commit toolbox for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package toolbox for openSUSE:Factory checked in at 2021-02-01 13:25:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/toolbox (Old) and /work/SRC/openSUSE:Factory/.toolbox.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "toolbox" Mon Feb 1 13:25:02 2021 rev:9 rq:866535 version:2.0+git20210125.50611db Changes: -------- --- /work/SRC/openSUSE:Factory/toolbox/toolbox.changes 2021-01-22 21:50:07.633662146 +0100 +++ /work/SRC/openSUSE:Factory/.toolbox.new.28504/toolbox.changes 2021-02-01 13:25:03.249808395 +0100 @@ -1,0 +2,12 @@ +Mon Jan 25 10:24:32 UTC 2021 - kukuk@suse.com + +- Update to version 2.0+git20210125.50611db: + * Document configuration files, add /usr/etc/toolboxrc + * Update README to include commands + * Update the README + * Be even more compatible with Silverblue Toolbox + * Introduce commands, for compatibility with Silverblue's toolbox + * Mount /run/media and and /tmp inside a user toolbox + * Export more env variables inside (user) toolboxes + +------------------------------------------------------------------- Old: ---- microos-toolbox-1.0+git20210119.b5acdcf.tar.xz toolboxrc New: ---- microos-toolbox-2.0+git20210125.50611db.tar.xz toolboxrc.sle-micro ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ toolbox.spec ++++++ --- /var/tmp/diff_new_pack.yp5ONl/_old 2021-02-01 13:25:04.073809687 +0100 +++ /var/tmp/diff_new_pack.yp5ONl/_new 2021-02-01 13:25:04.077809693 +0100 @@ -17,14 +17,14 @@ Name: toolbox -Version: 1.0+git20210119.b5acdcf +Version: 2.0+git20210125.50611db Release: 0 Summary: Script to start a toolbox container for system debugging License: Apache-2.0 Group: System/Management URL: https://github.com/thkukuk/microos-toolbox Source: microos-toolbox-%{version}.tar.xz -Source1: toolboxrc +Source1: toolboxrc.sle-micro Requires: podman BuildArch: noarch ++++++ _service ++++++ --- /var/tmp/diff_new_pack.yp5ONl/_old 2021-02-01 13:25:04.105809737 +0100 +++ /var/tmp/diff_new_pack.yp5ONl/_new 2021-02-01 13:25:04.105809737 +0100 @@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="version">1.0</param> - <param name="versionformat">1.0+git%cd.%h</param> + <param name="version">2.0</param> + <param name="versionformat">2.0+git%cd.%h</param> <param name="url">git://github.com/thkukuk/microos-toolbox.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.yp5ONl/_old 2021-02-01 13:25:04.125809768 +0100 +++ /var/tmp/diff_new_pack.yp5ONl/_new 2021-02-01 13:25:04.125809768 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/thkukuk/microos-toolbox.git</param> - <param name="changesrevision">b5acdcfad5dd3f09536bd312790015f61c27f40a</param> + <param name="changesrevision">50611dbcda36b1e7da6770ee498bd38bf4ab607a</param> </service> </servicedata> \ No newline at end of file ++++++ microos-toolbox-1.0+git20210119.b5acdcf.tar.xz -> microos-toolbox-2.0+git20210125.50611db.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-toolbox-1.0+git20210119.b5acdcf/README.md new/microos-toolbox-2.0+git20210125.50611db/README.md --- old/microos-toolbox-1.0+git20210119.b5acdcf/README.md 2021-01-19 11:01:40.000000000 +0100 +++ new/microos-toolbox-2.0+git20210125.50611db/README.md 2021-01-25 11:23:20.000000000 +0100 @@ -1,105 +1,129 @@ # toolbox - bring your own tools with you On systems using `transactional-update` it is not really possible - due to the read-only root filesystem - to install tools to analyze problems in the currently running system as a reboot is always required. This makes it next to impossible to debug such problems. -`toolbox` is a small script that launches a podman container in a rootless or rootfull state to let you bring in your favorite debugging or admin tools in such a system. You can also install and run GUI applications in your `toolbox` container. The root filesystem can be found at `/media/root`. +`toolbox` is a small script that launches a podman container in a rootless or rootfull state to let you bring in your favorite debugging or admin tools in such a system. + +You can also install and run GUI applications in your `toolbox` container. The root filesystem can be found at `/media/root`. In a "user toolbox" (i.e., one started with `toolbox -u`) the user's home directory is available in the usual place (`/home/$USER`). + +## Usage -## Usage - The following options are avialbe in `toolbox`: * `-h` or `--help`: Shows the help message * `-u` or `--user`: Run as the current user inside the container -* `-R` or `--registry` `<registry>`: Explicitly specify the registry to use -* `-I` or `--image` `<image>`: Explicitly specify the image to pull +* `-R` or `--reg` `<registry>`: Explicitly specify the registry to use +* `-I` or `--img` `<image>`: Explicitly specify the image to pull +* `-i` or `--image` `<image>`: Full URI of the image to pull (alternative to `-R` & `-I`) * `-r` or `--root`: Runs podman via sudo as root -* `-t` or `--tag` <tag>: Add <tag> to the toolbox name - -You may override the following variables by setting them in ${TOOLBOXRC}: -* REGISTRY: The registry to pull from. Default value is: `registry.opensuse.org`. -* IMAGE: The image and tag from the registry to pull. Default value is: `opensuse/toolbox`. -* TOOLBOX_NAME: The name to use for the local container. Default value is: `"${HOME}"/.toolboxrc`. -* TOOLBOX_SHELL: Standard shell if no other commands are given. Default value is: `/bin/bash`. - -Example toolboxrc: -* `REGISTRY`=my.special.registry.example.com -* `IMAGE`=debug:latest -* `TOOLBOX_NAME`=special-debug-container -* `TOOLBOX_SHELL`=/bin/bash" - -If a config file is found, with REGISTRY and IMAGE defined, "${REGISTRY}/${IMAGE}" is used, overriding the default. -If -R and/or -I is/are used they override both the defaults and the content of REGISTRY and/or IMAGE from the config file. - -### Rootfull Usage Example - -``` -$ /usr/bin/toolbox -Spawning a container 'toolbox-root' with image 'registry.opensuse.org/opensuse/toolbox' -51e475f05d8bb8a5bf110bbecd960383bf8cfade1569587edef92076215f0eba -toolbox-root -Container started successfully. To exit, type 'exit'. -sh-5.0# ls -alF /media/root -... -sh-5.0# tcpdump -i ens3 -tcpdump: verbose output suppressed, use -v or -vv for full protocol decode -listening on ens3, link-type EN10MB (Ethernet), capture size 65535 bytes -... -sh-5.0# zypper in vim -Loading repository data... -Reading installed packages... -Resolving package dependencies... +* `-t` or `--tag` `<tag>`: Add `<tag>` to the toolbox name +* `-c` or `--container` `<name>`: Fully replace the toolbox name with `<name>` (alternative to `-t`) -The following 5 NEW packages are going to be installed: - libgdbm6 libgdbm_compat4 perl vim vim-data-common +You may override the following variables by setting them in `${HOME}/.toolboxrc`: +* `REGISTRY`: The registry to pull from. Default value is: `registry.opensuse.org`. +* `IMAGE`: The image and tag from the registry to pull. Default value is: `opensuse/toolbox`. +* `TOOLBOX_NAME`: The name to use for the local container. Default value is: `toolbox-${USER}`. +* `TOOLBOX_SHELL`: Standard shell if no other commands are given. Default value is: `/bin/bash`. -5 new packages to install. -Overall download size: 9.0 MiB. Already cached: 0 B. After the operation, -additional 49.4 MiB will be used. -Continue? [y/n/v/...? shows all options] (y): +Example `.toolboxrc` file: +``` +REGISTRY=my.special.registry.example.com +IMAGE=debug:latest +TOOLBOX_NAME=special-debug-container +TOOLBOX_SHELL=/bin/bash +``` + +If a config file is found, with `REGISTRY` and `IMAGE` defined, `${REGISTRY}/${IMAGE}` is used, overriding the default. +If `-R` and/or `-I` (or `-i`) is/are used they override both the defaults and the content of `REGISTRY` and/or `IMAGE` from the config file. + +### Configuration files + +Beside the user configuration file, there are two additional system wide +configuration files: +* `/usr/etc/toolboxrc`: distribution specific configuration file +* `/etc/toolboxrc`: system specific configuration file created by a system administrator + +The configuration files are read in the order: `/usr/etc/toolboxrc`, +`/etc/toolboxrc`, `~/.toolboxrc`. The last value is used. + +### Alternative UI + +It is possible to interact with `toolbox` using an interface which is similar to the one of [containers/toolbox](https://github.com/containers/toolbox). That is based on commands, such as: +* `create`: Creates a toolbox, but does not "enter" inside of it +* `enter`: Enter a toolbox (creating it, if it does not exist, in our case) +* `run`: Run a command / start a program inside a toolbox +* `list`: Show existing toolboxes, although for now it is basically an alias to `podman ps -a` + +### Rootless Usage + +By default a toolbox is a rootless container. This means that being root inside the toolbox itself does not map with being root on the host, +e.g., as far as file permissions, access to special files, etc go. + +#### Rootless Usage Example + +``` +$ id +uid=1000(dario) gid=100(users) groups=100(users),496(wheel),1000(dario) +$ toolbox +.toolboxrc file detected, overriding defaults... +Container 'toolbox-dario' already exists. Trying to start... +(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario') +toolbox-dario +Container started. +Entering container. To exit, type 'exit'. +... +toolbox-dario:/ # id +uid=0(root) gid=0(root) groups=0(root) +toolbox-dario:/ # ls -alF /media/root +total 88 +drwxr-xr-x 1 65534 65534 256 Sep 12 10:33 ./ +drwxr-xr-x 3 root root 48 Jan 20 14:06 ../ +drwxr-xr-x 1 65534 65534 1674 Dec 17 02:17 bin/ +drwxr-xr-x 1 65534 65534 554 Jan 18 10:44 boot/ +drwxr-xr-x 22 65534 65534 4300 Jan 19 22:22 dev/ +... +toolbox-dario:/ # tcpdump -i em1 +tcpdump: em1: You don't have permission to capture on that device +(socket: Operation not permitted) ... -sh-5.0# vi /media/root/etc/passwd +toolbox-dario:/ # touch /media/root/etc/foo +touch: cannot touch '/media/root/etc/foo': Permission denied ``` -## Rootless Usage +#### Rootless Usage Example, With User Setup In case a proper user environment is what one wants (e.g., for development), the `-u` (or `--user`) option can be used: -### Rootless Usage Example - ``` $ id -a uid=1000(dario) gid=1000(dario) groups=1000(dario),... -$ ./toolbox -u -Spawning a container 'toolbox-dario-user' with image 'registry.opensuse.org/opensuse/toolbox' -a0a5a332ee6d2a8dff6d8fb68a9ac70aeaacc9d531cf82f610ae48bec9e93ea1 +$ toolbox -u +.toolboxrc file detected, overriding defaults... +Container 'toolbox-dario-user' already exists. Trying to start... +(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario-user') toolbox-dario-user -Setting up user 'dario' inside the container... -(NOTE that, if 'sudo' and related packages are not present in the image already, -this may take some time. But this will only happen now that the toolbox is being created) -Container started successfully. To exit, type 'exit'. -dario@toolbox:~> +Container started. +Entering container. To exit, type 'exit'. +dario@toolbox-dario-user:~> id +uid=1000(dario) gid=100(users) groups=100(users) ... -dario@toolbox:~> id -a -uid=1000(dario) gid=1000(dario) groups=1000(dario) -dario@toolbox:~> echo $HOME +dario@toolbox-dario-user:~> echo $HOME /home/dario -dario@toolbox:~> ls $HOME/.. -l +dario@toolbox-dario-user:~> ls -l /home total 0 -drwxr-xr-x 1 dario dario 2422 Feb 14 10:22 dario +drwxr-xr-x 1 dario users 2290 Jan 20 14:33 dario ``` The user will have (paswordless) `sudo` access so, e.g., packages can be installed, etc: ``` $ ./toolbox -u -Spawning a container 'toolbox-dario-user' with image 'registry.opensuse.org/opensuse/toolbox' -4a05e36edb55776ae5f32cb736529ba94bdea4a39a8e5d6258ca230f646da733 +.toolboxrc file detected, overriding defaults... +Container 'toolbox-dario-user' already exists. Trying to start... +(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario-user') toolbox-dario-user -Setting up user 'dario' (with 'sudo' access) inside the container... -(NOTE that, if 'sudo' and related packages are not present in the image already, -this may take some time. But this will only happen now that the toolbox is being created) -Container started successfully. To exit, type 'exit'. -dario@toolbox:~> +Container started. +Entering container. To exit, type 'exit'. ... -dario@toolbox:~> sudo zypper install gcc +dario@toolbox-dario-user:~> sudo zypper in gcc Loading repository data... Reading installed packages... Resolving package dependencies... @@ -111,28 +135,134 @@ Overall download size: 42.6 MiB. Already cached: 0 B. After the operation, additional 179.7 MiB will be used. Continue? [y/n/v/...? shows all options] (y): ... -dario@toolbox:~> gcc -gcc: fatal error: no input files -compilation terminated. +dario@toolbox-dario-user:~> which gcc +/usr/bin/gcc +... +dario@toolbox-dario-user:~> sudo tcpdump -i em1 +tcpdump: em1: You don't have permission to capture on that device +(socket: Operation not permitted) +``` + +### Rootful Usage + +In fact, toolbox called by a normal user will start the toolbox container but the root filesystem of the host cannot be modified, special devices cannot be accessed, etc. +Running toolbox with sudo has the disadvantage, that the `.toolboxrc` in the `root` user home directory, and not the user's, is used. +To run the toolbox container with root rights, `toolbox --root` (or `-r`) has to be used. + +#### Rootfull Usage Example + +``` +$ id +uid=1000(dario) gid=100(users) groups=100(users),496(wheel),1000(dario) +$ toolbox -r +.toolboxrc file detected, overriding defaults... +Spawning a container 'toolbox-dario' with image 'registry.opensuse.org/opensuse/toolbox' +08a8b984be2430a5d2cb38d55b26a93ddda3e5e5d183fbb75ac7287421a3f8be +toolbox-dario +Container created. +Entering container. To exit, type 'exit'. +... +toolbox-dario:/ # id +uid=0(root) gid=0(root) groups=0(root) +toolbox-dario:/ # ls -alF /media/root +total 88 +drwxr-xr-x 1 root root 256 Sep 12 10:33 ./ +drwxr-xr-x 1 root root 8 Jan 20 13:51 ../ +drwxr-xr-x 1 root root 1674 Dec 17 02:17 bin/ +drwxr-xr-x 1 root root 554 Jan 18 10:44 boot/ +drwxr-xr-x 22 root root 4300 Jan 19 22:22 dev/ +... +toolbox-dario:/ # tcpdump -i em1 +tcpdump: verbose output suppressed, use -v or -vv for full protocol decode +listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes +13:54:52.843421 IP 192.168.0.9.46690 > 192.168.0.255.32412: UDP, length 21 +13:54:52.843655 IP 192.168.0.9.59404 > 192.168.0.255.32414: UDP, length 21 +... +toolbox-dario:/ # touch /media/root/etc/foo +toolbox-dario:/ # ls -la /media/root/etc/foo +-rw-r--r-- 1 root root 0 Jan 20 14:09 /media/root/etc/foo ``` ## Advanced Usage +### Running a command/program inside a toolbox + +By default, toolbox drops the user into a shell, inside the container. It is possible, instead, to launch a specific command or program inside of the container: + +``` +$ toolbox -u sudo zypper in figlet +.toolboxrc file detected, overriding defaults... +Container 'toolbox-dario-user' already exists. Trying to start... +(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario-user') +toolbox-dario-user +Container started. +Entering container. To exit, type 'exit'. +Loading repository data... +Reading installed packages... +Resolving package dependencies... + +The following NEW package is going to be installed: + figlet + +1 new package to install. +Overall download size: 3.0 MiB. Already cached: 0 B. After the operation, additional 75.2 MiB will be used. +Continue? [y/n/v/...? shows all options] (y): +... +... +$ toolbox -u figlet Hey from toolbox! +.toolboxrc file detected, overriding defaults... +Container 'toolbox-dario-user' already exists. Trying to start... +(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario-user') +toolbox-dario-user +Container started. +Entering container. To exit, type 'exit'. + _ _ __ +| | | | ___ _ _ / _|_ __ ___ _ __ ___ +| |_| |/ _ \ | | | | |_| '__/ _ \| '_ ` _ \ +| _ | __/ |_| | | _| | | (_) | | | | | | +|_| |_|\___|\__, | |_| |_| \___/|_| |_| |_| + |___/ + _ _ _ _ +| |_ ___ ___ | | |__ _____ _| | +| __/ _ \ / _ \| | '_ \ / _ \ \/ / | +| || (_) | (_) | | |_) | (_) > <|_| + \__\___/ \___/|_|_.__/ \___/_/\_(_) +``` + +Of course, the command to run could even be a shell. However, for using a different shell than the default one inside of the toolbox, it is also possible to change the value of the `TOOLBOX_SHELL` variable within the config file. + ### Use a custom image toolbox uses an openSUSE-based userspace environment called `opensuse/toolbox` by default, but this can be changed to any container image. Simply override environment variables in `$HOME/.toolboxrc`: -#### toolbox - ``` # cat ~/.toolboxrc REGISTRY=registry.opensuse.org IMAGE=opensuse/toolbox:latest ``` -### Root container as normal user +Alternatively, either the `-R` and `-I` parameters can be used, like this: +``` +$ toolbox -u -R registry.opensuse.org -I opensuse/tumbleweed:latest +.toolboxrc file detected, overriding defaults... +Spawning a container 'toolbox-dario-user' with image 'registry.opensuse.org/opensuse/tumbleweed:latest' +b9b79fda84f1022112c0841f6b3711511a640391a9379adb4257b81a26887c0f +toolbox-dario-user +Setting up user 'dario' (with 'sudo' access) inside the container... +(NOTE that, if 'sudo' and related packages are not present in the image already, +this may take some time. But this will only happen now that the toolbox is being created) +Container created. +Entering container. To exit, type 'exit'. +dario@toolbox-dario-user:~> exit +... +dario@toolbox-dario-user:~> +exit +dario@Wayrath:~/Documents/Work/Dario/SUSE> podman ps -a +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +b9b79fda84f1 registry.opensuse.org/opensuse/tumbleweed:latest sleep +Inf About a minute ago Exited (143) 3 seconds ago toolbox-dario-user +``` -toolbox called by a normal user will start the toolbox container, too, but the root filesystem cannot be modified. Running toolbox with sudo has the disadvantage, that the .toolboxrc from root and not the user is used. To run the toolbox container with root rights, `toolbox --root` has to be used. +Or just put the full URI under the `-i` parameter, such as `toolbox -u -i registry.opensuse.org/opensuse/tumbleweed:latest`. ### Multiple Toolboxes @@ -148,6 +278,9 @@ (To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario-user') toolbox-dario-user Container started successfully. To exit, type 'exit'. +dario@toolbox-dario-user:~> +... +dario@toolbox-dario-user:~> exit ... $ ./toolbox -u -t virt Spawning a container 'toolbox-dario-user-virt' with image 'registry.opensuse.org/opensuse/toolbox' @@ -157,14 +290,55 @@ (NOTE that, if 'sudo' and related packages are not present in the image already, this may take some time. But this will only happen now that the toolbox is being created) Container started successfully. To exit, type 'exit'. -dario@toolbox:~> +dario@toolbox-dario-user-virt:~> ... -dario@toolbox:~> exit +dario@toolbox-dario-user-virt:~> exit CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0dbfbe02b020 registry.opensuse.org/opensuse/toolbox:latest /bin/bash 8 minutes ago Exited (0) 6 minutes ago toolbox-dario-user-virt b20985e6de68 registry.opensuse.org/opensuse/toolbox:latest /bin/bash 10 minutes ago Exited (0) 7 minutes ago toolbox-dario-user ``` +### Alternative (Command Based) UI + +If wanting to use the commands-based interface, this is the basic operations +are performed: +* Creating a user toolbox and entering inside it (equivalent of `toolbox -u`): +``` +toolbox create +toolbox enter +``` +* Running a command inside a toolbox (equivalent of `toolbox -u /usr/bin/foo`): +``` +toolbox run ls /home/ +``` +* Creating (and entering) a toolbox tagged as `devel` (equivalent of `toolbox -u -t devel`): +``` +toolbox create -t devel +toolbox enter -t devel +``` +* Creating (and entering) a toolbox called `tbx-apps` (equivalent of `toolbox -u -c tbx-apps`): +``` +toolbox create -c tbx-apps +toolbox enter -c tbx-apps +``` + +Option `-r` can be used together with commands as well, like this: +* Creating a toolbox running as root, with your user inside (equivalent of `toolbox -u -r`): +``` +toolbox create -r +toolbox enter -r +``` +* Running a command inside a toolbox that runs as root on the host and has your +user configured in it (equivalent of `toolbox -u -r /usr/bin/foo`): +``` +toolbox create -r +toolbox run -r ls /home/ +``` + +Note that this latter working mode has no equivalent in containers/toolbox where, if +wanting to start a toolbox that runs as the root user on the host, it must be started +with `sudo`. + ### Automatically enter toolbox on login Set an `/etc/passwd` entry for one of the users to `/usr/bin/toolbox`: @@ -183,16 +357,19 @@ (To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-bob') toolbox-bob Container started successfully. To exit, type 'exit'. -sh-5.0# +toolbox-bob:/ # ``` ## Troubleshooting -#### Podman can't pull/run images with user -If you want to run a rootless `toolbox` setup you might need to add a range of UID and GID for the user you want to run `toolbox` with. Before adding UID and GID ranges check if `/etc/subuid` and `/etc/subgid` are actually empty. If empty you can run this as root to populate them: +### Podman can't pull/run images with user +If you want to run a rootless `toolbox` setup you might need to add a range of UID and GID for the user you want to run `toolbox` with. Before adding UID and GID ranges check if `/etc/subuid` and `/etc/subgid` are actually empty. If empty you can run this as root to populate them: + ``` echo "podman_user:100000:65536" > /etc/subuid echo "podman_user:100000:65536" > /etc/subgid ``` -#### GUI application can't connect to display -This happens if you run the container as root - with sudo for example - while you're logged in as user to the desktop environment. The easiest way is to use `toolbox -u` with your user to setup a `rootless toolbox` container for such cases. + +### GUI application can't connect to display + +This happens if you run the container as root - with sudo for example - while you're logged in as user to the desktop environment. The easiest way is to use `toolbox -u` with your user to setup a "rootless toolbox" container for such cases. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-toolbox-1.0+git20210119.b5acdcf/toolbox new/microos-toolbox-2.0+git20210125.50611db/toolbox --- old/microos-toolbox-1.0+git20210119.b5acdcf/toolbox 2021-01-19 11:01:40.000000000 +0100 +++ new/microos-toolbox-2.0+git20210125.50611db/toolbox 2021-01-25 11:23:20.000000000 +0100 @@ -26,8 +26,31 @@ TOOLBOX_SHELL="/bin/bash" SUDO= +test -f /usr/etc/toolboxrc && . /usr/etc/toolboxrc test -f /etc/toolboxrc && . /etc/toolboxrc +MODE="system" + +USER_ENV="DBUS_SESSION_BUS_ADDRESS \ + DBUS_SYSTEM_BUS_ADDRESS \ + DESKTOP_SESSION \ + SESSION_MANAGER \ + DISPLAY \ + LANG \ + SSH_AUTH_SOCK \ + USER \ + USERNAME \ + WAYLAND_DISPLAY \ + XAUTHORITY \ + XAUTHLOCALHOSTNAME \ + XDG_CURRENT_DESKTOP \ + XDG_DATA_DIRS \ + XDG_MENU_PREFIX \ + XDG_RUNTIME_DIR \ + XDG_SESSION_CLASS \ + XDG_SESSION_DESKTOP \ + XDG_SESSION_TYPE" + setup() { # Allow user overrides if [ -f "${TOOLBOXRC}" ]; then @@ -37,11 +60,12 @@ TOOLBOX_IMAGE="${REGISTRY}"/"${IMAGE}" } -run() { +create() { if ! image_exists; then image_pull fi + local msg="creat" local runlabel=$(image_runlabel) if ! container_exists; then echo "Spawning a container '$TOOLBOX_NAME' with image '$TOOLBOX_IMAGE'" @@ -57,6 +81,7 @@ else echo "Container '$TOOLBOX_NAME' already exists. Trying to start..." echo "(To remove the container and start with a fresh toolbox, run: podman rm '$TOOLBOX_NAME')" + msg="start" fi local state=$(container_state) @@ -85,7 +110,13 @@ ${SUDO} podman exec --user root ${TOOLBOX_NAME} rm ${tmp_user_setup} fi - echo "Container started successfully. To exit, type 'exit'." + echo "Container ${msg}ed." +} + +run() { + create + + echo "Entering container. To exit, type 'exit'." container_exec "$@" } @@ -113,6 +144,10 @@ ${SUDO} podman pull "$TOOLBOX_IMAGE" } +list() { + ${SUDO} podman ps --all +} + container_create() { if ! ${SUDO} podman create \ --hostname "$TOOLBOX_NAME" \ @@ -153,16 +188,30 @@ } show_help() { - echo "USAGE: toolbox [[-h/--help] | [-r/--root] [-u/--user] [-t/--tag <tag>] [command]] + echo "USAGE: toolbox [[-h/--help] | [command] [-r/--root] [-u/--user] + [[-R/--reg <registry>] [-I/--img <image>]|[-i/--image <image_URI>]] + [[-t/--tag <tag>]|[-c/--container <name>]] [command_to_run]] toolbox is a small script that launches a container to let you bring in your favorite debugging or admin tools. The toolbox container is a pet container and will be restarted on following runs. To remove the container and start fresh, do podman rm ${TOOLBOX_NAME}. +Commands are optional. The supported ones are: + list: List existing toolboxes + create: Just create the toolbox + enter: Enter inside a toolbox (if it does not exist, it is created) + run: Run command_to_run inside a toolbox (if it does not exist, it is created) + Options: -h/--help: Shows this help message -u/--user: Run as the current user inside the container -r/--root: Runs podman via sudo as root -t/--tag <tag>: Add <tag> to the toolbox name + -c/--container <name>: Set the name of the toolbox to be equal to <name> + (use this alternatively to -t) + -R/--reg <registry>: Pulls the container image from <registry> + -I/--img <image>: Pulls the image called <image> + -i/--image <image_URI>: Pulls <image_URI> as a container image (use this + alternatively to -R and -I) You may override the following variables by setting them in ${TOOLBOXRC}: - REGISTRY: The registry to pull from. Default: $REGISTRY @@ -177,15 +226,43 @@ TOOLBOX_SHELL=/bin/bash" } +is_option() { + if [ "${1:0:1}" = "-" ]; then + return 1 + fi + return 0 +} + main() { # Execute setup first so we get proper variables setup - # If we are passed a help switch, show help and exit - ARGS=`getopt -o hrut:R:I: --long help,root,user,tag:,registry:,image: -n toolbox -- "$@"` + + # Deal with commands first. We want to support both "command mode" + # (compatible with Silverblue's toolbox) and the current "command-less" + # mode of operation. If wanting to use a command, that has to be the + # first argument. If no command is provided, we basically default to + # 'run', which is 'create, start and fire a shell inside the toolbox'. + # + # Note that, if a command is used, we set "user" mode by default (i.e., + # even if `-u` is not specified later). This is again for compatibility + # with https://github.com/containers/toolbox). + COMMAND=run + if [ ! -z $1 ] && is_option $1 ; then + case $1 in + create | list | enter | run ) + MODE="user" + COMMAND=$1 + shift + ;; + esac + fi + + ARGS=`getopt -o hrut:R:I:c:i: --long help,root,user,tag:,reg:,img:,container:,image: -n toolbox -- "$@"` eval set -- "$ARGS" while true; do case "$1" in -h|--help) + # If we are passed a help switch, show help and exit show_help exit 0 ;; @@ -195,31 +272,38 @@ ;; -u|--user) shift - USER_ID=`id -u`; USER_GID=`id -g` - USER_NAME=`id -un` ; USER_GNAME=`id -gn` - USER_HOME=$HOME - TOOLBOX_NAME="${TOOLBOX_NAME}-user" - - # We want to keep the pid namespace of the running user. - # We, however, use root:root while creating, so that later we - # can modify the user's name, groups, etc, within the container. - CREATE_AS_USER="--pid host --userns=keep-id -v ${HOME}:${HOME} --user root:root --volume /run/user/${USER_ID}:/run/user/${USER_ID}:rslave " - EXEC_AS_USER="--user ${USER_ID}:${USER_GID} -w `pwd` --env SSH_AUTH_SOCK=$SSH_AUTH_SOCK --env DISPLAY=$DISPLAY --env XAUTHORITY=$XAUTHORITY" + MODE="user" + ;; + -c|--container) + if [ ! -z $TAG ]; then + echo "ERROR: Don't use both -c and -t!" + show_help + exit 1 + fi + CHANGE_NAME="true" + TOOLBOX_NAME="$2" + shift 2 ;; -t|--tag) - TOOLBOX_NAME="${TOOLBOX_NAME}-$2" + if [ ! -z $CHANGE_NAME ]; then + echo "ERROR: Don't use both -c and -t!" + show_help + exit 1 + fi + TAG="$2" shift 2 ;; - -R|--registry) + -R|--reg) REGISTRY=$2 - # Let's rebuild the image URI (this means that command - # line, if present, overrides config file) - TOOLBOX_IMAGE="${REGISTRY}"/"${IMAGE}" shift 2 ;; - -I|--image) + -I|--img) + IMAGE=$2 + shift 2 + ;; + -i|--image) + REGISTRY="" IMAGE=$2 - TOOLBOX_IMAGE="${REGISTRY}"/"${IMAGE}" shift 2 ;; --) @@ -234,12 +318,53 @@ esac done - if [ -z "$*" ]; then - run ${TOOLBOX_SHELL} - else - run "$@" + # Let's rebuild the image URI (this means that command + # line, if present, overrides config file) + TOOLBOX_IMAGE=`echo "${REGISTRY}"/"${IMAGE}" | sed 's/^\///g'` + + if [ "$MODE" = "user" ]; then + USER_ID=`id -u`; USER_GID=`id -g` + USER_NAME=`id -un` ; USER_GNAME=`id -gn` + USER_HOME=$HOME + if [ -z $CHANGE_NAME ]; then + TOOLBOX_NAME="${TOOLBOX_NAME}-user" + fi + + # We want to keep the pid namespace of the running user. + # We, however, use root:root while creating, so that later we + # can modify the user's name, groups, etc, within the container. + CREATE_AS_USER="--pid host --userns=keep-id -v ${HOME}:${HOME} --user root:root --volume /run/user/${USER_ID}:/run/user/${USER_ID}:rslave --volume /run/media/:/run/media/:rslave --volume /tmp:/tmp:rslave" + for ENV in $USER_ENV ; do + eval VAL="$""$ENV" + [[ ! -z $VAL ]] && USER_ENV_STR="$USER_ENV_STR --env $ENV=$VAL" + done + EXEC_AS_USER="--user ${USER_ID}:${USER_GID} -w `pwd` $USER_ENV_STR" fi - cleanup + + if [ ! -z $TAG ]; then + TOOLBOX_NAME="${TOOLBOX_NAME}-$TAG" + fi + + case $COMMAND in + list) + list + ;; + create) + create + ;; + enter|run) + if [ -z "$*" ]; then + run ${TOOLBOX_SHELL} + else + run "$@" + fi + cleanup + ;; + *) + echo "unknown command: '$COMMAND'" + exit 1 + ;; + esac } main "$@" ++++++ toolboxrc.sle-micro ++++++ REGISTRY=registry.suse.com IMAGE=suse/toolbox
participants (1)
-
Source-Sync