The Go implementation prefers a newer syntax for assigning a custom
name to a toolbox container. The --container option is still supported
for backwards compatibility, but the manuals should show the new
workflow.
https://github.com/containers/toolbox/pull/681
The Go implementation prefers a newer syntax for assigning a custom
name to a toolbox container. The --container option is still supported
for backwards compatibility, but the manuals should show the new
workflow.
https://github.com/containers/toolbox/pull/678
Ever since version 0.0.10, all newly created toolbox containers use a
reflexive entry point [1] and don't need a user-specific customized
image. Older containers that don't use a reflexive entry point were
deprecated in version 0.0.17 [2], and aren't even supported in the Go
implementation.
Therefore, it's time to finally update the manuals to document the
current way of doing things. Since the reflexive entry point is a key
feature of toolbox containers, some text was added to explain why it's
necessary and what it does.
[1] Commit 8b84b5e460https://github.com/containers/toolbox/pull/160
[2] Commit 9dc5281430https://github.com/containers/toolbox/pull/336https://github.com/containers/toolbox/pull/677
While Toolbox's test suite explicitly uses --shell=sh when running
shellcheck(1) on profile.d/toolbox.sh, external tools like Coverity
can't be expected to do the same. So they complain:
Line 1:
[ "$BASH_VERSION" != "" ] || [ "$ZSH_VERSION" != "" ] || return 0
^-- SC2148: Tips depend on target shell and yours is unknown. Add a
shebang or a 'shell' directive.
See: https://github.com/koalaman/shellcheck/wiki/SC2148https://github.com/containers/toolbox/pull/673
On Arch Linux and Ubuntu hosts, /etc/localtime is an absolute symbolic
link to /usr/share/zoneinfo/SomeTimeZone. So, inside the container,
/run/host/etc/localtime also has /usr/share/zoneinfo/SomeTimeZone as
its target.
https://github.com/containers/toolbox/issues/622
The Go implementation had deprecated the reset command, right from the
beginning, in favour of 'podman system reset'. It's time to finally
remove it.
https://github.com/containers/toolbox/pull/668
Fedora's /etc/bashrc sets the PROMPT_COMMAND environment variable to
__vte_prompt_command when running inside a VteTerminal. This becomes a
problem if the __vte_prompt_command shell function is missing because
/etc/profile.d/vte.sh itself is absent [1], which is the case with the
Red Hat Universal Base Image.
This tricks the code in /etc/bashrc into not doing that.
[1] https://pagure.io/setup/pull-request/23https://github.com/containers/toolbox/pull/667
This is meant to allow the user to create toolbox containers of
operating system distributions that are different from that of the
host and isn't Fedora.
https://github.com/containers/toolbox/pull/667
This shouldn't have any user-visible effect. However, it parametrizes
various code paths that were currently hard-coded to represent Fedora.
Subsequent commits will build upon this to support toolbox containers
of operating system distributions that aren't Fedora.
A map of supported operating system distributions has been introduced
that lists out the necessary bits of metadata needed to work with them.
In the future, it should just be a matter of adding new entries to this
map to add support for distributions that aren't Fedora.
https://github.com/containers/toolbox/pull/667
A subsequent commit will add support for toolbox containers of
operating system distributions that aren't Fedora. That will require a
similar function that resolves a short image name to a fully qualified
one, but by iterating through a list of supported images instead of
using the image's RepoTags.
https://github.com/containers/toolbox/pull/667
The same image ID can be referred to by multiple names. It's common
that one of the names uses the 'latest' tag, while another uses a
specific version number. It's better to resolve a short image name to
one with a specific version number, because the meaning of the tag is
clear and won't change with time.
https://github.com/containers/toolbox/pull/666
The com.github.debarshiray.toolbox label was introduced in commit
0ab6eb7401 to replace the com.redhat.component label for
filtering toolbox containers and images. This happened right before
the release of Fedora 30, which hasn't been supported for a while [1].
Therefore, it's time to stop using the old label.
It's also time to start using the newer com.github.containers.toolbox
label that was introduced in commit de5e5df9b7 to reflect the
project's new home under the Containers organization on GitHub.
[1] https://fedoraproject.org/wiki/Releases/30/Schedulehttps://github.com/containers/toolbox/pull/665
The --candidate-registry is a lesser known option only supported by
the POSIX shell implementation. The Go never implementation never
offered it, and nobody has felt its absence so far. So, it's safe to
assume that there's no urgent need to port it to Go, and it's better to
not confuse users by mentioning it.
https://github.com/containers/toolbox/pull/662
The USER environment variable is set in different ways on different
operating system distributions. It's usually set when logging into a
new user session, but thereafter it may or may not get propagated into
new instances of a shell depending on how it's getting set. eg.,
Fedora sets USER in /etc/profile, but Ubuntu doesn't. This means that
shells running on a Fedora host and a Fedora toolbox container will
automatically have the USER environment variable set. However, it's
only available on Ubuntu hosts, but not on Ubuntu toolbox containers.
Passing the USER environment variable to the container, if it's set on
the host, will avoid such inconsistencies in the environment.
https://github.com/containers/toolbox/pull/609
It's not mandatory to have a /etc/localtime. If it's absent then it
means that the UTC timezone is being used. One such example of an
operating system is Fedora CoreOS.
Fallout from b9a0bd5f0chttps://github.com/containers/toolbox/pull/656
In some environments, 'go build' uses the basename of the path passed
to the -o option for the final binary name instead of using the
project's name. eg., in Fedora's build system the binary will be called
src/src, not src/toolbox.
https://github.com/containers/toolbox/pull/584
regexp.MatchString() only returns an error if the pattern can't be
parsed. In this case, the pattern is a constant string literal, so
unless there's a programming mistake, the pattern should always be
parsable and there should never be an error.
What really needs to be checked is whether the 'containerName' matched
the pattern or not. That's indicated by the bool return value
'matched'.
https://github.com/containers/toolbox/pull/639
Most tools (e.g. git, podman, skopeo, buildah, coreutils, etc.) do not
put periods at the end of descriptions of flags. Let's not deviate :).
https://github.com/containers/toolbox/pull/636
The Ansible playbooks are small enough as they are. Splitting things
across too many files makes it harder to remember which file does what.
https://github.com/containers/toolbox/pull/653
This will let GNOME Terminal handle toolbox(1) running as root, by not
trying to preserve the current toolbox container if it's running as
root. This is similar to how terminals don't preserve the current
working directory for interactive shells running as root.
This needs a VTE that supports the UID parameter in the OSC 777 escape
sequence, as given below:
OSC 777 ; container ; push ; NAME ; RUNTIME ; UID BEL
OSC 777 ; container ; push ; NAME ; RUNTIME ; UID ST
OSC 777 ; container ; pop ; NAME ; RUNTIME ; UID BEL
OSC 777 ; container ; pop ; NAME ; RUNTIME ; UID ST
https://github.com/containers/toolbox/pull/649
The system tests for Fedora 33 were failing:
not ok 21 Remove all images (2 should be present; --force should not
be necessary)
# (from function `is' in file test/system/helpers.bash, line 287,
# in test file test/system/302-rmi.bats, line 7)
# `is "$output" "" "The output should be empty"' failed
# $ /usr/local/bin/toolbox rmi --all
# Error: image
3ac100502d2123aff1cf6314760c7a89c55108b8de6ea3c10ddc79a1479f0fca
has dependent children
# Error: image
4a6adf1f2a96adf5ea0c02b61f9fa574306f77fc522f39c2ce6bb164daead882
has dependent children
# #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
# #| FAIL: The output should be empty
# #| expected: '[no output]'
# #| actual: 'Error: image
3ac100502d2123aff1cf6314760c7a89c55108b8de6ea3c10ddc79a1479f0fca
has dependent children'
# #| > 'Error: image
4a6adf1f2a96adf5ea0c02b61f9fa574306f77fc522f39c2ce6bb164daead882
has dependent children'
# #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Fallout from ff4e4905dahttps://github.com/containers/toolbox/pull/642
All the fields defined in /usr/lib/os-release were being injected into
the shell as environment variables. This is unintentional. Some of the
variables have relatively generic names, and having them in the
environment can lead to unexpected surprises.
Fallout from c6e37cdef3https://github.com/containers/toolbox/pull/623
The nss-mdns plugin for the GNU Name Service Switch (or NSS)
functionality of the GNU C Library is necessary to resolve the .local
mDNS domain. The plugin talks to the Avahi daemon running on the host
to resolve the names.
https://github.com/containers/toolbox/issues/209
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
One of the biggest advantages of running as root is the ability to have
all the UIDs from the host operating system mapped into the container
by using the host's user namespace.
This can be a big help when faced with permission problems.
https://github.com/containers/toolbox/issues/267
This is one more step towards enabling toolbox(1) to be run as root.
When invoked as 'sudo toolbox' there's no XDG_RUNTIME_DIR available for
the root user. Neither the environment variable nor the directory are
present.
XDG_RUNTIME_DIR is used for two reasons. First, to place the 'lock'
file to synchronize Podman migrations and the initialization stamp
file to synchronize the container's entry point with the user-facing
'enter' command running on the host. Second, it's used to propagate
things like the user D-Bus, Pipewire and Wayland sockets.
The first use-case is important for toolbox(1) itself to work. When
running as root, XDG_RUNTIME_DIR is replaced with /run/toolbox for this
purpose.
The second use-case is mostly ignored because sudo(8) doesn't create
a full-fledged user session. Graphical applications can still work by
connecting to a X11 server over the local abstract socket or the file
system socket in /tmp/.X11-unix.
https://github.com/containers/toolbox/issues/267
Currently, XDG_RUNTIME_DIR only gets propagated into the toolbox
container from the host during 'enter'. This means that the
container's entry point doesn't know about it. So, there's code in
'init-container' that sets XDG_RUNTIME_DIR to /run/user/UID.
However, this assumption might not always hold true for all host
operating systems. Given that XDG_RUNTIME_DIR plays a crucial role in
synchronizing the container's entry point with the user-facing 'enter'
command running on the host, it's wise to try a bit harder to
propagate the value of XDG_RUNTIME_DIR into the container.
Note that it can still go wrong if the value of XDG_RUNTIME_DIR
changes after the container was created because the entry point will
still have the old value. Fortunately, this isn't something that
happens too often under normal operation.
The value of XDG_RUNTIME_DIR is still propagated during 'enter' to
retain compatibility with existing toolbox containers.
https://github.com/containers/toolbox/issues/267
... by running updatedb(8) on start-up and then at 24 hour intervals
from there on.
This isn't as nice as using a systemd.timer(5) because the current
timer goes away when the toolbox container is stopped and is rearmed
when it's started. Therefore, repeatedly restarting a container will
also run updatedb(8) again and again.
Fortunately, this isn't so bad with updatedb(5) implementations that
are able to incrementally update the database [1], which is what Fedora
uses.
The 24 hour interval was chosen based on the systemd.timer(5) settings
used by Fedora's mlocate RPM.
[1] https://pagure.io/mlocatehttps://github.com/containers/toolbox/issues/391