Commit graph

40 commits

Author SHA1 Message Date
Timothée Ravier
e80cba4d3e Images: Create F37 toolbox image from F36
https://github.com/containers/toolbox/pull/1012
2022-03-21 00:26:10 +02:00
Timothée Ravier
fd6510c940 images: Make locate(1) opt-in by default
Currently, the entry point of a Toolbox container runs updatedb(8) on
start-up, which can be very I/O intensive. This might be a hindrance
when troubleshooting performance problems on a host, or when
re-creating containers somewhat more frequently.

Users can install the mlocate RPM and restart their containers to
enable locate(1).

Only the images for currently maintained Fedoras (ie., 34, 35 and 36)
were updated.

https://github.com/containers/toolbox/pull/938
2021-12-01 16:21:42 +01:00
Debarshi Ray
cfffb72fb0 images: Remove misleading and redundant CMD
There's no need to specify a CMD in a Toolbox image because it's
specified by 'toolbox create', through 'podman create', when creating a
container.

A CMD was specified [1] because the Fedora Container Guidelines
requires it [2]. The idea behind the guidelines is that the right
thing should happen when one runs:
  $ podman run <image>

However, that only makes sense for images targeting single service
containers. Toolbox containers and images are different - they are not
meant to be used like that to run a single one-off service.

Conceptually, 'running' a Toolbox container is expected to provide the
user with a reasonable interactive command line experience. Arguably,
that means offering something like /bin/bash, not /bin/sh.

Also, note that when the CMD was introduced [1], Toolbox containers
were actually created, through 'podman create', with /bin/sh as their
entry points. So, it did make some sense. However, things have changed
since then [3]. The entry point is now 'toolbox init-container'. It's
not possible to mention it in the Toolbox image because the
/usr/bin/toolbox binary isn't present in the image, and it's not meant
to be present.

Therefore, today, /bin/sh is simply not the right fit for a Toolbox
image's CMD. A better option would be /bin/bash.

Note that the fedora base images have their CMD set to /bin/bash, which
is inherited by the fedora-toolbox images.

So, there are two options. Either repeat the same CMD in the
fedora-toolbox images and satisfy the guidelines, or take some
liberties and let the CMD be inherited from the fedora base images.

This commit takes the latter option. People tend to use the
fedora-toolbox images as the starting point for other custom Toolbox
images, sometimes for other operating system distributions. It's
better to keep them minimal to avoid implying extra requirements. In
this case, the CMD is an abstract concept, and the actual entry point
is 'toolbox init-container' as specified by 'toolbox create'.
Specifying /bin/bash might discourage people from creating custom
images that are only meant to have /bin/zsh.

Also, note that the current CMD was actually '/bin/sh -c /bin/sh', not
/bin/sh. Unless a CMD is specified as an array of command line
arguments, it's passed as a single argument to '/bin/sh -c' [4]. So,
this:
  CMD foo bar

... is the same as:
  CMD [ "/bin/sh", "-c", "foo bar" ]

Only the images for currently maintained Fedoras (ie., 34 and 35) were
updated.

This reverts commit 5cc2678a36.

[1] Commit 5cc2678a36

[2] https://docs.fedoraproject.org/en-US/containers/guidelines/creation/

[3] Commit 8b84b5e460
    https://github.com/containers/toolbox/pull/160

[4] https://docs.docker.com/engine/reference/builder/#cmd

https://github.com/containers/toolbox/issues/885
2021-12-01 01:08:56 +01:00
Debarshi Ray
8071bb5cb8 images: Add fedora-toolbox image definition for Fedora 36
https://github.com/containers/toolbox/pull/931
2021-11-19 03:27:45 +01:00
Debarshi Ray
df05e276b2 images: Avoid losing mount(8) by accident
The util-linux package was added to ensure the presence of the mount(8)
command. Currently the package is already pulled in by various
dependencies. Therefore, it doesn't increase the size of the image, but
serves as a safeguard against any inadvertent changes.

Note that starting from Fedora 35 onwards, the fedora base images no
longer have mount(8), which increases the importance of this change.

Only the images for currently maintained Fedoras (ie., 34 and 35) were
updated.

https://github.com/containers/toolbox/issues/929
2021-11-19 02:46:34 +01:00
Debarshi Ray
5dbcd377c6 images: Ensure that coreutils-single is replaced by coreutils-full
It's true that the fedora base images no longer come with
coreutils-single, but they used to, and the ubi base images still do.
Therefore, it's worth being extra defensive about this.

It's better to make the build system execute one extra redundant
command than expose users to a bug because of a change that snuck in
unnoticed.

Only the images for currently maintained Fedoras (ie., 34 and 35) were
updated.

This reverts commit 033ed71ec1.

https://github.com/containers/toolbox/pull/931
2021-11-19 02:46:30 +01:00
Oliver Gutierrez
09fb237727 tests: Changed container image source for busybox
Due to docker rate limiting we can not rely in docker.io for
retrieving the images.

This was detected when executing our tests for podman fedora
gating pipeline. Our busybox image was not downloaded and
one of the list tests was failing.
2021-08-09 17:09:29 +02:00
Eveline Raine
94917b729e images: Add iproute to Fedoras 33, 34 and 35
https://github.com/containers/toolbox/pull/314
2021-07-08 20:54:20 +02:00
Oliver Gutierrez
8b51901eb1 README.md: Update to reflect label deprecation
https://github.com/containers/toolbox/pull/820
2021-07-02 18:21:11 +02:00
Oliver Gutierrez
cb2ccbb594 images: Removed deprecated com.github.debarshiray.toolbox tag
https://github.com/containers/toolbox/pull/820
2021-07-02 18:21:04 +02:00
Debarshi Ray
73450bd8ac images: Add bc to Fedora 33, 34 and 35
https://github.com/containers/toolbox/pull/817
2021-06-28 14:40:37 +02:00
Debarshi Ray
e55f866c53 images: Add fedora-toolbox image definition for Fedora 35
https://github.com/containers/toolbox/pull/817
2021-06-28 14:40:34 +02:00
Debarshi Ray
d66c560a04 images: Synchronize README.md
https://github.com/containers/toolbox/pull/815
2021-06-26 19:33:42 +02:00
Trung Lê
66c49e0926 Rename Dockerfile to Containerfile
https://github.com/containers/toolbox/pull/757
2021-05-24 15:26:35 +02:00
Debarshi Ray
803063f081 Update references to the default branch name
The default branch was renamed from "master" to "main".

https://github.com/containers/toolbox/issues/740
2021-03-25 23:07:00 +01:00
Debarshi Ray
a8c6fd19d8 images: Use a regular file, not a symbolic link, for README.md
A while ago, 'podman build' stopped supporting COPY with relative
symbolic links [1]. Therefore, these image definitions can't be used
without first temporarily removing the symbolic links, which is
annoying.

The downside is that the copies of README.md now has to be separately
updated, which isn't that big of a hassle compared to the problem that
it fixes.

[1] https://github.com/containers/buildah/issues/1952

https://github.com/containers/toolbox/pull/723
2021-03-15 16:46:07 +01:00
Otto Urpelainen
889807ad49 Include the nano default editor
Since Fedora 33, `nano` is the default editor[0]. It needs to be
included in the fedora-toolbox image to have the standard Fedora
experience inside the container.

[0] https://fedoraproject.org/wiki/Changes/UseNanoByDefault
2021-03-10 13:06:15 +01:00
Ondřej Míchal
f5bbe356ad Drop the FGC namespace from the fedora-toolbox images
The FGC namespace used to be required by the Fedora container
guidelines, but not anymore [1].

[1] https://pagure.io/ContainerSIG/container-sig/issue/2

https://github.com/containers/toolbox/pull/615
2021-02-19 14:47:44 +01:00
Fabiano Fidêncio
f6985abf70 images: Add nss-mdns to all images
The nss-mdns plugin for the GNU Name Service Switch (or NSS)
functionality of the GNU C Library is necessary to resolve the .local
mDNS domain. The plugin talks to the Avahi daemon running on the host
to resolve the names.

https://github.com/containers/toolbox/issues/209

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2020-11-15 22:50:09 +01:00
Kan Li
fca24b213e images, pkg/utils: Allow X11 clients to run as root
It's necessary to propagate the XAUTHORITY environment variable from
the host when an X11 client is run as 'sudo <some-client>'. If an X11
client is started inside a 'su -' session, then xauth(1) needs to be
present so that pam_xauth.so can add a new XAUTHORITY environment
variable to the 'su -' session.

https://github.com/containers/toolbox/pull/572
2020-10-29 16:08:32 +01:00
Ondřej Míchal
3fee36c885 images: Add fedora-toolbox image definition for Fedora 34
https://github.com/containers/toolbox/pull/532
2020-08-21 16:13:28 +02:00
Debarshi Ray
1daa158385 images: Add gvfs-client to Fedoras 31, 32 and 33
The gvfs-client package is necessary for GIO-based processes inside
toolbox containers to use the GVfs backend and volume monitor daemons,
and it comes preinstalled on Fedora Silverblue and Workstation.

Only the images for currently maintained Fedoras (ie., 31, 32 and 33)
were updated.

https://github.com/containers/toolbox/pull/466
2020-06-10 15:40:27 +02:00
Jens Petersen
b4337d4f86 images/fedora/f33: Don't install docs for packages that aren't present
This fixes the following build failure:
  atomic_reactor.util - Package chkconfig available, but not installed.
  atomic_reactor.util - No match for argument: chkconfig
  atomic_reactor.util - Package dbus-daemon available, but not
    installed.
  atomic_reactor.util - No match for argument: dbus-daemon
  atomic_reactor.util - Package rpm-plugin-systemd-inhibit available,
    but not installed.
  atomic_reactor.util - No match for argument:
    rpm-plugin-systemd-inhibit
  ...
  ...
  ...
  atomic_reactor.util - ERROR - {'errorDetail': {'code': 143,
    'message': "The command '/bin/sh -c dnf -y reinstall
    $(<missing-docs)' returned a non-zero code: 143"}, 'error': "The
    command '/bin/sh -c dnf -y reinstall $(<missing-docs)' returned a
    non-zero code: 143"}
2020-04-03 19:41:00 +02:00
Debarshi Ray
17e384b7fb images: Add fedora-toolbox image definition for Fedora 33 2020-04-03 19:29:44 +02:00
Debarshi Ray
de5e5df9b7 Update the label for tagging to reflect the project's new home
The older com.github.debarshiray.toolbox label is still used in most
places as an alias for the new name for the sake of simplicity and
compatibility; except in 'create', where the new label is explicitly
specified in addition to the older one to help popularize it via newly
created toolbox containers.

The older com.github.debarshiray.toolbox label should eventually be
dropped, but before that, the even older use of com.redhat.component
for tagging needs to be phased out. The com.github.debarshiray.toolbox
label was introduced in commit 0ab6eb7401, as part of Toolbox
0.0.8, right before the release of Fedora 30 [1]. Therefore,
com.redhat.component needs to stay at least until Fedora 29 is
supported.

[1] https://fedoraproject.org/wiki/Releases/30/Schedule

https://github.com/containers/toolbox/pull/293
2019-10-14 12:36:17 +02:00
Debarshi Ray
8308ea6bd6 images: Install only flatpak-spawn, not the rest of flatpak-xdg-utils
https://github.com/debarshiray/toolbox/issues/147
2019-09-24 21:04:32 +02:00
Jens Petersen
033ed71ec1 images: Don't worry about coreutils-single
The fedora base images no longer come with coreutils-single.

https://github.com/fedora-cloud/docker-brew-fedora/issues/58
2019-09-24 20:19:58 +02:00
Debarshi Ray
e265c34cec images: Add fedora-toolbox image definition for Fedora 32 2019-09-24 20:14:32 +02:00
Debarshi Ray
0dee71b13f images: Drop PackageKit-command-not-found
It connects to the host's PackageKit instance, and tries to install the
packages on the host instead of inside the toolbox container. Remove it
unless there's a proper solution.

https://github.com/debarshiray/toolbox/issues/158
2019-07-22 15:05:21 +02:00
Debarshi Ray
c6772f0f11 images: Avoid losing useradd(8) by accident
The shadow-utils package was added to the base toolbox images to ensure
the presence of the useradd(8) command. Currently the package is
already pulled in by various dependencies. Therefore, it doesn't
increase the size of the base image, but serves as a safeguard against
any inadvertent changes.
2019-04-17 11:38:49 +02:00
Debarshi Ray
0ab6eb7401 images: Add label for tagging, not tied to the fedora-toolbox name
Currently the toolbox script identifies toolbox images and containers
by checking whether the com.redhat.component label matches
"fedora-toolbox". However, as per the Fedora Container Guidelines [1],
the com.redhat.com label should match the Red Hat Bugzilla component
name where bugs against the image should be reported. This means that
images derived from the base fedora-toolbox image would likely end up
overwriting it.

One option would've been to mandate that all toolbox images have the
"fedora-toolbox-" prefix in their names. However, it's better to avoid
putting limitations on how images can be named. The "fedora" name
wouldn't anyway work for images based on other distributions, and not
all images are going to use the Red Hat bugzilla for tracking bugs.

It's better to use a tag that's uniquely associated with the toolbox
project, and isn't tied to a particular distribution or bug tracker.

[1] https://fedoraproject.org/wiki/Container:Guidelines
2019-03-25 19:53:04 +01:00
Debarshi Ray
16f0b21ebc images: Reduce their sizes by removing temporary files created by DNF
For a locally built squashed fedora-toolbox:29 image [1], the size
reported by 'podman images' goes from 630 MB to 425 MB.

[1] Using: buildah bud --squash ...
2019-03-21 17:39:39 +01:00
Debarshi Ray
37d5459bfe Give access to Kerberos if KCM credential caches are being used
There's no easy way to introspect the Kerberos configuration from the
command line. eg., the credential cache type being used, or the value
of the socket_path setting that denotes which socket the KCM service
will listen on. Therefore, it's assumed that the former is KCM if the
socket's path can be parsed from the sssd-kcm.socket unit.

Given the immutable nature of Podman containers, the toolbox container
and its corresponding image will have to be re-created if the host OS
is sufficiently re-configured.

The krb5-libs package was added to the base toolbox images to ensure
the presence of the /etc/krb5.conf.d directory with the correct
permissions. Currently, the package is already pulled in by various
dependencies. Therefore, it doesn't increase the size of the base
image, but serves as a safeguard against any inadvertent changes.

https://github.com/debarshiray/toolbox/pull/74
2019-03-15 15:30:48 +01:00
Ondřej Zoder
dde1fa0734 images: Restore documentation removed from the base Fedora images
https://github.com/debarshiray/toolbox/pull/55
2019-03-05 18:01:27 +01:00
Debarshi Ray
ad75d97b50 images: Add fedora-toolbox image definition for Fedora 31 2019-02-25 14:45:46 +01:00
Debarshi Ray
acad65cd41 extra-packages: Style fixes 2019-02-25 14:37:58 +01:00
Debarshi Ray
a82261f30a extra-packages: Add flatpak-xdg-utils to Fedoras 29 and 30
This is necessary for the toolbox script to work inside the toolbox
container [1]. Having the flatpak-spawn command, provided by the
flatpak-xdg-utils package, readily available in the base image makes
for a better out of the box experience.

The flatpak-xdg-utils package is not available on Fedora 28. Given
that Fedora 28 is getting close to the end of its life cycle, it's
probably not worth doing all the paperwork to offer the package there.

[1] Commit 5b3d234c9e
    https://github.com/debarshiray/toolbox/pull/54
2019-02-25 14:04:46 +01:00
Debarshi Ray
c6b5a4836f Drop the "fedora" prefix and rename the project as just "toolbox"
The "fedora" prefix was used because this project was specifically
incubated to make it easier to hack on Fedora Silverblue. That and the
mix of upstream technologies (ie., Buildah and Podman) made it uniquely
"Fedora".

However, over time it has gotten clear that other groups, currently
Fedora downstreams like RHEL, are interested in it too. It won't be
surprising if in future it transcends the Fedora universe altogether.
Moreover, this project was inspired by coreos/toolbox [1]. There are
good reasons and enough interest to have a unified toolbox project
that addresses the needs of both Fedora CoreOS and Silverblue.

Therefore, it is best to drop the "fedora" prefix and call the whole
thing just "toolbox".

No extra effort was made to retain compatibility with the older name
due to the project's young age. Its userbase is limited to the earliest
of early adopters, and the benefits of a clean break outweigh the
loss of compatibility.

The OCI images and the toolbox container still retain the "fedora"
prefix to disambiguate them from their counterparts from other
operating systems.

[1] https://github.com/coreos/toolbox

https://github.com/debarshiray/toolbox/issues/8
2019-02-15 16:36:30 +01:00
Debarshi Ray
573b156b92 Add fedora-toolbox image definitions for Fedoras 29 and 30 2018-09-26 16:37:46 +02:00
Debarshi Ray
169f91669f Make room for Dockerfiles for multiple operating system versions
It would be good to have Dockerfiles for multiple Fedora versions, and
possibly even other operating systems like Red Hat Enterprise Linux or
CentOS, so that people can use the toolbox on different host OSes.

In the future, it would be nice to have multiple toolbox containers
corresponding to different OSes exist side by side. One could then
have a Fedora 29 environment on a Fedora 28 host and so on.
2018-09-26 16:33:17 +02:00