Commit graph

903 commits

Author SHA1 Message Date
Debarshi Ray
411147988b cmd, test/system: Make the behaviour of 'toolbox' conditional
Commit 6c86cabbe5 changed the command line interface to behave
a lot similar to that of github.com/coreos/toolbox, which makes things
easier for those switching over from it. Make it conditional so that
only those OS distributors who truly need it may enable it, and
restore the previous behaviour as the default.

The tests were updated to test the default behaviour that the vast
majority of users would be seeing. Ideally, the test suite would be run
twice with the migration path turned off and on. However, that would
require a more intrusive surgery of the test suite and likely make it
slower. It might not be worth the hassle because of the small number
of users who should be using the migration path.

Note that the copyright and license notices really must use C++-style
// line comments, because build constraints can only be preceded by
blank lines and other line comments. C-style /* */ block comments can't
precede the build constraints.

This reverts commit ca899c8a56 and parts
of commit 3aeb7cf288.

[1] go help buildconstraint
    https://pkg.go.dev/cmd/go#hdr-Build_constraints

https://github.com/containers/toolbox/pull/951
2021-12-10 01:33:24 +01:00
Debarshi Ray
063bdf965f cmd/utils: Split out the code to list the common commands
This will be used by the subsequent commit to highlight some of the
more common commands that new user is likely to be interested in, when
none has been specified.

https://github.com/containers/toolbox/pull/951
2021-12-10 00:57:36 +01:00
Debarshi Ray
04426a04e5 build: Add an option for the migration path for coreos/toolbox users
Commit 6c86cabbe5 changed the command line interface to behave
a lot similar to that of github.com/coreos/toolbox, which makes things
easier for those switching over from it.

However, it makes things confusing for the vast majority of users who
have never used coreos/toolbox. The Toolbox CLI aims to be friendly to
new users by being self-documenting and offering a smooth onboarding
experience. It's jarring to new users when 'toolbox', without any
commands specified, suggests that it needs to perform a big download.

It's difficult to document two different sets of CLIs, and if the
manuals don't mention the second behaviour, then it just leaves the
users even more confused.

Hence, it will be good to keep the migration path for coreos/toolbox
behind a build-time option, so that only those OS distributors who
truly need it may enable it without impacting others. Fortunately,
coreos/toolbox doesn't have any manuals, which means that there's no
need to conditionalize the documentation.

This commit merely adds the build-time option. Subsequent commits will
use this to actually conditionalize the code.

https://github.com/containers/toolbox/pull/951
2021-12-10 00:35:13 +01:00
Debarshi Ray
d27cfb4586 build: Style fixes
https://github.com/containers/toolbox/pull/951
2021-12-10 00:34:21 +01:00
Debarshi Ray
8dd7ee47c5 build: Drop the use of patchelf(1)
Some downstream distributors like RHEL don't have patchelf(1). Relying
on patchelf(1) during the build will make it difficult for such
downstreams to distribute Toolbox.

Fortunately, the path of the dynamic linker (ie., PT_INTERP) is
hardcoded in the ABI specification of each architecture [1]. This means
that Toolbox's build system can keep it's own architecture to dynamic
linker mapping, and specify it during the build through the GNU ld
linker's --dynamic-linker flag, as opposed to using a tool like
patchelf(1) to change the path of the dynamic linker in the built
binary to the one inside /run/host. Currently, the list of
architectures covers the ones that Fedora builds for.

[1] https://sourceware.org/glibc/wiki/ABIList

https://github.com/containers/toolbox/pull/942
2021-12-09 13:16:27 +01:00
Debarshi Ray
e28a306a7f build: Bump minimum Meson version to 0.56.0
The subsequent commit will further bump the minimum Meson version to
0.58.0. This will make it easier to read.

https://github.com/containers/toolbox/pull/942
2021-12-08 18:01:35 +01:00
Debarshi Ray
677dda64f3 README.md: Link to the website instead of the code repository
Now that there's a website at https://containertoolbx.org/ it makes
more sense to link to it instead of linking back to the same location
where the README.md resides.
2021-12-08 17:19:47 +01:00
Debarshi Ray
f0dfb8f3c1 README.md: Shorten it by linking to the website wherever possible
https://github.com/containers/toolbox/pull/949
2021-12-08 16:16:18 +01:00
Ondřej Míchal
582c999ecd cmd/create: Drop redundant label when creating a container
The Toolbox repository was moved to the 'containers' organization some
time ago already[0]. Containers marked with the label:

  com.github.debarshiray.toolbox=true

will remain supported but new containers will not be created with it.

https://github.com/containers/toolbox/pull/510

[0] de5e5df9b7
2021-12-06 19:37:58 +02:00
Ondřej Míchal
ae43560d45 test/system: Test startup on Rawhide with supported versions
We need to know if the latest changes in the libc (that is dynamically
linked to the binary) causes problems in containers based on older
releases of Fedora.

The estimate of the version numbers is very crude and does not follow
the upstream schedule. That should not be a problem, though.

A part of an existing test has been reused and made into a helper
function to implement this.

This increases the run time of the test suite on Rawhide which already
takes longer than the same test suite on released versions of Fedora.
Make up for it by increasing the timeout by 2 minutes.

https://github.com/containers/toolbox/pull/899
2021-12-04 17:37:40 +02:00
Ondřej Míchal
ae8bd1a9c9 test/system: Properly bail-out if failed to cache images
The 'die' function is a remnant from times before the system tests
rewrite. It served for writing an error message and then failing
the test. Since the rewrite it is no longer present. Instead, simply
use 'false' in case a caching step fails.

Fallout from da6b6a7c5a6e5e284e6642c29159a872ceec94e2

https://github.com/containers/toolbox/pull/899
2021-12-04 17:37:40 +02:00
Ondřej Míchal
b14d623f21 CONTRIBUTING: Update content
GitHub generates a table of content[0] for markdown documents using the
headings so there's no need to maintain it manually anymore.

There is a new Matrix chat room[1] for getting in touch with the Toolbx
developers. Advertise it instead of the alternatives.

We have new gifs from jimmac, let's use them!

https://github.com/containers/toolbox/pull/939

[0] https://github.blog/changelog/2021-04-13-table-of-contents-support-in-markdown-files
[1] https://matrix.to/#/#toolbx:matrix.org
2021-12-03 18:09:41 +02:00
Ondřej Míchal
6e47e1f4f7 CONTRIBUTING: Fix typos
https://github.com/containers/toolbox/pull/939
2021-12-03 18:09:41 +02:00
Colin Walters
186affcf47 cmd/initContainer: Include execution error in message
This will pair with a future change to `shell.Run()` so that we capture
the child process stderr.

But actually this change on its own is enough since `shell.Run()`
provides an error message when the invoked command was not found or when
some other unknown error has happened.

Before:
  Error: failed to remove password for user walters`
After:
  Error: failed to remove password for user walters: passwd(1) not found`

which helps immediately pinpoint the problem.

I didn't try to go through and change *all* the `shell.Run()`
invocations, but if accepted I may do it (or someone else can).

https://github.com/containers/toolbox/pull/945
2021-12-03 18:01:26 +02:00
Colin Walters
d0104d227e pkg/shell: Simplify code flow
We only need to check against `err != nil` once, not twice.

https://github.com/containers/toolbox/pull/943
2021-12-03 17:32:40 +02:00
Timothée Ravier
fd6510c940 images: Make locate(1) opt-in by default
Currently, the entry point of a Toolbox container runs updatedb(8) on
start-up, which can be very I/O intensive. This might be a hindrance
when troubleshooting performance problems on a host, or when
re-creating containers somewhat more frequently.

Users can install the mlocate RPM and restart their containers to
enable locate(1).

Only the images for currently maintained Fedoras (ie., 34, 35 and 36)
were updated.

https://github.com/containers/toolbox/pull/938
2021-12-01 16:21:42 +01:00
Debarshi Ray
2d56a8a084 README.md: Say Containerfile, not Dockerfile
Fallout from 66c49e0926

https://github.com/containers/toolbox/pull/940
2021-12-01 01:08:56 +01:00
Debarshi Ray
72cccca59f README.md: Update image requirements
https://github.com/containers/toolbox/issues/885
2021-12-01 01:08:56 +01:00
Debarshi Ray
cfffb72fb0 images: Remove misleading and redundant CMD
There's no need to specify a CMD in a Toolbox image because it's
specified by 'toolbox create', through 'podman create', when creating a
container.

A CMD was specified [1] because the Fedora Container Guidelines
requires it [2]. The idea behind the guidelines is that the right
thing should happen when one runs:
  $ podman run <image>

However, that only makes sense for images targeting single service
containers. Toolbox containers and images are different - they are not
meant to be used like that to run a single one-off service.

Conceptually, 'running' a Toolbox container is expected to provide the
user with a reasonable interactive command line experience. Arguably,
that means offering something like /bin/bash, not /bin/sh.

Also, note that when the CMD was introduced [1], Toolbox containers
were actually created, through 'podman create', with /bin/sh as their
entry points. So, it did make some sense. However, things have changed
since then [3]. The entry point is now 'toolbox init-container'. It's
not possible to mention it in the Toolbox image because the
/usr/bin/toolbox binary isn't present in the image, and it's not meant
to be present.

Therefore, today, /bin/sh is simply not the right fit for a Toolbox
image's CMD. A better option would be /bin/bash.

Note that the fedora base images have their CMD set to /bin/bash, which
is inherited by the fedora-toolbox images.

So, there are two options. Either repeat the same CMD in the
fedora-toolbox images and satisfy the guidelines, or take some
liberties and let the CMD be inherited from the fedora base images.

This commit takes the latter option. People tend to use the
fedora-toolbox images as the starting point for other custom Toolbox
images, sometimes for other operating system distributions. It's
better to keep them minimal to avoid implying extra requirements. In
this case, the CMD is an abstract concept, and the actual entry point
is 'toolbox init-container' as specified by 'toolbox create'.
Specifying /bin/bash might discourage people from creating custom
images that are only meant to have /bin/zsh.

Also, note that the current CMD was actually '/bin/sh -c /bin/sh', not
/bin/sh. Unless a CMD is specified as an array of command line
arguments, it's passed as a single argument to '/bin/sh -c' [4]. So,
this:
  CMD foo bar

... is the same as:
  CMD [ "/bin/sh", "-c", "foo bar" ]

Only the images for currently maintained Fedoras (ie., 34 and 35) were
updated.

This reverts commit 5cc2678a36.

[1] Commit 5cc2678a36

[2] https://docs.fedoraproject.org/en-US/containers/guidelines/creation/

[3] Commit 8b84b5e460
    https://github.com/containers/toolbox/pull/160

[4] https://docs.docker.com/engine/reference/builder/#cmd

https://github.com/containers/toolbox/issues/885
2021-12-01 01:08:56 +01:00
Ondřej Míchal
fb565af0a0 test/system: Add function for setting up environment
Instead of typing out two function names to set up the test environment,
type out only one. We never know if a new set up function will show up.

https://github.com/containers/toolbox/pull/818
2021-12-01 01:09:34 +02:00
Oliver Gutierrez
7a5f3ba2e2 test/system: Make tests non-destructive
This allows to run the test suite without having to worry about blasting
the whole local state of Podman.

This is done by creating a configuration file with a custom path for the
storage of Podman and specifying the config file using an env var.

The used location for the temporary storage is located either under
XDG_CACHE_HOME and if the one is not defined, $HOME/.cache is used
instead. The data are namespaced. This follows the XDG Base Directory
Specification[0]. Other locations could be /tmp or /run but those
locations usually use tmpfs and that filesystem can not be used by
Podman[1] due to missing features in tmpfs.

https://github.com/containers/toolbox/pull/818

[0] https://specifications.freedesktop.org/basedir-spec/latest/index.html
[1] https://github.com/containers/podman/issues/10693#issuecomment-863007516
2021-12-01 01:09:34 +02:00
Jens Petersen
8a329752e0 .zuul: pump the current fedora releases to 34 & 35
F33 will EOL at the end of this month (Nov 2021)

https://github.com/containers/toolbox/pull/927
2021-12-01 01:01:40 +02:00
Debarshi Ray
61efad34bc profile.d: Fix the PS1 on Z shell
Currently, on Fedora, a nested instance of Z shell inside a Toolbox
container renders the PS1 like this:
\[\]⬢\[\][\u@\h \W]\$

Notice that Z shell doesn't like that the terminal escape sequences
for the foreground colour are wrapped in '\[' and '\]' [1], and doesn't
understand the special characters like '\u' and '\h'.

This is fixed by making the PS1 specific to the shell. The prompt for
Z shell is based on the default prompt used on Fedora, just like the
one for Bash.

Note that this only affects nested instances of Z shell because of the
way the start-up scripts for Z shell are written on Fedora. Toolbox
invokes top-level shell as a login shell, and for those the PS1 set by
profile.d/toolbox.sh is overwritten by the operating system's default
in /etc/zshrc. See:
https://bugzilla.redhat.com/show_bug.cgi?id=2026749

[1] Commit bc1a816ea3
    https://github.com/debarshiray/toolbox/issues/190

https://github.com/containers/toolbox/pull/936
2021-11-25 19:04:20 +01:00
Debarshi Ray
95dbb5ed49 profile.d: Avoid warnings for undefined variables with 'set -u'
See:
https://gitlab.gnome.org/GNOME/vte/-/issues/285
https://gitlab.gnome.org/GNOME/vte/-/commit/e148105691926cbd

https://github.com/containers/toolbox/pull/936
2021-11-25 18:10:43 +01:00
Debarshi Ray
5c51809a35 README.md: Remove stale comment
Fallout from abb2ac6fd4

https://github.com/containers/toolbox/pull/934
2021-11-23 16:16:14 +01:00
Debarshi Ray
80bed47919 README.md: Update image requirements
All these tools were only used by the POSIX shell implementation. The
Go implementation never used them.

Note that the test suite still invokes id(1) inside a container.
However, it's not a user-visible requirement, and hence is not a hard
requirement for Toolbox images.

https://github.com/containers/toolbox/pull/934
2021-11-23 16:16:10 +01:00
Debarshi Ray
bcb80cf7c6 README.md: Don't require unlink(1) in images
Fallout from 0cf3c99377

https://github.com/containers/toolbox/pull/934
2021-11-23 16:16:06 +01:00
Debarshi Ray
036a33882f README.md: Require mount(8) in images
Fallout from 819bb46aaa

https://github.com/containers/toolbox/issues/929
2021-11-23 15:52:44 +01:00
Austin C. Minor
2e4e5bc2a8 README.md: Require capsh(1) in images
https://github.com/containers/toolbox/pull/930
2021-11-23 15:43:14 +01:00
Debarshi Ray
8071bb5cb8 images: Add fedora-toolbox image definition for Fedora 36
https://github.com/containers/toolbox/pull/931
2021-11-19 03:27:45 +01:00
Debarshi Ray
df05e276b2 images: Avoid losing mount(8) by accident
The util-linux package was added to ensure the presence of the mount(8)
command. Currently the package is already pulled in by various
dependencies. Therefore, it doesn't increase the size of the image, but
serves as a safeguard against any inadvertent changes.

Note that starting from Fedora 35 onwards, the fedora base images no
longer have mount(8), which increases the importance of this change.

Only the images for currently maintained Fedoras (ie., 34 and 35) were
updated.

https://github.com/containers/toolbox/issues/929
2021-11-19 02:46:34 +01:00
Debarshi Ray
5dbcd377c6 images: Ensure that coreutils-single is replaced by coreutils-full
It's true that the fedora base images no longer come with
coreutils-single, but they used to, and the ubi base images still do.
Therefore, it's worth being extra defensive about this.

It's better to make the build system execute one extra redundant
command than expose users to a bug because of a change that snuck in
unnoticed.

Only the images for currently maintained Fedoras (ie., 34 and 35) were
updated.

This reverts commit 033ed71ec1.

https://github.com/containers/toolbox/pull/931
2021-11-19 02:46:30 +01:00
Debarshi Ray
7542f5fc86 cmd/initContainer: Avoid RPM failures due to unexpected file owners
When running rootless, files and directories bind mounted from the
host operating system can have their ownership listed as
nobody:nobody. This is because the UIDs and GIDs that actually own
those locations are not available inside the container.

Some distribution packages are particular about the file ownerships of
some of these locations. eg., Fedora's filesystem, flatpak and
libvirt-libs RPMs. Encountering nobody:nobody as the owner can fail
package management transactions involving such packages leading to
unforeseen consequences.

Therefore, configure RPM to leave these locations alone.

https://github.com/containers/toolbox/pull/640
2021-11-17 02:55:09 +01:00
Debarshi Ray
55f944c1e7 cmd/utils: Add copyright and license notices
https://github.com/containers/toolbox/pull/924
2021-11-16 10:29:37 +02:00
Debarshi Ray
c8aaed52c5 build: Don't assume that libc.so is always in /usr/lib or /usr/lib64
The location for public shared libraries can change from one operating
system distribution to another. eg., while Fedora uses /usr/lib and
/usr/lib64, depending on the hardware architecture, Debian uses paths
like /usr/lib/x86_64-linux-gnu. Therefore, it's best not to assume
anything and ask the toolchain.

https://github.com/containers/toolbox/pull/923
2021-11-13 03:18:36 +01:00
Jakub Steiner
b80ffecd3d README.md, data: Replace outdated logos with pixels
https://github.com/containers/toolbox/issues/920
2021-11-13 02:17:21 +01:00
Debarshi Ray
c9fc47adfd cmd/utils: Style fixes
https://github.com/containers/toolbox/pull/922
2021-11-13 01:21:56 +01:00
Debarshi Ray
01863d8fe0 test/system: Use 'command -v' to detect the presence of man(1)
'command -v' is more obvious when reading and is POSIX compatible [1].
While 'hash' also gets the job done, it's more of a caching mechanism.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html

https://github.com/containers/toolbox/pull/922
2021-11-13 01:21:52 +01:00
kuba3351
3641a0032f profile.d: Show welcome message on Fedora Kinoite
SC3059 shellcheck rule could be disabled,
because we reqiure bash or zsh to run the welcome script,
so case modification will work.

https://github.com/containers/toolbox/pull/881
2021-11-08 18:06:05 +02:00
Anthony Rabbito
a9cc052efe src: mount pcsd inside toolbox container
https://github.com/containers/toolbox/pull/907

Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
2021-11-08 10:33:50 +02:00
Ondřej Míchal
07afff0c30 test/system: Adjust help test to work only with man present
Unlike the following test this one tests using the content of the
toolbox(1) manual page in man. man has to be present in PATH for this
test to be relevant.

Also, this changes the text used to test the output. The current text
can be found in the added short help message and that causes the test
to pass even though it should not. Instead, look for the text in the
"header" of the manual page.

https://github.com/containers/toolbox/pull/837
2021-11-08 01:44:15 +02:00
Oliver Gutierrez
40fc1689a3 utils, help: Show basic help when "man" command is not available.
Fedora CoreOS systems do not have the man command installed. Running
toolbox --help on such a system results in a "man(1) not found" error.

As a compromise for systems without man, we added a simple help text
showing the most commonly used toolbox commands and an URL that direct
users to the Toolbox website where they can find the manuals in Markdown
format.

Fixes #713

https://github.com/containers/toolbox/pull/837
2021-11-08 01:44:15 +02:00
Ondřej Míchal
be4d3974ef pkg/utils: Move CLI utility functions to cmd
pkg/utils has been in Go Toolbox since its birth. Along the way it
accumulated a number of functions where a few of them are purely CLI
related. Since the majority of functions in the package are related to
some "deeper" functionality in Toolbox, it makes more sense to move the
selected few to package cmd. This will make pkg/utils a bit leaner and
create a dedicated space for cmd utility functions to live in.

In the process the error creation functions no longer require the
executableBase argument to be passed to them.

https://github.com/containers/toolbox/pull/819
2021-11-07 23:18:46 +02:00
Ondřej Míchal
3aeb7cf288 test/system: Add test placeholders for entering containers
These tests need to be implemented in the future but they require some
magic with socat or similar tools as entering a container is creating
a new subshell and that is hard to monitor from a bash script. Better
not to forget then.

https://github.com/containers/toolbox/pull/915
2021-11-07 17:06:53 +02:00
Ondřej Míchal
ca899c8a56 test/system: Add tests for failures for 'root'
https://github.com/containers/toolbox/pull/915
2021-11-07 17:06:53 +02:00
Ondřej Míchal
a7e7e0ac2b test/system: Add tests for failures for 'enter'
https://github.com/containers/toolbox/pull/915
2021-11-07 17:06:53 +02:00
Ondřej Míchal
fc336bd8b0 test/system: Add tests for failures for 'run'
https://github.com/containers/toolbox/pull/915
2021-11-07 17:06:53 +02:00
Ondřej Míchal
02a831466e cmd/enter: Don't use double negation
Double negation is hard to wrap your head around.

https://github.com/containers/toolbox/pull/913
2021-11-07 13:43:27 +02:00
Ron
4d9849c386 Update README.md
Added patchelf under dependencies
2021-11-03 11:21:45 +02:00
Debarshi Ray
112f281fc4 build: Restore backwards compatibility with existing containers
The path of the dynamic linker (ie., PT_INTERP), as specified in an
architecture's ABI, often starts with /lib or /lib64, not /usr/lib or
/usr/lib64. eg., it's /lib/ld-linux-aarch64.so.1 for aarch64 and
/lib64/ld-linux-x86-64.so.2 for x86_64.

Unfortunately, until very recently [1], only the host's /usr was
present inside a toolbox container's /run/host, not /lib or /lib64.
Therefore, simply prepending /run/host to the /usr/bin/toolbox
binary's existing PT_INTERP entry wouldn't locate the host's dynamic
linker inside the toolbox container. This broke backwards compatibility
with every container out there, except the ones created with the
current development version in Git.

To restore backwards compatibility, the /lib and /lib64 symbolic links
must be resolved to their respective locations inside /usr.

The following caveats must be noted:

  * With glibc, even the basename of the path of the dynamic linker as
    specified in an architecture's ABI, is a symbolic link to a file
    named ld-<glibc-version>.so. However, this file can't be used as
    the PT_INTERP entry, because its name will change when glibc is
    updated and the PT_INTERP entry will become invalid until the
    /usr/bin/toolbox binary is rebuilt.

  * On Debian, a path like /lib64/ld-linux-x86-64.so.2 doesn't resolve
    to something inside /usr/lib64. Instead it ends up inside
    /usr/lib/x86_64-linux-gnu through a series of symbolic links:
      - /lib64 -> usr/lib64
      - /usr/lib64/ld-linux-x86-64.so.2
          -> /lib/x86_64-linux-gnu/ld-2.28.so
      - /lib -> usr/lib

  * It's assumed that a symbolic link with the basename specified in
    the ABI lives in the same directory as the actual dynamic linker
    binary named ld-<glibc-version>.so.

Fallout from 6063eb27b9

[1] Commit d03a5fee80
    https://github.com/containers/toolbox/pull/827

https://github.com/containers/toolbox/issues/821
2021-10-25 15:44:51 +02:00