diff --git a/.zuul.yaml b/.zuul.yaml index 71d85c39d..49c6479cb 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1,5 +1,5 @@ # -# Copyright © 2020 – 2022 Red Hat, Inc. +# Copyright © 2020 – 2023 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ --- - job: name: unit-test - description: Run Toolbox's unit tests declared in Meson + description: Run Toolbx's unit tests declared in Meson timeout: 1800 nodeset: nodes: @@ -28,7 +28,7 @@ - job: name: unit-test-migration-path-for-coreos-toolbox - description: Run Toolbox's unit tests declared in Meson when built with -Dmigration_path_for_coreos_toolbox + description: Run Toolbx's unit tests declared in Meson when built with -Dmigration_path_for_coreos_toolbox timeout: 600 nodeset: nodes: @@ -39,8 +39,8 @@ - job: name: system-test-fedora-rawhide - description: Run Toolbox's system tests in Fedora Rawhide - timeout: 3600 + description: Run Toolbx's system tests in Fedora Rawhide + timeout: 4800 nodeset: nodes: - name: fedora-rawhide @@ -49,24 +49,24 @@ run: playbooks/system-test.yaml - job: - name: system-test-fedora-37 - description: Run Toolbx's system tests in Fedora 37 - timeout: 2400 + name: system-test-fedora-39 + description: Run Toolbx's system tests in Fedora 39 + timeout: 3600 nodeset: nodes: - - name: fedora-37 - label: cloud-fedora-37 + - name: fedora-39 + label: cloud-fedora-39 pre-run: playbooks/setup-env.yaml run: playbooks/system-test.yaml - job: - name: system-test-fedora-36 - description: Run Toolbx's system tests in Fedora 36 - timeout: 2400 + name: system-test-fedora-38 + description: Run Toolbx's system tests in Fedora 38 + timeout: 3600 nodeset: nodes: - - name: fedora-36 - label: cloud-fedora-36 + - name: fedora-38 + label: cloud-fedora-38 pre-run: playbooks/setup-env.yaml run: playbooks/system-test.yaml @@ -74,19 +74,19 @@ periodic: jobs: - system-test-fedora-rawhide - - system-test-fedora-37 - - system-test-fedora-36 + - system-test-fedora-39 + - system-test-fedora-38 check: jobs: - unit-test - unit-test-migration-path-for-coreos-toolbox - system-test-fedora-rawhide - - system-test-fedora-37 - - system-test-fedora-36 + - system-test-fedora-39 + - system-test-fedora-38 gate: jobs: - unit-test - unit-test-migration-path-for-coreos-toolbox - system-test-fedora-rawhide - - system-test-fedora-37 - - system-test-fedora-36 + - system-test-fedora-39 + - system-test-fedora-38 diff --git a/images/fedora/f28/Containerfile b/images/fedora/f28/Containerfile deleted file mode 100644 index c1ba5ad77..000000000 --- a/images/fedora/f28/Containerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM registry.fedoraproject.org/fedora:28 - -ENV NAME=fedora-toolbox VERSION=28 -LABEL com.github.containers.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$FGC/$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf -RUN dnf -y swap coreutils-single coreutils-full - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, SSH agent, etc.. - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" -``` -The label `com.github.debarshiray.toolbox="true"` was used in previous versions -of toolbox but is currently deprecated. diff --git a/images/fedora/f32/extra-packages b/images/fedora/f32/extra-packages deleted file mode 100644 index 942271c74..000000000 --- a/images/fedora/f32/extra-packages +++ /dev/null @@ -1,42 +0,0 @@ -bash-completion -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mlocate -mtr -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -vte-profile -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f32/missing-docs b/images/fedora/f32/missing-docs deleted file mode 100644 index f1f56bc08..000000000 --- a/images/fedora/f32/missing-docs +++ /dev/null @@ -1,18 +0,0 @@ -acl -bash -chkconfig -curl -dbus-daemon -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -rpm-plugin-systemd-inhibit -sed -systemd -tar diff --git a/images/fedora/f33/Containerfile b/images/fedora/f33/Containerfile deleted file mode 100644 index c638d9571..000000000 --- a/images/fedora/f33/Containerfile +++ /dev/null @@ -1,26 +0,0 @@ -FROM registry.fedoraproject.org/fedora:33 - -ENV NAME=fedora-toolbox VERSION=33 -LABEL com.github.containers.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, networking (including Avahi), removable devices (like USB -sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev -database, etc.. - - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/machine-id`: optional, not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" -``` -The label `com.github.debarshiray.toolbox="true"` was used in previous versions -of toolbox but is currently deprecated. diff --git a/images/fedora/f33/extra-packages b/images/fedora/f33/extra-packages deleted file mode 100644 index 34ee15652..000000000 --- a/images/fedora/f33/extra-packages +++ /dev/null @@ -1,45 +0,0 @@ -bash-completion -bc -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iproute -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mlocate -mtr -nano-default-editor -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -vte-profile -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f33/missing-docs b/images/fedora/f33/missing-docs deleted file mode 100644 index b634f27b6..000000000 --- a/images/fedora/f33/missing-docs +++ /dev/null @@ -1,15 +0,0 @@ -acl -bash -curl -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -sed -systemd -tar diff --git a/images/fedora/f34/Containerfile b/images/fedora/f34/Containerfile deleted file mode 100644 index 8208c44cf..000000000 --- a/images/fedora/f34/Containerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM registry.fedoraproject.org/fedora:34 - -ENV NAME=fedora-toolbox VERSION=34 -LABEL com.github.containers.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf -RUN dnf -y swap coreutils-single coreutils-full - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, networking (including Avahi), removable devices (like USB -sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev -database, etc.. - - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/machine-id`: optional, not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" -``` -The label `com.github.debarshiray.toolbox="true"` was used in previous versions -of toolbox but is currently deprecated. diff --git a/images/fedora/f34/extra-packages b/images/fedora/f34/extra-packages deleted file mode 100644 index 52bf3f31b..000000000 --- a/images/fedora/f34/extra-packages +++ /dev/null @@ -1,45 +0,0 @@ -bash-completion -bc -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iproute -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mtr -nano-default-editor -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -util-linux -vte-profile -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f34/missing-docs b/images/fedora/f34/missing-docs deleted file mode 100644 index b634f27b6..000000000 --- a/images/fedora/f34/missing-docs +++ /dev/null @@ -1,15 +0,0 @@ -acl -bash -curl -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -sed -systemd -tar diff --git a/images/fedora/f35/Containerfile b/images/fedora/f35/Containerfile deleted file mode 100644 index d84894b5a..000000000 --- a/images/fedora/f35/Containerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM registry.fedoraproject.org/fedora:35 - -ENV NAME=fedora-toolbox VERSION=35 -LABEL com.github.containers.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf -RUN dnf -y swap coreutils-single coreutils-full - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, networking (including Avahi), removable devices (like USB -sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev -database, etc.. - - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/machine-id`: optional, not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" -``` -The label `com.github.debarshiray.toolbox="true"` was used in previous versions -of toolbox but is currently deprecated. diff --git a/images/fedora/f35/extra-packages b/images/fedora/f35/extra-packages deleted file mode 100644 index cdd2aa10e..000000000 --- a/images/fedora/f35/extra-packages +++ /dev/null @@ -1,48 +0,0 @@ -bash-completion -bc -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iproute -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mesa-dri-drivers -mesa-vulkan-drivers -mtr -nano-default-editor -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -util-linux -vte-profile -vulkan-loader -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f35/missing-docs b/images/fedora/f35/missing-docs deleted file mode 100644 index b634f27b6..000000000 --- a/images/fedora/f35/missing-docs +++ /dev/null @@ -1,15 +0,0 @@ -acl -bash -curl -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -sed -systemd -tar diff --git a/images/fedora/f36/Containerfile b/images/fedora/f36/Containerfile deleted file mode 100644 index 0136d837a..000000000 --- a/images/fedora/f36/Containerfile +++ /dev/null @@ -1,43 +0,0 @@ -FROM registry.fedoraproject.org/fedora:36 - -ENV NAME=fedora-toolbox VERSION=36 -LABEL com.github.containers.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN rm /etc/rpm/macros.image-language-conf -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf - -RUN dnf -y upgrade -RUN dnf -y swap coreutils-single coreutils-full -RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks - -COPY missing-docs / -RUN dnf -y reinstall $(/dev/null; then \ - echo "$file: No such file or directory" >&2; \ - ret_val=1; \ - break; \ - fi; \ - done /dev/null; then \ - echo "$file: No such file or directory" >&2; \ - ret_val=1; \ - break; \ - fi; \ - done /dev/null; then \ - echo "$file: No such file or directory" >&2; \ - ret_val=1; \ - break; \ - fi; \ - done /dev/null; then \ - echo "$file: No such file or directory" >&2; \ - ret_val=1; \ - break; \ - fi; \ - done " - assert [ ${#lines[@]} -eq 3 ] + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 2 ] + else + assert [ ${#lines[@]} -eq 3 ] + fi + if check_bats_version 1.7.0; then assert [ ${#stderr_lines[@]} -eq 0 ] fi @@ -91,7 +97,13 @@ teardown() { assert_success assert_line --index 1 --partial "$default_image" assert_line --index 2 --partial "$default_image-copy" - assert [ ${#lines[@]} -eq 4 ] + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 3 ] + else + assert [ ${#lines[@]} -eq 4 ] + fi + if check_bats_version 1.7.0; then assert [ ${#stderr_lines[@]} -eq 0 ] fi @@ -113,7 +125,13 @@ teardown() { assert_success assert_line --index 1 --partial "fedora-toolbox:34" assert_line --index 2 --partial "$(get_system_id)-toolbox:$(get_system_version)" - assert [ ${#lines[@]} -eq 4 ] + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 3 ] + else + assert [ ${#lines[@]} -eq 4 ] + fi + if check_bats_version 1.7.0; then assert [ ${#stderr_lines[@]} -eq 0 ] fi @@ -125,7 +143,13 @@ teardown() { assert_line --index 1 --partial "$(get_system_id)-toolbox-$(get_system_version)" assert_line --index 2 --partial "non-default-one" assert_line --index 3 --partial "non-default-two" - assert [ ${#lines[@]} -eq 5 ] + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 4 ] + else + assert [ ${#lines[@]} -eq 5 ] + fi + if check_bats_version 1.7.0; then assert [ ${#stderr_lines[@]} -eq 0 ] fi @@ -139,7 +163,13 @@ teardown() { assert_line --index 5 --partial "$(get_system_id)-toolbox-$(get_system_version)" assert_line --index 6 --partial "non-default-one" assert_line --index 7 --partial "non-default-two" - assert [ ${#lines[@]} -eq 9 ] + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 8 ] + else + assert [ ${#lines[@]} -eq 9 ] + fi + if check_bats_version 1.7.0; then assert [ ${#stderr_lines[@]} -eq 0 ] fi @@ -159,7 +189,13 @@ teardown() { assert_line --index 1 --partial "" assert_line --index 2 --partial "fedora-toolbox:34" assert_line --index 3 --partial "$default_image" - assert [ ${#lines[@]} -eq 5 ] + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 4 ] + else + assert [ ${#lines[@]} -eq 5 ] + fi + if check_bats_version 1.7.0; then assert [ ${#stderr_lines[@]} -eq 0 ] fi diff --git a/test/system/104-run.bats b/test/system/104-run.bats index a7080de56..1f2a88e87 100644 --- a/test/system/104-run.bats +++ b/test/system/104-run.bats @@ -355,9 +355,15 @@ teardown() { assert [ ${#lines[@]} -eq 0 ] lines=("${stderr_lines[@]}") assert_line --index 0 "bash: line 1: /etc: Is a directory" - assert_line --index 1 "bash: line 1: exec: /etc: cannot execute: Is a directory" - assert_line --index 2 "Error: failed to invoke command /etc in container $(get_latest_container_name)" - assert [ ${#stderr_lines[@]} -eq 3 ] + + if [ ${#stderr_lines[@]} -eq 2 ]; then + assert_line --index 1 "Error: failed to invoke command /etc in container $(get_latest_container_name)" + elif [ ${#stderr_lines[@]} -eq 3 ]; then + assert_line --index 1 "bash: line 1: exec: /etc: cannot execute: Is a directory" + assert_line --index 2 "Error: failed to invoke command /etc in container $(get_latest_container_name)" + else + assert bash -c "[ ${#stderr_lines[@]} -eq 2 ] || [ ${#stderr_lines[@]} -eq 3 ]" + fi } @test "run: Try a non-existent command" { diff --git a/toolbox b/toolbox index c6d86e2b5..3f77193c2 100755 --- a/toolbox +++ b/toolbox @@ -1252,7 +1252,7 @@ init_container() fi if [ -d /run/host/monitor ] 2>&3; then - if ! localtime_target=$(readlink /etc/localtime >/dev/null 2>&3) \ + if ! localtime_target=$(readlink /etc/localtime 2>&3) \ || [ "$localtime_target" != "/run/host/monitor/localtime" ] 2>&3; then echo "$base_toolbox_command: redirecting /etc/localtime to /run/host/monitor/localtime" >&3