Commit graph

585 commits

Author SHA1 Message Date
Michael Lingelbach
31d63e9511 Don't assume that the user's GID is the same as the UID
When taking ownership of the runtime directory or the initialization
stamp file inside it, it was assumed that the user's GID and UID were
the same. However that might not always be the case.

Note that this commit doesn't use the GID passed from the host to the
toolbox container's entry point to configure the user inside the
container. That is actually more difficult than it sounds. The manual
for useradd(8) says that the group specified by the '--gid' flag must
actually exist.

https://github.com/containers/toolbox/issues/664
2021-03-10 16:23:50 +01:00
Ondřej Míchal
fbcc519795 .github: Update issue templates
Recently the issue labels were updated. The templates need to be updated
to auto-set labels correctly.

https://github.com/containers/toolbox/pull/711
2021-03-10 13:18:33 +01:00
Otto Urpelainen
889807ad49 Include the nano default editor
Since Fedora 33, `nano` is the default editor[0]. It needs to be
included in the fedora-toolbox image to have the standard Fedora
experience inside the container.

[0] https://fedoraproject.org/wiki/Changes/UseNanoByDefault
2021-03-10 13:06:15 +01:00
Ondřej Míchal
7ec26a27df src/create: Handle read-only /boot
CoreOS recently made /boot read-only[0]. This caused an issue with
starting containers because /boot was mounted only with option rslave
but missed the ro option. This caused a permission issue.

This scenario is very similar to the one with /usr on Fedora Silverblue.
The solution for this is to check mount options of the path and check if
it uses the rw option or ro and then add it to the mount options in the
--volume option in 'podman create'.

Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/734

[0] 1de21ffa98

https://github.com/containers/toolbox/pull/712
2021-03-01 23:30:58 +01:00
Ondřej Míchal
872eba41a9 pkg/utils: Drop length check when getting mount options
On Fedora Silverblue 33 the output of 'findmnt --noheadings --output
OPTIONS /usr' is:

  ro,relatime,seclabel,ssd,space_cache,subvolid=257,subvol=/root

(Fedora uses btrfs as it's default filesystem since version 33[0]). But
when you make the current deployment mutable using 'ostree admin unlock'
the output of the command changes to something like this:

  ro,relatime,seclabel,ssd,space_cache,subvolid=257,subvol=/root
  rw,relatime,seclabel,lowerdir=usr,upperdir=/var/tmp/ostree-unlock-ovl.JLXHQ0/upper,workdir=/var/tmp/ostree-unlock-ovl.JLXHQ0/work

This causes utils.GetMountOptions to error out preventing a successful
creation of a container with 'toolbox create' when the deployment is
unlocked.

For Toolbox the first line is the more relevant because even though /usr
is technically writeable, it will cease to be after reboot. This is the
current behaviour of the utils.GetMountOptions. Thanks to that I think
it's safe to remove the length check that prevents to create a container
when the current deployment is unlocked.

[0] https://fedoraproject.org/wiki/Changes/BtrfsByDefault

https://github.com/containers/toolbox/pull/554
2021-03-01 21:43:05 +01:00
Seppo Yli-Olli
af602c7d22 src/cmd/initContainer: Give access to systemd-resolved's Varlink socket
Since systemd >= 247, systemd-resolved offers a Varlink interface over
the socket at /run/systemd/resolve/io.systemd.Resolve.

https://github.com/containers/toolbox/pull/707
2021-02-24 22:26:16 +01:00
Seppo Yli-Olli
baac0461bd test/system: Support an optional nano version number
https://github.com/containers/toolbox/pull/709
2021-02-24 22:14:38 +01:00
Debarshi Ray
3801bd6e5a Prepare 0.0.99.1 2021-02-23 19:57:04 +01:00
Michael Lingelbach
a65fe31633 cmd/create: Check if /mnt exists before adding it as a volume mount
No /mnt on NixOS.

https://github.com/containers/toolbox/pull/676
2021-02-20 10:22:30 +01:00
Juanje Ojeda
05c9c06ec6 test/system: Add test for the new --distro option
https://github.com/containers/toolbox/pull/517
2021-02-19 20:38:55 +01:00
Juanje Ojeda
55b5018026 test/system: Test that sudo doesn't require a password
https://github.com/containers/toolbox/pull/517
2021-02-19 20:38:27 +01:00
Andrey Bienkowski
fca6af7a8b test/system: Update documentation
Co-authored-by: Juanje Ojeda <juanje.ojeda@gmail.com>
Co-authored-by: Ondřej Míchal <harrymichal@seznam.cz>

https://github.com/containers/toolbox/pull/517
2021-02-19 20:37:29 +01:00
Debarshi Ray
f1c36b7cc7 test/system/README.md: Add newline at end of file
https://github.com/containers/toolbox/pull/517
2021-02-19 20:34:56 +01:00
Juanje Ojeda
7973181136 playbooks, test/system: Avoid downloading the images multiple times
Since commit b27795a03e, each section of the test suite starts
and ends with a clean Podman state. This includes removing all images
from the local containers storage. Therefore, the images get downloaded
multiple times during the course of the test suite.

This commit restores the earlier behaviour where the images would get
downloaded only once, by copying them to separate directories outside
the local containers storage and then restoring them when the tests
are run.

https://github.com/containers/toolbox/pull/517
https://github.com/containers/toolbox/pull/704
2021-02-19 20:18:21 +01:00
Juanje Ojeda
285a54ba5b playbooks: Specify the artifact generated at each step of the build
See:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html

https://github.com/containers/toolbox/pull/517
https://github.com/containers/toolbox/pull/703
2021-02-19 19:18:29 +01:00
Juanje Ojeda
0e8cfe95eb playbooks: Specify the precise versions of bats-assert & bats-support
See:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html

https://github.com/containers/toolbox/pull/517
https://github.com/containers/toolbox/pull/703
2021-02-19 19:18:25 +01:00
Juanje Ojeda
e654f20d58 .zuul, playbooks: Unify the system-test*.yaml for all Fedora versions
The playbooks were too fragmented and were hard to maintain. With this
the number of files is significantly lowered.

https://github.com/containers/toolbox/pull/517
https://github.com/containers/toolbox/pull/702
2021-02-19 18:54:33 +01:00
Juanje Ojeda
2a2fd5baa5 .zuul, playbooks: Unify the setup-env.yaml across all Fedora versions
The playbooks were too fragmented and were hard to maintain. With this
the number of files is significantly lowered.

https://github.com/containers/toolbox/pull/517
https://github.com/containers/toolbox/pull/701
2021-02-19 18:15:55 +01:00
Ondřej Míchal
a0602e4485 Add deprecation notices to the POSIX shell Toolbox
The POSIX shell Toolbox has been replaced by the Go implementation
quite a long time ago. People on several ocassions created PRs that
still update it, or end up using it by mistake when building from
source.

It was not clear that the POSIX shell implementation has been
deprecated and is no longer maintained.

https://github.com/containers/toolbox/pull/698
2021-02-19 15:40:52 +01:00
Ondřej Míchal
f5bbe356ad Drop the FGC namespace from the fedora-toolbox images
The FGC namespace used to be required by the Fedora container
guidelines, but not anymore [1].

[1] https://pagure.io/ContainerSIG/container-sig/issue/2

https://github.com/containers/toolbox/pull/615
2021-02-19 14:47:44 +01:00
Ondřej Míchal
9ec6b49c6b test/system/README.md: Update the URLs for bats-assert and bats-support
The repositories under the ztombol namespace have been inactive since
2016. The code is now maintained by the bats-core organization.

https://github.com/containers/toolbox/pull/700
2021-02-19 11:02:13 +01:00
Ondřej Míchal
8b4bf6dbcf Update bug-report.md
A lot of issues are about toolbox containers not starting up. In such
cases the output of `podman start --attach` is required to see what is
going on. It would be easier if users provided this information right
when they are filling the issue.

https://github.com/containers/toolbox/pull/699
2021-02-18 19:10:23 +01:00
Ondřej Míchal
986efd2666 playbooks: Show Podman info necessary for filing issues 2021-02-17 16:21:54 +01:00
Ondřej Míchal
b0407a1f6e ci: Fix pulled image name
I made a mistake in previous commit and did not update the pulled image
name.
2021-02-17 16:04:54 +01:00
Ondřej Míchal
aa0ec80e07 ci: Enable testing on Fedora 34 2021-02-17 14:07:39 +01:00
Ondřej Míchal
a4812f9bca ci: Drop testing on Fedora 31 2021-02-17 14:06:15 +01:00
Andrey Bienkowski
0e9e0794f8 Update README.md 2021-02-12 19:46:21 +01:00
hexagonrecursion
c85c81eb8e Document dependencies: go, ninja 2021-02-12 19:46:21 +01:00
hexagonrecursion
713f4b866d Update the build requirements
Without this I get an error:
```
$ meson -Dprofile_dir=/etc/profile.d builddir
The Meson build system
Version: 0.55.3
Source dir: /home/user/toolbox
Build dir: /home/user/toolbox/builddir
Build type: native build
Project name: toolbox
Project version: 0.0.97

meson.build:1:0: ERROR: Unknown compiler(s): ['cc', 'gcc', 'clang', 'pgcc', 'icc']
The follow exceptions were encountered:
Running "cc --version" gave "[Errno 2] No such file or directory: 'cc'"
Running "gcc --version" gave "[Errno 2] No such file or directory: 'gcc'"
Running "clang --version" gave "[Errno 2] No such file or directory: 'clang'"
Running "pgcc --version" gave "[Errno 2] No such file or directory: 'pgcc'"
Running "icc --version" gave "[Errno 2] No such file or directory: 'icc'"

A full log can be found at /home/user/toolbox/builddir/meson-logs/meson-log.txt
```
2021-02-12 19:46:21 +01:00
Juanje Ojeda
b27795a03e test/system: Refactor tests using bats-support and bats-assert
The bats-support[0] and bats-assert[1] libraries extend the
capabilities of bats[2]. Mainly, bats-assert is very useful for clean
checking of values/outputs/return codes.

Apart from updating the cases to use the libraries, the test cases have
been restructured in a way that they don't depend on each other anymore.
This required major changes in the helpers.bats file.

Overall, the tests are cleaner to read and easier to extend due to the
test cases being independent.

Some slight changes were made to the test cases themselves. Should not
alter their final behaviour.

There will be a follow up commit that will take care of downloading of
the tested images locally and caching them using Skopeo to speedup the
tests and try to resolve network problems when pulling the images that
we experienced in the past.

[0] https://github.com/bats-core/bats-support
[1] https://github.com/bats-core/bats-assert
[2] https://github.com/bats-core/bats-core
2021-02-12 14:02:08 +01:00
Ondřej Míchal
97daf9f940 Make use of dynamic CI status badge 2021-02-10 14:49:46 +01:00
Debarshi Ray
001390b26d gen-docs-list: Add newline at end of file
https://github.com/containers/toolbox/pull/688
2021-02-08 16:49:58 +01:00
Debarshi Ray
c2f8e19e56 Update copyright notices
https://github.com/containers/toolbox/pull/688
2021-02-08 16:49:54 +01:00
Debarshi Ray
6552274ef1 doc/toolbox: Synchronize with README.md
https://github.com/containers/toolbox/pull/686
2021-01-25 22:37:13 +01:00
Debarshi Ray
bcc8ffcf3a README.md: Make it easier to read
https://github.com/containers/toolbox/pull/685
2021-01-25 21:55:02 +01:00
Debarshi Ray
538e2dd9c5 GOALS.md: Cosmetics
https://github.com/containers/toolbox/pull/684
2021-01-25 21:13:07 +01:00
Debarshi Ray
20a8a0551a GOALS.md, README.md: Move the Goals and Use Cases to a separate file
... to prevent the README.md file from becoming too long.

https://github.com/containers/toolbox/pull/684
2021-01-25 20:36:34 +01:00
Ondřej Míchal
ba1097a6db README.md: Add a section on how to install Toolbox
https://github.com/containers/toolbox/pull/683
2021-01-25 20:21:33 +01:00
Ondřej Míchal
59055cf9eb doc/toolbox-enter: Mention which shell is spawned
https://github.com/containers/toolbox/pull/682
2021-01-25 18:46:56 +01:00
Ondřej Míchal
a8caedbb01 doc/toolbox-enter: Update how toolbox containers are named
The Go implementation prefers a newer syntax for assigning a custom
name to a toolbox container. The --container option is still supported
for backwards compatibility, but the manuals should show the new
workflow.

https://github.com/containers/toolbox/pull/681
2021-01-25 18:22:35 +01:00
Debarshi Ray
4b62648736 doc/toolbox-create: Mention the tags in the default toolbox images
https://github.com/containers/toolbox/pull/681
2021-01-25 18:05:51 +01:00
Ondřej Míchal
eef0d28320 doc/toolbox-create: Update how toolbox containers are named
The Go implementation prefers a newer syntax for assigning a custom
name to a toolbox container. The --container option is still supported
for backwards compatibility, but the manuals should show the new
workflow.

https://github.com/containers/toolbox/pull/678
2021-01-22 18:28:53 +01:00
Ondřej Míchal
257a1d05e3 doc/toolbox-create: Remove reference to user-specific customized image
This should have been part of commit 6543ff6a06.

https://github.com/containers/toolbox/pull/678
2021-01-22 18:28:49 +01:00
Ondřej Míchal
6543ff6a06 doc/toolbox-create, doc/toolbox-init-container: Mention the entry point
Ever since version 0.0.10, all newly created toolbox containers use a
reflexive entry point [1] and don't need a user-specific customized
image. Older containers that don't use a reflexive entry point were
deprecated in version 0.0.17 [2], and aren't even supported in the Go
implementation.

Therefore, it's time to finally update the manuals to document the
current way of doing things. Since the reflexive entry point is a key
feature of toolbox containers, some text was added to explain why it's
necessary and what it does.

[1] Commit 8b84b5e460
    https://github.com/containers/toolbox/pull/160

[2] Commit 9dc5281430
    https://github.com/containers/toolbox/pull/336

https://github.com/containers/toolbox/pull/677
2021-01-22 17:21:49 +01:00
Debarshi Ray
e0267b7315 test/system: Remove unused variables
https://github.com/containers/toolbox/pull/674
2021-01-19 21:50:49 +01:00
Debarshi Ray
16c47c0e82 profile.d: Silence SC2148
While Toolbox's test suite explicitly uses --shell=sh when running
shellcheck(1) on profile.d/toolbox.sh, external tools like Coverity
can't be expected to do the same. So they complain:
  Line 1:
  [ "$BASH_VERSION" != "" ] || [ "$ZSH_VERSION" != "" ] || return 0
  ^-- SC2148: Tips depend on target shell and yours is unknown. Add a
    shebang or a 'shell' directive.

See: https://github.com/koalaman/shellcheck/wiki/SC2148

https://github.com/containers/toolbox/pull/673
2021-01-19 19:01:41 +01:00
Kan Li
69dd701d3a cmd/initContainer: Handle hosts with /etc/localtime as absolute symlink
On Arch Linux and Ubuntu hosts, /etc/localtime is an absolute symbolic
link to /usr/share/zoneinfo/SomeTimeZone. So, inside the container,
/run/host/etc/localtime also has /usr/share/zoneinfo/SomeTimeZone as
its target.

https://github.com/containers/toolbox/issues/622
2021-01-12 21:03:10 +01:00
Debarshi Ray
772451c5e5 Prepare 0.0.99 2021-01-12 14:05:42 +01:00
Debarshi Ray
120eea449e Remove the deprecated reset command
The Go implementation had deprecated the reset command, right from the
beginning, in favour of 'podman system reset'. It's time to finally
remove it.

https://github.com/containers/toolbox/pull/668
2021-01-12 03:21:35 +01:00
Ondřej Míchal
21d25f88e3 Support RHEL hosts by creating containers based on UBI
https://github.com/containers/toolbox/pull/667
2021-01-12 02:37:47 +01:00