with Flatpak applications installed system-wide on the host.

https://github.com/debarshiray/toolbox/pull/256
2019-09-09 17:13:51 +02:00
Akira TAGOH
05544fb271 Work around 'podman exec' resetting the terminal size to 80x24
See: https://github.com/containers/libpod/issues/3946

COLUMNS and LINES may not be set in the user's environment. Hence the
existing mechanism for preserving environment variables don't work.

Note that for things to keep working when invoked via D-Bus from
inside a toolbox container, the terminal size needs to be queried using
the standard input stream, instead of explicitly mentioning the
controlling terminal device /dev/tty. This is because stty(1) doesn't
have the notion of a controlling terminal when invoked via D-Bus, but
flatpak-spawn(1) ensures that the standard input stream still points
to the user's interactive terminal.

https://github.com/debarshiray/toolbox/issues/242
2019-09-09 14:40:52 +02:00
Debarshi Ray
cc448a2fb8 Prepare 0.0.13 2019-09-05 15:03:34 +02:00
Debarshi Ray
20dcd81d12 Simplify code by taking advantage of 'podman exec --workdir ...'
The '--workdir ...' option was added to 'podman exec' in Podman 1.0.0,
which is within the current minimum required Podman version of 1.4.0.

https://github.com/debarshiray/toolbox/pull/254
2019-09-05 13:24:50 +02:00
Dusty Mabe
f1524260eb Simplify code by taking advantage of 'podman create --userns=keep-id'
This lets podman do the calculations for mapping the host UID into the
user namespace within the container. See cfcf4eb31e for original
context.

The '--userns=keep-id' option was introduced in Podman 1.4.0, which is
old enough to be in even RHEL 7.

https://github.com/debarshiray/toolbox/issues/244
2019-09-04 21:07:13 +02:00
Harry Míchal
5e63e9ec9b Improve the help or usage output
A new help command has been added which either shows the toolbox(1)
manual or a manual page for a specific command. The '--help' flag is
now identical to the help command and can be placed after the COMMAND
segment in the list of command line arguments.

Due to a bizarre quirk in less(1) [1], the default pager used to render
manuals on most systems, the man(1) invocations need the standard error
stream to point to the controlling terminal, if any, to work. This
interferes with the global redirection of standard error to /dev/null
in the absence of the '--verbose' flag, and is worked around by
redirecting to standard output instead.

[1] It turns out that less(1) tries to open the controlling terminal
    device /dev/tty to get to the keyboard for accepting input.
    However, it doesn't have a controlling terminal when invoked via
    D-Bus to render a manual on the host. It then strangely falls back
    to using the standard error stream to get to the keyboard.

https://github.com/debarshiray/toolbox/pull/200
2019-09-04 20:54:13 +02:00
Harry Míchal
6b8593ec1d doc/toolbox: Shorten the description of the --verbose flag
https://github.com/debarshiray/toolbox/pull/200
2019-09-04 13:06:19 +02:00
Michael Nguyen
c6e37cdef3 profile.d: Tighten the Silverblue check
The Silverblue welcome message was being displayed incorrectly on
other OSTree based OS's (Fedora Atomic Host, Fedora CoreOS, etc).

Note that none of the stable Silverblue releases that have shipped so
far (ie., until Silverblue 30) have had 'silverblue' as the VARIANT_ID.
This makes the check a bit more convoluted that it should have been.

https://github.com/debarshiray/toolbox/pull/236
2019-08-12 13:47:36 +02:00
Debarshi Ray
0dee71b13f images: Drop PackageKit-command-not-found
It connects to the host's PackageKit instance, and tries to install the
packages on the host instead of inside the toolbox container. Remove it
unless there's a proper solution.

https://github.com/debarshiray/toolbox/issues/158
2019-07-22 15:05:21 +02:00
Debarshi Ray
c8aba029a3 Prepare 0.0.12 2019-07-22 14:28:41 +02:00
Colin Walters
e8f72f1e76 Drop the "immutable" term
I'm still waging a fight against this.  Please stop saying "immutable"
for this, it's more misleading than useful.

Previously e.g. https://github.com/debarshiray/toolbox/pull/43

https://github.com/debarshiray/toolbox/pull/221
2019-07-17 20:57:23 +02:00
Debarshi Ray
049bb92e64 Unbreak /etc/localtime & /etc/timezone if /run/host/monitor is absent
Toolbox containers created prior to commit 8db414ddc2 didn't have
/run/host/monitor inside them. Therefore, those containers were having
their /etc/localtime and /etc/timezone redirected to locations that
didn't exist.

Instead of selectively checking locations that were added later, it's
more manageable to handle all bind mounted target locations the same.

https://github.com/debarshiray/toolbox/pull/207
2019-06-26 20:09:20 +02:00
Debarshi Ray
4ab9c2e315 Make it easier to debug the 'toolbox init-container' entry point
This makes it easier to follow what the 'toolbox init-container' entry
point is doing.

https://github.com/debarshiray/toolbox/pull/207
2019-06-26 20:02:38 +02:00
Debarshi Ray
adbb9f90fd Tweak the debug output 2019-06-26 19:23:08 +02:00
Debarshi Ray
5601bb48e5 Create /run/.toolboxenv inside the toolbox container's entry point too
Creating /run/.toolboxenv in run(), outside the entry point, has the
advantage of automatically working with older toolbox containers.
However, at some point those containers are going to get end-of-lifed.
Then it would be nice to have this bit of initialization tucked away
inside the entry point.

https://github.com/debarshiray/toolbox/pull/206
2019-06-26 18:07:22 +02:00
Debarshi Ray
0db54946b4 Don't use 'podman cp' to copy toolbox.sh to old containers
Copying files into a running container is considered inherently hacky.
Rootful Podman can pause a container using 'podman cp --pause ...'
during the copy, but that's not possible when used rootless.

Secondly 'podman cp' has suffered from a series of regressions lately.
First there was the problem with how the --pause flag was handled [1],
and then /etc/profile.d/toolbox.sh was getting created as a
directory [2], not regular file, by:
  $ podman cp \
            --pause=false \
            /etc/profile.d/toolbox.sh \
            "$container":/etc/profile.d

Try to side-step all that by using $XDG_RUNTIME_DIR as a conduit to
share the file with the container and using plain cp(1) to place it in
the toolbox container's /etc/profile.d.

[1] Commit e715ff2f9b
    https://github.com/debarshiray/toolbox/pull/193

[2] https://github.com/containers/libpod/issues/3384

https://github.com/debarshiray/toolbox/issues/196
2019-06-26 17:12:50 +02:00
Debarshi Ray
f16b408cad Use variables to refer to the profile.d-toolbox.lock file
https://github.com/debarshiray/toolbox/issues/196
2019-06-24 18:52:35 +02:00
Debarshi Ray
3d447b2004 Fix typo
It was working because 'toolbox_container' is a global variable.
However, given that the name of the toolbox container is already being
passed as an argument to the function, it's better not to use the
global variable.

Fallout from c492907c12

https://github.com/debarshiray/toolbox/pull/201
2019-06-21 20:27:07 +02:00
Debarshi Ray
3b311313b7 Prepare 0.0.11 2019-06-21 16:31:50 +02:00
Debarshi Ray
585053bb8e Notify the terminal about the current toolbox container in use
This will let GNOME Terminal preserve the current toolbox container, if
any, when opening a new terminal. Since this is mainly beneficial to
users of an interactive shell inside a toolbox container, the escape
sequences are only emitted by 'toolbox enter', and not 'toolbox run'.

The OSC 777 escape sequence is taken from Enlightenment's Terminology:
https://phab.enlightenment.org/T1765

It's a VTE-specific extension until a standard escape sequence is
agreed upon across multiple different terminal emulators [1].

[1] https://gitlab.freedesktop.org/terminal-wg/specifications/issues/17

https://github.com/debarshiray/toolbox/pull/199
2019-06-21 16:19:18 +02:00
Casey Jao
c2e41553db Unbreak setting up /home as a symbolic link
The whole idea behind commit 66e982af72 was to set up $HOME and
/home to match the host. Therefore, it's pointless to check if /home
is a symbolic link or not inside the toolbox container. The state of
/home needs to be checked on the host, and then the toolbox container
adjusted accordingly.

One crucial difference is that the toolbox container is created before
its /home can be adjusted. Earlier, there was the user-specific
customized image, whose /home was adjusted first, and then the toolbox
container created from that. This boils down to the following
invocation happening before the symbolic link can be set up:
  podman create --volume "$HOME":$HOME":rslave --workdir "$HOME" ...

As a result, on host operating systems like Fedora 29 where /home is a
symbolic link with $HOME pointing inside it, Podman populates /home
with the user's sub-directory inside the toolbox container. This
prevents the subsequent 'rmdir $HOME' from working, and consequently
kills the container's entry point.

Compare that to Fedora 30 and newer where this problem doesn't occur
because /home is a symbolic link but $HOME points inside the target
/var/home directory.

This is why $HOME is canonicalized before bind mounting it into the
container and the container's working directory is reverted back to the
default (ie. /).

Fallout from 8b84b5e460

https://github.com/debarshiray/toolbox/issues/185
2019-06-17 23:28:34 +02:00
Casey Jao
adfca25c57 Unbreak error handling when setting up /home as a symbolic link
The unary logical negation operator (ie. !) was getting associated with
the 'rmdir /home' instead of the entire sequence.

Fallout from 8b84b5e460

https://github.com/debarshiray/toolbox/issues/185
2019-06-17 21:32:29 +02:00
Calvin Ling
bc1a816ea3 Unbreak rendering & wrapping of commands typed at an interactive prompt
... by wrapping the terminal escape sequences in '\[' and '\]':
https://www.gnu.org/software/bash/manual/html_node/Controlling-the-Prompt.html

https://github.com/debarshiray/toolbox/issues/190
2019-06-17 15:16:32 +02:00
Debarshi Ray
cbef52527f Unbreak 'podman cp ...' to work with podman-1.3.1
The '--pause' flag for 'podman cp' was only introduced in
podman-1.4.0 [1]. Having it work with older Podman versions is useful
when bisecting regressions.

Fallout from e715ff2f9b

[1] Podman commit 49dc18552a13ee76
    https://github.com/containers/libpod/commit/49dc18552a13ee76

https://github.com/debarshiray/toolbox/pull/194
2019-06-14 21:42:18 +02:00
Debarshi Ray
e715ff2f9b Prevent Podman from complaining about 'podman cp --pause=true ...'
Rootless containers cannot be paused while data is copied into them.
The '--pause' flag used to default to 'true', but it would be silently
ignored until recently [1,2] when it got turned into an error in
podman-1.4.0. Therefore, it has to be explicitly toggled using
'--pause=false'. Otherwise, it would lead to:
  toolbox: copying /etc/profile.d/toolbox.sh to container fubar
  Error: cannot copy into running rootless container with pause set -
    pass --pause=false to force copying
  toolbox: unable to copy /etc/profile.d/toolbox.sh to container fubar

The '--pause' flag was latter changed to default to 'false' [3], but
it's good to be defensive and have this addressed from both sides.

Note that 'podman cp --pause false ...' doesn't work. It's necessary to
use the '=' because it gets confused trying to parse the
space-separated source and destination path arguments.

[1] Podman commit 48e35f7da70c24ed
    https://github.com/containers/libpod/commit/48e35f7da70c24ed

[2] Podman commit 57d40939792719e6
    https://github.com/containers/libpod/commit/57d40939792719e6

[3] Podman commit d40b450afdc9784a
    https://github.com/containers/libpod/commit/d40b450afdc9784a

https://github.com/debarshiray/toolbox/pull/193
2019-06-14 19:30:54 +02:00