Commit graph

581 commits

Author SHA1 Message Date
Debarshi Ray
a5f00c0d26 Prepare 0.0.8 2019-04-12 16:44:16 +02:00
Toni Schmidbauer
08d1caf3c1 Add short variants for various options in 'create' and 'enter'
https://github.com/debarshiray/toolbox/pull/75
2019-04-12 16:22:42 +02:00
Debarshi Ray
be3530fe9c Ensure that names of toolbox containers don't have a colon
Unlike OCI images, OCI containers can't be tagged and their names
can't have colons in them [1]. Therefore, from now on the version
suffix will be separated by a hyphen.

For backwards compatibility, 'toolbox enter' will continue to work with
containers using the old naming scheme.

Silence a SC2030 [2] because falling back to toolbox_container_old is
only relevant for the enter() function, and silence a spurious
SC2031 [3].

[1] Podman commit 449b8ab7b14fcc0d
    https://github.com/containers/libpod/pull/2793
[2] https://github.com/koalaman/shellcheck/wiki/SC2030
[3] https://github.com/koalaman/shellcheck/wiki/SC2031

https://github.com/debarshiray/toolbox/issues/106
2019-04-12 15:52:36 +02:00
Debarshi Ray
0b0c1e3a2c Always use a tag for the user-specific customized image
A subsequent commit will generate the name of the toolbox container
from that of the user-specific customize image, instead of just using
the same exact string. This is necessary because, unlike OCI images,
names of OCI containers can't have a colon in them [1]. Knowing that
the user-specific customized image always has a tag will make things
simpler.

Buildah and Podman are going to use 'latest' as the placeholder when no
tag is specified, and this what is explicitly mentioned when the base
toolbox image is referred to by its non-human-readable ID.

Fallout from 56c3cfc27c

[1] Podman commit 449b8ab7b14fcc0d
    https://github.com/containers/libpod/pull/2793

https://github.com/debarshiray/toolbox/issues/106
2019-04-12 14:55:36 +02:00
Debarshi Ray
4575c862cd Tweak a user-visible string to say "container", not "toolbox container"
... because that's what's used elsewhere.
2019-04-12 13:40:02 +02:00
Debarshi Ray
3afb2bc4c7 Suggest a way forward if no command has been specified
Instead of overwhelming the user with the entire reference
documentation, highlight some of the more common commands that a new
user is likely to be interested in. This is concise enough to not annoy
seasoned users who might have just committed a typo.

This should smoothen the onboarding experience by making the commands
self-documenting.

https://github.com/debarshiray/toolbox/issues/59
2019-04-11 16:26:44 +02:00
Debarshi Ray
adb8e03d26 Mention the name of the created toolbox container and how to enter it
This should smoothen the onboarding experience by making the commands
self-documenting.

https://github.com/debarshiray/toolbox/issues/59
2019-04-11 16:10:26 +02:00
Debarshi Ray
5f1716b28b Simplify code
Fallout from 1e0564d66c
2019-04-11 16:10:22 +02:00
Debarshi Ray
0b06e51273 Fix typo
Fallout from 7acc9936cf
2019-04-11 15:27:39 +02:00
Tomas Popela
9316d0f284 Include images tagged with c.gh.debarshiray.toolbox in 'rmi'
When '--all' is applied then first query the images with an old label,
then with the new label, combine them and process them.

When the exact image name is specified, then we need to check
whether the image has the new or old label and only then remove it.

https://github.com/debarshiray/toolbox/pull/101
2019-04-11 15:05:58 +02:00
Tomas Popela
a2a1836773 Include containers tagged with c.gh.debarshiray.toolbox in 'rm'
When '--all' is applied then first query the containers with an old label,
then with the new label, combine them and process them.

When the exact container name is specified, then we need to check
whether the container has the new or old label and only then remove it.

https://github.com/debarshiray/toolbox/pull/101
2019-04-11 14:50:18 +02:00
Debarshi Ray
248e218183 Fix typo
Fallout from ea5558cab0
2019-04-11 14:50:12 +02:00
Tomas Popela
ea5558cab0 Include containers tagged with c.gh.debarshiray.toolbox in 'list'
First we need to get the containers with an old label and then with the
new label. We have to change the format of the query to only include the
name of the containers and not the other informations like 'created' as
they could make a problem when removing the duplicates with uniq. When
we have the final list of containers we pass them to
containers_get_details() where we obtain the final details for them.

https://github.com/debarshiray/toolbox/pull/101
2019-04-11 13:28:06 +02:00
Owen W. Taylor
92cc1a15d6 Use a lighter entry point than /bin/sh
Now that toolbox containers no longer use a separate PID namespace [1],
the entry point specified in 'podman create ...' doesn't act as PID 1
inside the toolbox container. It's just a process that's spawned by
'podman start' to denote the state of the container. This opens the
possibility of using something even more lightweight, such as
'sleep +Inf'.

sleep(1) takes 64 kB compared to the 432 kB taken by /bin/sh.

This wouldn't have been possible with a separate PID namespace. In that
case, the entry point would also become PID 1, and since the only
signals that can be sent to a PID 1 are those for which it has
explicitly installed handlers, this would cause various problems.

[1] Commit 67522f0ad7

https://github.com/debarshiray/toolbox/pull/108
2019-04-10 16:10:46 +02:00
Tomas Popela
d69300b072 Enable Travis
https://github.com/debarshiray/toolbox/pull/83
2019-04-10 15:18:06 +02:00
Debarshi Ray
d0cd536bc2 build: Add a test that runs shellcheck on the toolbox script
https://github.com/debarshiray/toolbox/pull/83
2019-04-10 15:18:06 +02:00
Tomas Popela
fdafbdf360 Silence SC2086
Otherwise https://www.shellcheck.net/ would complain:
  Line 678:
  $kcm_socket_bind \
  ^-- SC2086: Double quote to prevent globbing and word splitting.

See: https://github.com/koalaman/shellcheck/wiki/SC2086

These variables can't be double quoted. They contain command line
arguments and should expand as either null or separate argument
strings. Quoting them would cause them to expand as arguments that are
either the empty string (ie., "") or all the individual arguments would
get clubbed into a single argument (ie. "--env=COLORTERM=truecolor
--env=DBUS_SESSION_BUS_ADDRESS=...").

https://github.com/debarshiray/toolbox/pull/83
2019-04-10 15:17:54 +02:00
Debarshi Ray
b2f03ab8f0 README.md: Add the landscape variant of the logo as a banner
https://github.com/debarshiray/toolbox/pull/103
2019-04-04 16:47:07 +02:00
Jakub Steiner
d92a0826fc logo: Convert text to shapes
... to not rely on the Overpass font being present.

https://github.com/debarshiray/toolbox/pull/102
2019-04-04 16:19:52 +02:00
Jakub Steiner
1643c3ea6d data: Add logo
https://github.com/debarshiray/toolbox/issues/81
2019-04-04 15:31:32 +02:00
Tomas Popela
89dd3b5896 Silence SC2016
Otherwise https://www.shellcheck.net/ would complain:
  Line 754:
  capsh --caps="" -- -c 'cd "$1"; export PS1="$2"; shift 2; exec "$@"'
                        ^-- SC2016: Expressions don't expand in single
                          quotes, use double quotes for that.

See: https://github.com/koalaman/shellcheck/wiki/SC2016

The entire command string argument is meant to be passed as is,
without any variable expansion, to the shell started by capsh(1) inside
the toolbox container.

https://github.com/debarshiray/toolbox/pull/83
2019-03-29 15:02:42 +01:00
Debarshi Ray
4f2eeb091c Unbreak 'list' if there aren't any toolbox images for one of the tags
Even if one of the filters, either c.gh.debarshiray.toolbox or
c.rh.component, returns an empty list then the merged list of image
names would have an element that's an empty string. Some versions of
Podman (eg., 1.1.2) throw an error if an empty string is passed as the
image reference, while newer versions (eg., the snapshots leading to
1.2.0) will ignore the empty string and list all images. Therefore, in
the former case 'toolbox list' will error out; and in the latter case,
depending on whether only one of lists was empty or both, it will
either have duplicate entries or rightly return an empty output.

Fallout from 459763be82
2019-03-28 19:35:18 +01:00
Debarshi Ray
8127daa29e Add c.gh.debarshiray.toolbox to containers and images from 'create'
Commit 0ab6eb7401 introduced the com.github.debarshiray.toolbox
label as a better way to identify toolbox containers and images. It
might be necessary to support creating toolbox containers from base
toolbox images that are not appropriately labeled. eg., this would
allow users to use newer versions of the toolbox script with older base
images to debug problems that are only seen in those versions of the
images.

While no change has been made, yet, to either enforce the presence or
override the absence of the com.github.debarshiray.toolbox label it is
prudent [1] to ensure that artifacts produced by 'toolbox create' are
adequately labeled regardless of what labels the input base image had.

[1] https://en.wikipedia.org/wiki/Robustness_principle

https://github.com/debarshiray/toolbox/pull/91
2019-03-26 19:04:09 +01:00
Debarshi Ray
459763be82 Include images tagged with c.gh.debarshiray.toolbox in 'list'
Commit 0ab6eb7401 introduced the com.github.debarshiray.toolbox
label as a better way to identify toolbox containers and images. Images
having that label should be included in 'toolbox list'.

Since 'podman images' re-formats the creation time (ie., {{.Created}})
into a human-readable form (eg., 34 seconds ago), successive
'podman images' invocations might have slightly different strings for
the same image. This becomes a problem for images that have both the
com.github.debarshiray.toolbox and com.redhat.component tags. If they
have slightly different entries for the creation time, sort(1) and
uniq(1) won't consider them as the same entry.

Moreoever, specifying multiple filters will only match images that have
both tags, instead of images that have either one of them. This will
break compatibility with older images that didn't have the
com.github.debarshiray.toolbox label.

Therefore, the images are queried as two separate lists without the
creation time. The creation time is queried in a separate step once the
two separate lists of images have been merged into one. To ensure some
human-understandable ordering, the lists are merged based on the image
names, not the image IDs.

https://github.com/debarshiray/toolbox/pull/91
2019-03-26 19:04:04 +01:00
Tomas Popela
c85df80cbd Initialize the variable before assigning to it with eval
Otherwise https://www.shellcheck.net/ would complain:
  Line 288:
  echo "$base_toolbox_command: $variable=$value" >&3
                                         ^-- SC2154: value is
                                           referenced but not assigned.

See: https://github.com/koalaman/shellcheck/wiki/SC2154

https://github.com/debarshiray/toolbox/pull/83
2019-03-26 15:55:08 +01:00
Tomas Popela
0877e8ad30 Prevent read from mangling backslashes
Otherwise https://www.shellcheck.net/ would complain:
  Line 286:
  while read variable; do
        ^-- SC2162: read without -r will mangle backslashes.

See: https://github.com/koalaman/shellcheck/wiki/SC2162

Note that currently none of these cases were handling backslashes in
the input, but it's better to stick to standard practice than silencing
the warning.

https://github.com/debarshiray/toolbox/pull/83
2019-03-25 20:11:18 +01:00
Debarshi Ray
0ab6eb7401 images: Add label for tagging, not tied to the fedora-toolbox name
Currently the toolbox script identifies toolbox images and containers
by checking whether the com.redhat.component label matches
"fedora-toolbox". However, as per the Fedora Container Guidelines [1],
the com.redhat.com label should match the Red Hat Bugzilla component
name where bugs against the image should be reported. This means that
images derived from the base fedora-toolbox image would likely end up
overwriting it.

One option would've been to mandate that all toolbox images have the
"fedora-toolbox-" prefix in their names. However, it's better to avoid
putting limitations on how images can be named. The "fedora" name
wouldn't anyway work for images based on other distributions, and not
all images are going to use the Red Hat bugzilla for tracking bugs.

It's better to use a tag that's uniquely associated with the toolbox
project, and isn't tied to a particular distribution or bug tracker.

[1] https://fedoraproject.org/wiki/Container:Guidelines
2019-03-25 19:53:04 +01:00
Tomas Popela
668f7dcfa5 Fix the saving and restoring of the array of positional parameters
Otherwise https://www.shellcheck.net/ would complain:
  Line 21:
  arguments="$@"
            ^-- SC2124: Assigning an array to a string! Assign as
              array, or use * instead of @ to concatenate.

See: https://github.com/koalaman/shellcheck/wiki/SC2124

POSIX doesn't support arrays other than the one for positional
parameters (ie. "$@"); and "$@" is generally recommended for
forwarding the positional parameters, not $@ or "$*" or $* [1,2].

Therefore, the original contents of "$@" are saved in a scalar variable
after quoting them in a way that's resilient against spaces and
wildcards in the elements, and are later restored using 'set -- ...'
based on Rich's sh (POSIX shell) tricks:
http://www.etalabs.net/sh_tricks.html

Since the forward_to_host to function isn't passed any positional
parameters but still references "$@", because it uses 'set -- ...' to
restore the script's array of positional parameters, SC2119 [3] and
SC2120 [4] need to be silenced. Otherwise https://www.shellcheck.net/
would complain:
  Line 976:
  forward_to_host()
  ^-- SC2120: forward_to_host references arguments, but none are ever
    passed.

The --verbose debug output was restructured to silence SC2145 [5].
Otherwise https://www.shellcheck.net/ would complain:
  Line 986:
  echo "... to host: $0 $@" >&3
                        ^-- SC2145: Argument mixes string and array.
                          Use * or separate argument.

As a nice side-effect the new output highlights the importance of using
"$@" to forward the positional parameters instead of the other
alternatives.

Fallout from 5b3d234c9e

[1] https://unix.stackexchange.com/questions/41571/what-is-the-difference-between-and/94200
[2] https://unix.stackexchange.com/questions/129072/whats-the-difference-between-and
[3] https://github.com/koalaman/shellcheck/wiki/SC2119
[4] https://github.com/koalaman/shellcheck/wiki/SC2120
[5] https://github.com/koalaman/shellcheck/wiki/SC2145

https://github.com/debarshiray/toolbox/pull/83
2019-03-22 17:21:14 +01:00
Debarshi Ray
e54f9766e6 Reduce reliance on Buildah by switching to 'podman inspect ...'
Currently, the toolbox script depends on both the buildah and podman
commands. However, both are Go programs, and like all Go programs the
absense of shared libraries leads to bigger binaries. eg., the buildah
and podman binaries are approximately 22 MB and 37 MB respectively,
whereas the flatpak binary is a mere 1.4 MB. This isn't surprising
because both buildah and podman vendor in each other, so they are
almost, but not quite, clones of each other.

Due to this, there's some nascent desire from the Endless OS folks to
reduce the dependency footprint of the toolbox script by replacing
Buildah with the corresponding Podman commands. This is a step in that
direction.
2019-03-22 17:20:29 +01:00
Debarshi Ray
16f0b21ebc images: Reduce their sizes by removing temporary files created by DNF
For a locally built squashed fedora-toolbox:29 image [1], the size
reported by 'podman images' goes from 630 MB to 425 MB.

[1] Using: buildah bud --squash ...
2019-03-21 17:39:39 +01:00
Emiel Wiedijk
189f366dea Avoid a Bash-ism (ie. echo flags) and stick to POSIX (ie. printf)
Detected by https://www.shellcheck.net/.

Note that for coloured output the escape sequences need to be
interpreted as control characters and hence the variables containing
them need to be expanded inside the format string. This is an exception
to the general rule of thumb regarding printf [1] and hence SC2059
needs to be silenced. Otherwise https://www.shellcheck.net/ would
complain:
  Line 740:
  printf "${LBC}Images created by toolbox${NC}\n"
         ^-- SC2059: Don't use variables in the printf format string.
           Use printf "..%s.." "$foo".

Some changes by Debarshi Ray.

[1] https://github.com/koalaman/shellcheck/wiki/SC2059

https://github.com/debarshiray/toolbox/issues/53
2019-03-19 19:04:15 +01:00
Debarshi Ray
37d5459bfe Give access to Kerberos if KCM credential caches are being used
There's no easy way to introspect the Kerberos configuration from the
command line. eg., the credential cache type being used, or the value
of the socket_path setting that denotes which socket the KCM service
will listen on. Therefore, it's assumed that the former is KCM if the
socket's path can be parsed from the sssd-kcm.socket unit.

Given the immutable nature of Podman containers, the toolbox container
and its corresponding image will have to be re-created if the host OS
is sufficiently re-configured.

The krb5-libs package was added to the base toolbox images to ensure
the presence of the /etc/krb5.conf.d directory with the correct
permissions. Currently, the package is already pulled in by various
dependencies. Therefore, it doesn't increase the size of the base
image, but serves as a safeguard against any inadvertent changes.

https://github.com/debarshiray/toolbox/pull/74
2019-03-15 15:30:48 +01:00
Debarshi Ray
2b3989dd7f Prepare 0.0.7 2019-03-14 14:06:57 +01:00
Debarshi Ray
e71af911f2 doc/toolbox-rmi: Fix typo
Fallout from 7acc9936cf
2019-03-14 14:06:57 +01:00
Debarshi Ray
7d2b503b02 Give access to /dev/bus for control transfers from USB devices
This enables things like:
  $ colormgr get-sensor-reading lcd

https://github.com/debarshiray/toolbox/pull/79
2019-03-13 18:16:38 +01:00
Debarshi Ray
0c848abd18 Give access to removable devices and other temporary mounts
Currently, when udisks is configured to use /run/media instead of
/media, on most operating systems, the /run/media directory is created
by udisks itself when the first mount is handled [1]. This causes
problems when creating the toolbox container, if nothing has been
mounted after the current boot, because a missing directory cannot be
bind mounted.

Fedora Silverblue is a significant exception to the above, where
rpm-ostree takes care of creating /run/media with systemd-tmpfiles [2]
during boot.

The correct long-term solution is to get udisks to create /run/media
during boot with systemd-tmpfiles by installing a snippet in
tmpfiles.d [3, 4]. Until that happens, and is widely deployed, the
toolbox needs to provide the snippet itself to make things work on
the majority of operating systems.

Note that, in case udisks is configured to use /media instead of
/run/media, then this will create an unused /run/media directory. This
is probably fine because /run/media is the default setting for udisks.
Moreover, an unused directory is way better than not being able to
access mount points from a toolbox container or having 'podman create'
fail due to a missing directory.

Based on 4a2a15f2eb and as suggested by
Daniel J Walsh.

[1] UDisks commit aa02e5fc53efdeaf
    https://github.com/storaged-project/udisks/commit/aa02e5fc53efdeaf
[2] rpm-ostree commit 958dfa435e4e4a3e
    https://github.com/projectatomic/rpm-ostree/commit/958dfa435e4e4a3e
[3] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
[4] https://github.com/storaged-project/udisks/pull/641

https://github.com/debarshiray/toolbox/issues/3
2019-03-13 15:48:03 +01:00
Emiel Wiedijk
a1865baee8 Avoid a Bash-ism (ie. $'...') and stick to POSIX (ie. $(printf '...'))
Detected by the checkbashisms [1] tool.

[1] https://packages.debian.org/sid/devscripts

https://github.com/debarshiray/toolbox/issues/53
2019-03-12 16:13:39 +01:00
Debarshi Ray
4d37209313 Simplify code by removing a useless use of cat(1)
... detected by https://www.shellcheck.net/.

Fallout from 5b3d234c9e
2019-03-12 16:13:39 +01:00
Debarshi Ray
6a5b41835e Use a POSIX compatible built-in to detect the presence of flatpak-spawn
... because it's both faster and more portable than which(1). Detected
by https://www.shellcheck.net/.

Note that the checkbashisms [1] tool thinks that only 'command -p ...'
is specified in POSIX, but that's not true [2].

[1] https://packages.debian.org/sid/devscripts
[2] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html
2019-03-12 12:40:43 +01:00
Debarshi Ray
0152317522 Silence SC2086
Otherwise https://www.shellcheck.net/ would complain:
  Line 108:
  [ "$1" != "" ] && [ $1 -eq $1 ] 2>&3
                      ^-- SC2086: Double quote to prevent globbing and
                        word splitting.

See: https://github.com/koalaman/shellcheck/wiki/SC2086
2019-03-12 11:58:35 +01:00
Debarshi Ray
1002bd8192 Remove stray whitespace 2019-03-11 18:48:21 +01:00
Debarshi Ray
56c3cfc27c Make the --image flag override the base toolbox image, as documented
The current implementation of the --image flag, including the commit
message in commit 31de3ff96f that added it, was a total fiasco
and didn't match the intended behaviour or the documentation in the
manual at all. At the moment it overrides the name of the user-specific
customized image. This doesn't make sense because it's mostly an
implementation detail of the toolbox script - a way to get from the
base image to a toolbox container that's seamlessly integrated with the
host.

In other words, there's no need for a separate flag to allow having
multiple user-specific customized images from the same base image. It
already happens as a side effect of creating multiple toolbox
containers from the same base image using the --container flag.

What it really should do is override the base image so that toolbox
containers with different content can be created.

The format of a image reference is defined in:
https://github.com/moby/moby/blob/master/image/spec/v1.1.md
https://github.com/docker/distribution/blob/master/reference/reference.go

The code in create_toolbox_image_name is based on the ResolveName
function implemented in:
https://github.com/containers/buildah/blob/master/util/util.go

Fallout from 31de3ff96f

https://github.com/debarshiray/toolbox/pull/73
2019-03-11 18:05:19 +01:00
Debarshi Ray
f5f22bdf4e Try to avoid downloading a base image that's referred to by its ID
When any image is referred to by its non-human-readable ID, then it
must already be cached locally. It cannot be pulled from a registry
based on the hash, and there's no way to map it to the human-readable
name either.

A subsequent commit will leverage this to let the user override the
base toolbox image with an image reference that's a non-human-readable
ID.

The format of a image reference is defined in:
https://github.com/moby/moby/blob/master/image/spec/v1.1.md
https://github.com/docker/distribution/blob/master/reference/reference.go

https://github.com/debarshiray/toolbox/pull/73
2019-03-11 17:33:14 +01:00
Debarshi Ray
220e0d3632 Support base toolbox image names that include a domain
A subsequent commit will leverage this to let the user override the
base toolbox image with an image reference that might include a domain.
This can be helpful if the user wants to use an image from a specific
registry as opposed to the current approach of first looking for
localhost/<image> and then registry.fedoraproject.org/f$release/$image.

The format of a image reference is defined in:
https://github.com/moby/moby/blob/master/image/spec/v1.1.md
https://github.com/docker/distribution/blob/master/reference/reference.go

The code in image_reference_has_domain is based on the
splitDockerDomain function implemented in:
https://github.com/docker/distribution/blob/master/reference/normalize.go

https://github.com/debarshiray/toolbox/pull/73
2019-03-11 17:05:10 +01:00
Debarshi Ray
1e0564d66c Don't pollute the global namespace with the contents of /etc/os-release 2019-03-11 17:01:29 +01:00
Debarshi Ray
6e69d34b7f Be more informative when creating the working container
Creating just the working container itself takes noticeably long, even
if the base image is already cached locally.
2019-03-09 09:10:08 +01:00
Debarshi Ray
8ed688b724 Don't busy-loop when waiting for the spinner to stop 2019-03-09 08:53:13 +01:00
Debarshi Ray
2f9f71b378 Stop the spinner a few seconds faster
Currently, it was only checking the spinner-start file after looping
through all the frames of the animation. Instead it should check for
every frame.
2019-03-09 08:47:25 +01:00
Debarshi Ray
67dc9761e2 Silence SC2153
Otherwise https://www.shellcheck.net/ would complain:
  Line 277:
  if [ "$DBUS_SYSTEM_BUS_ADDRESS" != "" ]; then
        ^-- SC2153: Possible misspelling: DBUS_SYSTEM_BUS_ADDRESS may
          not be assigned, but dbus_system_bus_address is.

See: https://github.com/koalaman/shellcheck/wiki/SC2153
2019-03-08 12:47:45 +01:00
Debarshi Ray
1cdaf21203 doc: Fix the installation of manuals
The manuals shouldn't be installed in the top-level directory, but in
one of the sub-directories corresponding to the relevant section.

Fallout from 0a972dfccc
2019-03-06 17:08:22 +01:00