Commit graph

1088 commits

Author SHA1 Message Date
Debarshi Ray
8b84b5e460 Drop the Buildah dependency and the user-specific customized image
This works by configuring the toolbox container after it has been
created, instead of before. The toolbox script itself is mentioned as
the entry point of the container, which does 'exec sleep +Inf' once the
initialization is done.

A new command 'init-container' was added to perform the initialization.
It is primarily meant to be used as the entry point for all toolbox
containers, and must be run inside the container that's to be
initialized. It is not expected to be directly invoked by humans, and
cannot be used on the host.

As a result, the default name for the toolbox containers is now
fedora-toolbox-<version-id>, not fedora-toolbox-<user>-<version-id>.
For backwards compatibility, 'toolbox enter' and 'toolbox run' will
continue to work with containers using the old naming scheme.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 15:47:33 +02:00
Debarshi Ray
dadb21dade Shuffle some code around
A subsequent commit will create toolbox container names based on both
the base image and the user-specific customized image. This will make
it easier to read.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Debarshi Ray
affcede2eb Check for /run/.toolboxenv later to accommodate entry point commands
A subsequent commit will add a new command to configure a toolbox
container after it has been created. This command is meant to be the
container's entry point, which runs before /run/.toolboxenv gets
created. Given that the entry point will be set by 'toolbox create'
it's safe to assume that it's a toolbox container anyway.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Debarshi Ray
f1d45600e0 Check for flatpak-spawn(1) later - right before actually using it
A subsequent commit will add a new command to configure a toolbox
container after it has been created. This command is meant to run
inside the container without being forwarded to the host. Therefore,
just running inside a container doesn't mean that flatpak-spawn(1) is
mandatory.

This should help with toolbox containers created from images which
don't have flatpak-spawn(1) in them. eg., the fedora-toolbox base image
for Fedora 28.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Debarshi Ray
85f5b3e3db Shuffle some code around
Consolidate the code to forward commands to the host in one place
instead of doing it repeatedly for each command. This reduces the
levels of indentation in the code, making it easier to read.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Debarshi Ray
f74400f450 Run the entry point as root:root
A subsequent commit will add a new command to configure a toolbox
container after it has been created. This command is meant to be the
container's entry point, and will need to do things as root:root
relative to the user namespace.

Even though root:root is the default in 'podman create', explicitly
specifying it overrides any other value inherited from the
user-specific customized image. eg., older images had $USER as the
default user.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Debarshi Ray
fd08a98bd9 Add c.gh.debarshiray.toolbox to the container during 'podman create'
Commit 8127daa29e added the com.github.debarshiray.toolbox label
to the user-specific customized image generated by the 'create'
command, which gets inherited by toolbox containers using the image.
However, there might be really old images lying around in users' caches
that don't have the label, and in those cases the damage can be
limited by adding it directly to the newly created toolbox container.

Moreover, a subsequent commit will remove the need for the
user-specific customized image, and which will make this change
mandatory.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Debarshi Ray
48ddffb3d8 Tweak the debug output
This will make a subsequent commit easier to read.

https://github.com/debarshiray/toolbox/pull/160
2019-05-16 14:50:22 +02:00
Damian Ludwig
f9bed79dc2 Unbreak 'buildah unshare ...' to work with buildah-1.7
Even though buildah-unshare(1) does mention the need for the dashes,
the buildah-1.8 development builds do work without them. However,
buildah-1.7 is more pedantic and insists on having the dashes.

https://github.com/debarshiray/toolbox/issues/152
2019-05-16 14:48:22 +02:00
Debarshi Ray
7450b06caf README.md: Update
Fallout from de67ff4bcc
2019-05-16 14:46:21 +02:00
Debarshi Ray
51fe2d3607 doc/toolbox: Update 2019-05-16 14:40:17 +02:00
Debarshi Ray
e5350fe840 Set the Kerberos credential cache type in the container unconditionally
KCM is the only type of Kerberos credential cache that can seamlessly
work across the host and the toolbox container. In case the host isn't
using KCM, then Kerberos will error out inside the toolbox container,
which is fine.

https://github.com/debarshiray/toolbox/pull/162
2019-05-16 13:02:59 +02:00
Debarshi Ray
db62b8bc7a Quote a few variables to avoid triggering SC2086 in future
See: https://github.com/koalaman/shellcheck/wiki/SC2086
2019-05-15 17:26:16 +02:00
Debarshi Ray
89bb7f62b1 Reduce reliance on Buildah by switching to 'podman create --workdir'
Currently, the toolbox script depends on both the buildah and podman
commands. However, both are Go programs, and like all Go programs the
absense of shared libraries leads to bigger binaries. eg., the buildah
and podman binaries are approximately 22 MB and 48 MB respectively,
whereas the flatpak binary is a mere 1.4 MB.

Due to this, there's some nascent desire from the Endless OS folks to
reduce the dependency footprint of the toolbox script by replacing
Buildah with the corresponding Podman commands. This is a step in that
direction.

https://github.com/debarshiray/toolbox/pull/161
2019-05-14 18:19:03 +02:00
Debarshi Ray
aa0e6222ff doc/toolbox-run: Style fixes 2019-05-14 17:26:02 +02:00
Debarshi Ray
d7ff7f0b0b Reduce reliance on Buildah by switching to 'podman create --user ...'
Currently, the toolbox script depends on both the buildah and podman
commands. However, both are Go programs, and like all Go programs the
absense of shared libraries leads to bigger binaries. eg., the buildah
and podman binaries are approximately 22 MB and 48 MB respectively,
whereas the flatpak binary is a mere 1.4 MB.

Due to this, there's some nascent desire from the Endless OS folks to
reduce the dependency footprint of the toolbox script by replacing
Buildah with the corresponding Podman commands. This is a step in that
direction.

https://github.com/debarshiray/toolbox/pull/159
2019-05-14 14:53:26 +02:00
Debarshi Ray
f6ac08f47f Fix typo
Fallout from c492907c12
2019-05-14 13:02:11 +02:00
Debarshi Ray
5150f902bd Remove fragile & useless code to get the 'podman exec' PID when nested
Various users in the wild have reported errors about not being able to
walk up the process tree via /proc, and currently the PID of the
parent 'podman exec' process isn't used for anything. The original idea
was to explore killing the process or something when entering another
toolbox container while already being inside one, but that's not
implemented at the moment, and it was only a vague idea to begin with.
2019-05-10 18:58:39 +02:00
Debarshi Ray
449917c6b7 Support running nested only when inside a toolbox container
... as opposed to any random container.

This puts in place a minimum baseline as to what can be expected from
the environment when running inside a container.
2019-05-10 18:52:41 +02:00
Debarshi Ray
de67ff4bcc Use a magenta hexagon instead of 🔹 in the PS1
... because of its likeness to the Toolbox logo. Note that the magenta
foreground colour is requested through a terminal escape sequence with
SGR parameters [1]. The specific colour code for magenta is 35.

The main body of the PS1 needs to be split out to prevent Bash from
complaining:
  bash: printf: missing unicode digit for \u

[1] https://en.wikipedia.org/wiki/ANSI_escape_code

https://github.com/debarshiray/toolbox/pull/150
2019-05-06 16:38:10 +02:00
Toni Schmidbauer
2da4cc4634 Add a run command
This makes 'toolbox enter' similar to 'toolbox run $SHELL'.

The 'run' command is meant to spawn arbitrary binaries present inside
the toolbox container. Therefore it doesn't make sense for it to fall
back to /bin/bash, like it does for 'enter' if $SHELL is absent.

It's expected that users might use 'run' to create ad-hoc *.desktop
files. That's why it neither offers to create nor falls back to an
existing container like 'enter' does, because such interactions can't
happen when used in a *.desktop file. It's also a more advanced command
that new users are less likely to be interested in. Hence, this
shouldn't affect usability.

Some changes by Debarshi Ray.

https://github.com/debarshiray/toolbox/pull/76
2019-05-06 15:23:58 +02:00
Debarshi Ray
0e38e7d0b3 Retain the PS1 across su(1) and sudo(8)
The shell start-up scripts are where the PS1 is meant to be set. So
far, the absence of a toolbox-specific start-up script was being worked
around by setting the PS1 as part of the 'podman exec' invocation. This
came with certain limitations. eg., using su(1) or sudo(8) to get a
root shell can overwrite the PS1 set during 'podman exec' with a value
set by the operating system's existing start-up scripts depending on
which environment variables were being retained.

Now that the toolbox has it's own /etc/profile.d/toolbox.sh start-up
script, it's time to move the PS1 to its rightful home.

Since the start-up script and /run/.toolboxenv are present in older
toolbox containers, this change should be fully backwards compatible
and lead to a more robust PS1 without breaking older containers.

https://github.com/debarshiray/toolbox/pull/148
2019-05-06 12:48:49 +02:00
Debarshi Ray
f864d67baf Create /run/.toolboxenv in 'toolbox enter' for identification
This is better than setting an environment variable like
TOOLBOX_CONTAINER with 'podman create' because, unlike environment
variables, it can't be unset later by commands like su(1) or sudo(8).
One nice side-effect of doing it inside 'toolbox enter' is that it
will automatically work with older toolbox containers.

A subsequent commit will switch to using the /etc/profile.d/toolbox.sh
start-up script to set the PS1 instead of doing it as part of the
'podman exec' invocation. Having the identification mechanism work with
older toolbox containers is important to avoid breaking the PS1 for
backwards compatibility.

This reverts commit c7b7fa1867

https://github.com/debarshiray/toolbox/pull/148
2019-05-06 12:48:18 +02:00
Debarshi Ray
c492907c12 Make profile.d/toolbox.sh available inside older toolbox containers
Commit 97f4e072d5 made /etc/profile.d/toolbox.sh available inside
the toolbox container through a bind mount. However, it only works for
for toolbox containers created after that commit. Older containers
don't have the bind mount.

A subsequent commit will switch to using the /etc/profile.d/toolbox.sh
start-up script to set the PS1 instead of doing it as part of the
'podman exec' invocation. It's necessary to ensure that the start-up
script is available on older containers to avoid breaking the PS1 when
entering them.

https://github.com/debarshiray/toolbox/pull/148
2019-05-03 20:14:29 +02:00
Debarshi Ray
22b2d40830 completion: Silence SC2207
Otherwise https://www.shellcheck.net/ would complain:
  Line 29:
  COMPREPLY=($(compgen -W "--help --verbose $commands" -- "$2"))
             ^-- SC2207: Prefer mapfile or read -a to split command
               output (or quote to avoid splitting).

See: https://github.com/koalaman/shellcheck/wiki/SC2207
2019-05-02 16:41:25 +02:00
Debarshi Ray
3694b599d6 Reduce reliance on Buildah by switching to 'podman pull ...'
Currently, the toolbox script depends on both the buildah and podman
commands. However, both are Go programs, and like all Go programs the
absense of shared libraries leads to bigger binaries. eg., the buildah
and podman binaries are approximately 22 MB and 48 MB respectively,
whereas the flatpak binary is a mere 1.4 MB.

Due to this, there's some nascent desire from the Endless OS folks to
reduce the dependency footprint of the toolbox script by replacing
Buildah with the corresponding Podman commands. This is a step in that
direction.
2019-05-02 16:23:22 +02:00
Debarshi Ray
5a5e563343 Use more appropriate API to check the cache for the base image 2019-05-02 16:20:34 +02:00
Debarshi Ray
0473213907 Keep /etc/hosts and /etc/resolv.conf synchronized with the host
https://github.com/debarshiray/toolbox/issues/129
2019-04-30 18:00:41 +02:00
Debarshi Ray
3c4c439f69 Prepare 0.0.9 2019-04-30 12:29:09 +02:00
Debarshi Ray
05da8023b4 doc/toolbox-enter: Mention the 'initial setup' and fallback behaviour
https://github.com/debarshiray/toolbox/issues/128
2019-04-30 12:19:36 +02:00
Debarshi Ray
97f4e072d5 Make profile.d/toolbox.sh available inside the toolbox container
This is a continuation of abb2ac6fd4
2019-04-29 21:04:28 +02:00
Debarshi Ray
c7b7fa1867 Set TOOLBOX_CONTAINER in the environment to identify as a toolbox
This is a lot more clear and explicit than TOOLBOX_PATH, which is more
of an implementation detail to bind mount the toolbox script inside the
toolbox container.

https://github.com/debarshiray/toolbox/pull/142
2019-04-29 20:39:23 +02:00
Debarshi Ray
55f26aff98 Make 'toolbox enter' create or fall back to a container when possible
When there aren't any toolbox containers, 'toolbox enter' will offer to
create a new container matching the same parameters passed to the
command.

If 'toolbox enter' was invoked with the default parameters, and
there's just one toolbox container available, then it will fall back
to it.

https://github.com/debarshiray/toolbox/issues/128
2019-04-29 20:09:47 +02:00
Debarshi Ray
611594675c Make the 'toolbox enter' suggestion in create() optional
A subsequent commit will make 'toolbox enter' smarter. It will suggest
creating a new toolbox container if none is present, or fallback to an
existing container if only one is present.

There's won't be any need for the command suggestion when a toolbox
container gets created by the 'toolbox enter' command itself. The
suggested command would be the same as the one the user would have had
entered.

https://github.com/debarshiray/toolbox/issues/128
2019-04-29 20:01:47 +02:00
Debarshi Ray
193a453972 Split out the code to ask the user for confirmation
A subsequent commit will leverage this to make 'toolbox enter' smarter.
It will suggest creating a new toolbox container if none is present,
or fallback to an existing container if only one is present.

https://github.com/debarshiray/toolbox/issues/128
2019-04-29 20:01:47 +02:00
Debarshi Ray
1c9a626357 Split out the code to list the names of all toolbox containers
A subsequent commit will leverage this to make 'toolbox enter'
smarter. It will suggest creating a new toolbox container if none is
present, or fallback to an existing container if only one is present.

https://github.com/debarshiray/toolbox/issues/128
2019-04-29 20:01:47 +02:00
Debarshi Ray
f552bcb6c8 Return a code to the caller instead of exiting directly
This reduces the side-effects of functions, and makes them more modular
and flexible.

A subsequent commit will leverage this to make 'toolbox enter' smarter
by automatically offering to create a new toolbox if none is present.

https://github.com/debarshiray/toolbox/issues/128
2019-04-29 20:01:47 +02:00
Debarshi Ray
d3a0ec590a Quote a few variables to avoid triggering SC2086 in future
See: https://github.com/koalaman/shellcheck/wiki/SC2086

https://github.com/debarshiray/toolbox/pull/141
2019-04-29 20:00:28 +02:00
Debarshi Ray
a0dc55c87e Return a code to the caller instead of exiting directly
This reduces the side-effects of functions, and makes them more modular
and flexible.
2019-04-29 19:28:42 +02:00
Debarshi Ray
2f5e8a53cd Make the return code explicit
It makes things more obvious. Especially since the return codes for the
error paths are also explicit.
2019-04-29 19:26:27 +02:00
Debarshi Ray
99f8652b15 Don't prompt for localhost and cached base images
Fallout from b718fbdcda

https://github.com/debarshiray/toolbox/issues/134
2019-04-29 17:43:11 +02:00
Debarshi Ray
e6c4167ed8 completion: Silence SC2086
Otherwise https://www.shellcheck.net/ would complain:
  Line 28:
  if [ ${COMP_CWORD} -eq 1 ]; then
       ^-- SC2086: Double quote to prevent globbing and word splitting.

See: https://github.com/koalaman/shellcheck/wiki/SC2086
2019-04-26 18:48:20 +02:00
Debarshi Ray
b718fbdcda Ask for confirmation before downloading the base image
Currently, there's no easy way to get the size of the impending
download. Skopeo doesn't offer the size of the OCI image [1] and it's
debatable whether another 23 MB binary ought to be pulled in as a
dependency just for this.

Given that the default fedora-toolbox images are the only base images
available via a public repository, the size of the download is hard
coded to reflect the approximate size of the fedora-toolbox images.
These images are between 451 MB and 483 MB, so 500 MB should be a
reasonably suggestive approximate that shouldn't negatively surprise
users.

[1] https://github.com/containers/skopeo/issues/641

https://github.com/debarshiray/toolbox/issues/134
2019-04-26 18:41:04 +02:00
Florian Müllner
01274dc6a6 completion: Add Bash completion
Make using toolbox a bit more convenient by properly completing its
options. The completions should be complete (that is, there are
completions for all the commands and options shown in --help),
but no attempt is made to filter out conflicting options (for
example "toolbox rm --all my-container").

https://github.com/debarshiray/toolbox/pull/133
2019-04-26 15:44:27 +02:00
Andre Moreira Magalhaes
ca9ca9a3de Set default release to 29 when running on non-fedora hosts
https://github.com/debarshiray/toolbox/issues/131
2019-04-26 13:38:28 +02:00
Debarshi Ray
abb2ac6fd4 Show a welcome text on interactive shells running inside a toolbox
The welcome text uses the OSC 8 [1] escape sequence to add a hyperlink
to the Silverblue documentation [2].

Silence a SC1003 [3] because the intention is to print the 'ESC \'
string terminator (or ST), and not escape a single quote.

[1] https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
[2] https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/
[3] https://github.com/koalaman/shellcheck/wiki/SC1003

https://github.com/debarshiray/toolbox/pull/130
2019-04-25 16:21:13 +02:00
Debarshi Ray
79f59b667b Show a welcome text on interactive shells running on Silverblue hosts
The welcome text uses the OSC 8 [1] escape sequence to add a hyperlink
to the Silverblue documentation [2].

Silence a SC1003 [3] because the intention is to print the 'ESC \'
string terminator (or ST), and not escape a single quote.

[1] https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda
[2] https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/
[3] https://github.com/koalaman/shellcheck/wiki/SC1003

https://github.com/debarshiray/toolbox/pull/127
2019-04-25 15:52:23 +02:00
Debarshi Ray
5d78707a21 Make it available inside the toolbox container
Commit 5b3d234c9e had made the toolbox script work inside a
toolbox container, but most people didn't get to use it because it
needed extra effort to get access to the script inside the container.
One either had to grab the Toolbox sources or had to install the RPM.
Both options were inconvenient - the former needed knowing too many
technical details, while the latter would drag in dependencies like
Buildah and Podman that don't work inside the toolbox container.

This makes it easier to use the toolbox script inside a toolbox
container by bind mounting the script from the host inside the
container and keeping track of the path using the TOOLBOX_PATH
environment variable. The environment variable ensures that running
'toolbox create' from inside a toolbox container would continue to
bind mount the same script from the host that was used to create the
current container and is available inside it.

Compatibility with existing toolbox containers is broken when using
the script within a container because it insists on the TOOLBOX_PATH
environment variable being set inside. This might not be that big of a
deal because using the toolbox script inside a toolbox container wasn't
very convenient, and hence likely not used widely. In case of
complaints, this can be relaxed by falling back to "$0" when forwarding
the command to the host, but unless that happens it's better to keep
things simple to avoid a larger test matrix.

Based on an idea from Colin Walters.

https://github.com/debarshiray/toolbox/pull/126
2019-04-24 14:50:56 +02:00
Debarshi Ray
c0f476e2f2 Use more appropriate API to check if the container already exists
https://github.com/debarshiray/toolbox/pull/122
2019-04-17 13:27:21 +02:00
Debarshi Ray
8db3317807 Use more appropriate API to check the cache for the customized image
https://github.com/debarshiray/toolbox/pull/122
2019-04-17 13:27:18 +02:00