Commit graph

31 commits

Author SHA1 Message Date
Debarshi Ray
912f3000a9 Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
It's the user's responsibility to install any non-default shell inside
the toolbox container.

NB: /bin/bash is the default shell according to /etc/default/useradd.
2018-10-26 11:24:46 +02:00
Debarshi Ray
48ddba6306 Use the $SHELL from the host when customizing the toolbox image
... instead of relying on the defaults from /etc/default/useradd.
2018-10-26 11:24:46 +02:00
Debarshi Ray
c95a4c1e85 Give access to the GPUs for OpenGL and Vulkan
This makes the "OpenGL Area" example in gtk3-demo that uses GtkGLArea
work.
2018-10-17 17:08:21 +02:00
Debarshi Ray
31de3ff96f Allow having multiple toolbox images from the same base image
This adds an --image flag that overrides the default name of the
customized toolbox image from which the toolbox container is created.
2018-10-16 19:35:34 +02:00
Debarshi Ray
ef05b5c7c1 Reformat the --help output to fit narrower terminals
Hard coding 'fedora-toolbox' instead of $0 was necessary to get a
pleasant layout while keeping the code simple. It's not a big deal
because once there's a build system in place most people will type
'fedora-toolbox', instead of the full path to the script.
2018-10-16 19:21:46 +02:00
Debarshi Ray
5739d4b2a9 Allow having multiple toolbox containers from the same image
This adds a --container flag that overrides the default name of the
toolbox container.
2018-10-16 19:07:41 +02:00
Debarshi Ray
80f25c6924 Allow decoupling the toolbox's OS version from the host's
This adds a --release flag that overrides the VERSION_ID value read
from the host's /etc/os-release when creating and entering toolboxes.
2018-10-15 19:24:12 +02:00
Debarshi Ray
f3eab6afca Refactor common code into a function 2018-10-15 17:05:49 +02:00
Debarshi Ray
a0a9e7dc03 Look up the base image from the registry if it's absent locally
Normally, registry.fedoraproject.org will be used. The newly added
--candidate-registry flag can be used to change the default and query
candidate-registry.fedoraproject.org instead.
2018-10-15 15:07:52 +02:00
Debarshi Ray
bf830ac21c Make room for specifying command-specific options
A subsequent commit will add a --candidate-registry option to the
create command. This will make it possible to do so.
2018-10-12 17:38:59 +02:00
Debarshi Ray
a2d39e04bc Use the correct variable in the error message
This doesn't matter right now, but a subsequent commit will make
changes to accommodate command-specific options, where this will start
to matter. After all, the case statement is running against $op, not
$1, so this the right thing to do anyway.

Fallout from 678bdbaf4e
2018-10-12 17:38:59 +02:00
Debarshi Ray
bcd55f84fb Make su(1) work
... by deleting the root password.
2018-09-26 17:39:33 +02:00
Debarshi Ray
f30dd246dc Use a more direct way to check for the customized toolbox image
... than grepping the output of something else. One nice side-effect
is that the --verbose output becomes more meaningful.
2018-09-26 17:35:29 +02:00
Debarshi Ray
65ce3f76e8 Remove redundant if branch
Trust the exit status of 'buildah from ...' to have created a working
container instead of checking for its presence once again.
2018-09-26 17:10:42 +02:00
Debarshi Ray
07b37dbc2a Style fix
This reduces one level of indentation and makes the code more readable.
2018-09-26 16:59:38 +02:00
Debarshi Ray
68a19bcfd7 Clarify the error message if the container already exists 2018-09-21 12:31:41 +02:00
Debarshi Ray
66ab4da724 Allow running under sudo(8) when desired
This adds a --sudo flag, and the corresponding /etc/sudoers.d
configuration snippet, to run everything under sudo(8) for debugging.
2018-09-20 21:15:09 +02:00
Debarshi Ray
4bda42d414 Ensure that the toolbox user runs with 'wheel' as an additional group 2018-09-20 20:37:00 +02:00
Debarshi Ray
cfcf4eb31e Map the host UID into the container
Assuming a host UID of 1000, the UID mapping inside the user namespace
created by rootless podman for the toolbox container was:
         0       1000          1
         1     100000      65536

... which was the same as seen from the host:
         0       1000          1
         1     100000      65536

Therefore, when running with an UID of 1000 inside the container, it
got mapped to UID 100999 on the host. That means, for example, files
created by the user inside the container end up looking funny from the
host.

This is addressed by creating another user namespace that's a child of
the initial user namespace created by rootless podman. Assuming a host
UID of 1000, the UID mapping inside this child namespace is:
      1000          0          1
         0          1       1000
      1001       1001      64536

... which when seen from the host is:
      1000       1000          1
         0     100000       1000
      1001     101000      64536

This means that UID 1000 inside the child namespace is mapped to the
same UID 1000 on the host via the intermediate namespace created by
rootless podman. UIDs 0 to 999 inside the child namespace are mapped
to UIDs 100000 to 100999 in the host.

This change requires this runc pull request to work:
https://github.com/opencontainers/runc/pull/1862

As suggested by Giuseppe Scrivano.
2018-09-20 16:27:19 +02:00
Debarshi Ray
c9e1d585f0 Remove extra whitespaces
Fallout from d7219ba512
2018-09-14 20:03:54 +02:00
Debarshi Ray
4581537baf Localize the working container name to 'create'
The working container and its name is a temporary and internal detail
of the 'create' command. It's not something that someone would want to
manually tweak.

Since 'local' is not mandated by POSIX, use a subshell for the
function instead.

This is a step towards making the commands more parametrized so that
one can use different toolbox containers.
2018-09-14 20:03:54 +02:00
Debarshi Ray
29b8471f6c Unhide the error output when unable to create a working container
Fallout from d7219ba512
2018-09-14 17:14:38 +02:00
Debarshi Ray
fd697274a3 Use a lighter PID 1 than $SHELL
When used as PID 1, /bin/sh takes 3248 kB compared to the 4136 kB
taken by /bin/bash. It's not a lot, but is memory that can be saved
for free.

As a nice side-effect, this unbreaks 'create' with podman-0.9.1 because
'podman create ...' doesn't work without a command.

https://github.com/containers/libpod/issues/1452
2018-09-13 11:49:26 +02:00
Debarshi Ray
d7219ba512 Allow unhiding the error output when desired
This adds a --verbose flag which will prevent the error stream of the
child commands from being redirected to /dev/null. The intermediate
file descriptor is arbitrarily hard coded as 42 because shell
variables and redirection don't appear to play well together.
2018-09-12 20:44:24 +02:00
Debarshi Ray
678bdbaf4e Make room for specifying global options and commands
A subsequent commit will add a global --verbose option that's can be
used with all commands. This will make it possible to do so.
2018-09-12 20:44:20 +02:00
Debarshi Ray
7cd0b3ce97 Be more explicit when the number of arguments is wrong
This is more in line with how unrecognized commands and options are
reported.
2018-09-12 20:44:16 +02:00
Debarshi Ray
fb3b0f76cb Add missing 'enter' command to --help
Fallout from 990e9eb5b7
2018-09-12 20:44:14 +02:00
Debarshi Ray
6c3031c9d0 Prefix the toolbox PS1 with an emoji for differentiation
Flatbox already uses 📦, so got to try something different. 🔹 could be
a good option. It's small, subtle and blue.
2018-09-12 15:19:55 +02:00
Debarshi Ray
f100cdaf77 Use $XDG_RUNTIME_DIR instead of /run/user/$UID 2018-09-11 19:25:28 +02:00
Michael Scherer
0dedc0140d Avoid repeated prompts to unlock SSH keys
... by giving access to the SSH agent.

https://github.com/debarshiray/fedora-toolbox/pull/1
2018-09-03 16:39:51 +02:00
Debarshi Ray
990e9eb5b7 Initial revision 2018-08-31 18:38:01 +02:00