This should make it more obvious which part of the two-step process of
copying /etc/profile.d/toolbox.sh into a container the strings are
coming from.
https://github.com/debarshiray/toolbox/pull/279
It's common for people to run the toolbox script straight out of the
source tree without installing it system-wide. In such cases, it's
likely that /etc/profile.d/toolbox.sh would be absent on the host, and
as a result also absent from the toolbox container.
The welcome messages and the primary shell prompt (or PS1) are set
through /etc/profile.d/toolbox.sh, so not having it does degrade the
user experience, but it's probably not severe enough to fail the 'run'
command.
This should have been part of commit 0db54946b4 which split the
copying of /etc/profile.d/toolbox.sh into a container into two steps to
avoid using 'podman cp'. It already tried to handle the missing file
in the first step, but not in the second step.
It's also nice to at least make the user aware of the situation by
printing an error message.
https://github.com/debarshiray/toolbox/pull/278
Podman defaults to bind-mounting locations as read-write when neither
'rw' nor 'ro' is explicitly specified.
On Silverblue /usr is mounted read-only on the host. Therefore, it's
not possible to bind-mount it as read-write inside the toolbox
container.
It turns out that Podman doesn't downgrade the default mount flag to
read-only when the source location is such, and this breaks creating
new toolbox containers on Silverblue. See:
https://github.com/containers/libpod/issues/4061
Fallout from d63b0a9c0fhttps://github.com/debarshiray/toolbox/pull/276
Toolbox might be used as root or rootless. Including the real user ID
in the debug output can help understand bugs or oddities caused by
differences in root versus rootless scenarios.
https://github.com/debarshiray/toolbox/issues/267
In practice, the OSC 777 escape sequence is only supported in Fedora's
fork of VTE. It's completely useless on other distributions.
Moreover, the user experience of tracking and preserving the user's
current toolbox container in GNOME Terminal was designed specifically
for Fedora Silverblue and Workstation, and it still has some rough
edges. eg., not being able to request a shell running on the host from
inside the toolbox, which can make the user feel trapped. While those
kinks get worked out, it's better to not expose users of other Fedora
variants, like CoreOS, to this.
https://github.com/debarshiray/toolbox/pull/272
The '--dns=none --no-hosts' options were added to 'podman create' in
Podman 1.2.0, which is within the current minimum required Podman
version of 1.4.0.
https://github.com/debarshiray/toolbox/pull/270
This is meant to alleviate some of the pain of not being able to modify
the list of bind mounts once a toolbox container has been created. For
some cases, especially where read-only access is enough, one can get
by with setting up symbolic links inside the toolbox container.
Based on an idea from Colin Walters.
https://github.com/debarshiray/toolbox/pull/264
Since Podman supports '--ulimit host' only from version 1.5.0, which
is newer than the minimum required version of 1.4.0, this only works
if a new enough Podman is available.
https://github.com/debarshiray/toolbox/issues/213
When listing only images, 'exit' was picking up the non-zero exit code
from the following (failing) statement meant for containers. An
explicit 'if' branch prevents the exit code of the condition from
leaking out.
Fallout from 5e4e63a11bhttps://github.com/debarshiray/toolbox/pull/258
This is helpful when running a development build of GNOME Shell from
within a toolbox container. It enables populating the application grid
with Flatpak applications installed system-wide on the host.
https://github.com/debarshiray/toolbox/pull/256
See: https://github.com/containers/libpod/issues/3946
COLUMNS and LINES may not be set in the user's environment. Hence the
existing mechanism for preserving environment variables don't work.
Note that for things to keep working when invoked via D-Bus from
inside a toolbox container, the terminal size needs to be queried using
the standard input stream, instead of explicitly mentioning the
controlling terminal device /dev/tty. This is because stty(1) doesn't
have the notion of a controlling terminal when invoked via D-Bus, but
flatpak-spawn(1) ensures that the standard input stream still points
to the user's interactive terminal.
https://github.com/debarshiray/toolbox/issues/242
The '--workdir ...' option was added to 'podman exec' in Podman 1.0.0,
which is within the current minimum required Podman version of 1.4.0.
https://github.com/debarshiray/toolbox/pull/254
This lets podman do the calculations for mapping the host UID into the
user namespace within the container. See cfcf4eb31e for original
context.
The '--userns=keep-id' option was introduced in Podman 1.4.0, which is
old enough to be in even RHEL 7.
https://github.com/debarshiray/toolbox/issues/244
A new help command has been added which either shows the toolbox(1)
manual or a manual page for a specific command. The '--help' flag is
now identical to the help command and can be placed after the COMMAND
segment in the list of command line arguments.
Due to a bizarre quirk in less(1) [1], the default pager used to render
manuals on most systems, the man(1) invocations need the standard error
stream to point to the controlling terminal, if any, to work. This
interferes with the global redirection of standard error to /dev/null
in the absence of the '--verbose' flag, and is worked around by
redirecting to standard output instead.
[1] It turns out that less(1) tries to open the controlling terminal
device /dev/tty to get to the keyboard for accepting input.
However, it doesn't have a controlling terminal when invoked via
D-Bus to render a manual on the host. It then strangely falls back
to using the standard error stream to get to the keyboard.
https://github.com/debarshiray/toolbox/pull/200
The Silverblue welcome message was being displayed incorrectly on
other OSTree based OS's (Fedora Atomic Host, Fedora CoreOS, etc).
Note that none of the stable Silverblue releases that have shipped so
far (ie., until Silverblue 30) have had 'silverblue' as the VARIANT_ID.
This makes the check a bit more convoluted that it should have been.
https://github.com/debarshiray/toolbox/pull/236
It connects to the host's PackageKit instance, and tries to install the
packages on the host instead of inside the toolbox container. Remove it
unless there's a proper solution.
https://github.com/debarshiray/toolbox/issues/158
Toolbox containers created prior to commit 8db414ddc2 didn't have
/run/host/monitor inside them. Therefore, those containers were having
their /etc/localtime and /etc/timezone redirected to locations that
didn't exist.
Instead of selectively checking locations that were added later, it's
more manageable to handle all bind mounted target locations the same.
https://github.com/debarshiray/toolbox/pull/207
Creating /run/.toolboxenv in run(), outside the entry point, has the
advantage of automatically working with older toolbox containers.
However, at some point those containers are going to get end-of-lifed.
Then it would be nice to have this bit of initialization tucked away
inside the entry point.
https://github.com/debarshiray/toolbox/pull/206
Copying files into a running container is considered inherently hacky.
Rootful Podman can pause a container using 'podman cp --pause ...'
during the copy, but that's not possible when used rootless.
Secondly 'podman cp' has suffered from a series of regressions lately.
First there was the problem with how the --pause flag was handled [1],
and then /etc/profile.d/toolbox.sh was getting created as a
directory [2], not regular file, by:
$ podman cp \
--pause=false \
/etc/profile.d/toolbox.sh \
"$container":/etc/profile.d
Try to side-step all that by using $XDG_RUNTIME_DIR as a conduit to
share the file with the container and using plain cp(1) to place it in
the toolbox container's /etc/profile.d.
[1] Commit e715ff2f9bhttps://github.com/debarshiray/toolbox/pull/193
[2] https://github.com/containers/libpod/issues/3384https://github.com/debarshiray/toolbox/issues/196
It was working because 'toolbox_container' is a global variable.
However, given that the name of the toolbox container is already being
passed as an argument to the function, it's better not to use the
global variable.
Fallout from c492907c12https://github.com/debarshiray/toolbox/pull/201
This will let GNOME Terminal preserve the current toolbox container, if
any, when opening a new terminal. Since this is mainly beneficial to
users of an interactive shell inside a toolbox container, the escape
sequences are only emitted by 'toolbox enter', and not 'toolbox run'.
The OSC 777 escape sequence is taken from Enlightenment's Terminology:
https://phab.enlightenment.org/T1765
It's a VTE-specific extension until a standard escape sequence is
agreed upon across multiple different terminal emulators [1].
[1] https://gitlab.freedesktop.org/terminal-wg/specifications/issues/17https://github.com/debarshiray/toolbox/pull/199
The whole idea behind commit 66e982af72 was to set up $HOME and
/home to match the host. Therefore, it's pointless to check if /home
is a symbolic link or not inside the toolbox container. The state of
/home needs to be checked on the host, and then the toolbox container
adjusted accordingly.
One crucial difference is that the toolbox container is created before
its /home can be adjusted. Earlier, there was the user-specific
customized image, whose /home was adjusted first, and then the toolbox
container created from that. This boils down to the following
invocation happening before the symbolic link can be set up:
podman create --volume "$HOME":$HOME":rslave --workdir "$HOME" ...
As a result, on host operating systems like Fedora 29 where /home is a
symbolic link with $HOME pointing inside it, Podman populates /home
with the user's sub-directory inside the toolbox container. This
prevents the subsequent 'rmdir $HOME' from working, and consequently
kills the container's entry point.
Compare that to Fedora 30 and newer where this problem doesn't occur
because /home is a symbolic link but $HOME points inside the target
/var/home directory.
This is why $HOME is canonicalized before bind mounting it into the
container and the container's working directory is reverted back to the
default (ie. /).
Fallout from 8b84b5e460https://github.com/debarshiray/toolbox/issues/185
Rootless containers cannot be paused while data is copied into them.
The '--pause' flag used to default to 'true', but it would be silently
ignored until recently [1,2] when it got turned into an error in
podman-1.4.0. Therefore, it has to be explicitly toggled using
'--pause=false'. Otherwise, it would lead to:
toolbox: copying /etc/profile.d/toolbox.sh to container fubar
Error: cannot copy into running rootless container with pause set -
pass --pause=false to force copying
toolbox: unable to copy /etc/profile.d/toolbox.sh to container fubar
The '--pause' flag was latter changed to default to 'false' [3], but
it's good to be defensive and have this addressed from both sides.
Note that 'podman cp --pause false ...' doesn't work. It's necessary to
use the '=' because it gets confused trying to parse the
space-separated source and destination path arguments.
[1] Podman commit 48e35f7da70c24ed
https://github.com/containers/libpod/commit/48e35f7da70c24ed
[2] Podman commit 57d40939792719e6
https://github.com/containers/libpod/commit/57d40939792719e6
[3] Podman commit d40b450afdc9784a
https://github.com/containers/libpod/commit/d40b450afdc9784ahttps://github.com/debarshiray/toolbox/pull/193