Hello community, here is the log from the commit of package toolbox for openSUSE:Factory checked in at 2020-02-20 14:53:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/toolbox (Old) and /work/SRC/openSUSE:Factory/.toolbox.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "toolbox" Thu Feb 20 14:53:36 2020 rev:3 rq:774805 version:1.0+git20200217.cd18bfb Changes: -------- --- /work/SRC/openSUSE:Factory/toolbox/toolbox.changes 2019-10-17 12:18:12.043787731 +0200 +++ /work/SRC/openSUSE:Factory/.toolbox.new.26092/toolbox.changes 2020-02-20 14:53:45.310096396 +0100 @@ -1,0 +2,10 @@ +Mon Feb 17 09:07:33 UTC 2020 - [email protected] + +- Update to version 1.0+git20200217.cd18bfb: + * Multiple toolboxes, with different names + * Configure `sudo` access for an user toolbox + * Correctly setup the user + * Add -u|--user parameter + * Handle arguments with 'getopt' + +------------------------------------------------------------------- Old: ---- microos-toolbox-1.0+git20191014.3034fbc.tar.xz New: ---- microos-toolbox-1.0+git20200217.cd18bfb.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ toolbox.spec ++++++ --- /var/tmp/diff_new_pack.VLd9TK/_old 2020-02-20 14:53:46.170098128 +0100 +++ /var/tmp/diff_new_pack.VLd9TK/_new 2020-02-20 14:53:46.174098136 +0100 @@ -1,7 +1,7 @@ # # spec file for package toolbox # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: toolbox -Version: 1.0+git20191014.3034fbc +Version: 1.0+git20200217.cd18bfb Release: 0 Summary: Script to start a toolbox container for system debugging License: Apache-2.0 ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.VLd9TK/_old 2020-02-20 14:53:46.210098208 +0100 +++ /var/tmp/diff_new_pack.VLd9TK/_new 2020-02-20 14:53:46.210098208 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/thkukuk/microos-toolbox.git</param> - <param name="changesrevision">3034fbcdb4e1df26a02a9466cbf96a156f1d6dbe</param> + <param name="changesrevision">31d14b2d9f89fc91eb57b417f7209b4d6a86996e</param> </service> </servicedata> \ No newline at end of file ++++++ microos-toolbox-1.0+git20191014.3034fbc.tar.xz -> microos-toolbox-1.0+git20200217.cd18bfb.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-toolbox-1.0+git20191014.3034fbc/README.md new/microos-toolbox-1.0+git20200217.cd18bfb/README.md --- old/microos-toolbox-1.0+git20191014.3034fbc/README.md 2019-10-14 14:39:14.000000000 +0200 +++ new/microos-toolbox-1.0+git20200217.cd18bfb/README.md 2020-02-17 10:06:19.000000000 +0100 @@ -33,6 +33,62 @@ sh-5.0# vi /media/root/etc/passwd ``` +### Usage as user + +In case an proper user environment is what one wants (e.g., for development), the `-u` (or `--user`) option can be used: + +``` +$ id -a +uid=1000(dario) gid=1000(dario) groups=1000(dario),... +$ ./toolbox -u +Spawning a container 'toolbox-dario-user' with image 'registry.opensuse.org/opensuse/toolbox' +a0a5a332ee6d2a8dff6d8fb68a9ac70aeaacc9d531cf82f610ae48bec9e93ea1 +toolbox-dario-user +Setting up user 'dario' inside the container... +(NOTE that, if 'sudo' and related packages are not present in the image already, +this may take some time. But this will only happen now that the toolbox is being created) +Container started successfully. To exit, type 'exit'. +dario@toolbox:~> +... +dario@toolbox:~> id -a +uid=1000(dario) gid=1000(dario) groups=1000(dario) +dario@toolbox:~> echo $HOME +/home/dario +dario@toolbox:~> ls $HOME/.. -l +total 0 +drwxr-xr-x 1 dario dario 2422 Feb 14 10:22 dario +``` + +The user will have (paswordless) `sudo` access so, e.g., packages can be installed, etc: + +``` +$ ./toolbox -u +Spawning a container 'toolbox-dario-user' with image 'registry.opensuse.org/opensuse/toolbox' +4a05e36edb55776ae5f32cb736529ba94bdea4a39a8e5d6258ca230f646da733 +toolbox-dario-user +Setting up user 'dario' (with 'sudo' access) inside the container... +(NOTE that, if 'sudo' and related packages are not present in the image already, +this may take some time. But this will only happen now that the toolbox is being created) +Container started successfully. To exit, type 'exit'. +dario@toolbox:~> +... +dario@toolbox:~> sudo zypper install gcc +Loading repository data... +Reading installed packages... +Resolving package dependencies... + +The following 17 NEW packages are going to be installed: + binutils cpp cpp9 gcc gcc9 glibc-devel libasan5 libatomic1 libgomp1 libisl22 libitm1 liblsan0 libmpc3 libtsan0 libubsan1 libxcrypt-devel linux-glibc-devel + +17 new packages to install. +Overall download size: 42.6 MiB. Already cached: 0 B. After the operation, additional 179.7 MiB will be used. +Continue? [y/n/v/...? shows all options] (y): +... +dario@toolbox:~> gcc +gcc: fatal error: no input files +compilation terminated. +``` + ## Advanced Usage ### Use a custom image @@ -51,6 +107,37 @@ toolbox called by a normal user will start the toolbox container, too, but the root filesystem cannot be modified. Running toolbox with sudo has the disadvantage, that the .toolboxrc from root and not the user is used. To run the toolbox container with root rights, `toolbox --root` has to be used. +### Multiple Toolboxes + +It is possible to want to create multiple toolboxes, especially user ones. For instance, one may want to create a special user toolbox, inside which doing development of virtualization related projects. This is possible by adding a tag to a toolbox name, via the `toolbox --tag <tag>` option: + +``` +$ podman ps --all +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +b20985e6de68 registry.opensuse.org/opensuse/toolbox:latest /bin/bash 57 seconds ago Exited (0) 3 seconds ago toolbox-dario-user +... +$ ./toolbox -u +Container 'toolbox-dario-user' already exists. Trying to start... +(To remove the container and start with a fresh toolbox, run: podman rm 'toolbox-dario-user') +toolbox-dario-user +Container started successfully. To exit, type 'exit'. +... +$ ./toolbox -u -t virt +Spawning a container 'toolbox-dario-user-virt' with image 'registry.opensuse.org/opensuse/toolbox' +0dbfbe02b0201bee9ae3a53c66db70ab621eae914c013e0b2e7a34837adde527 +toolbox-dario-user-virt +Setting up user 'dario' (with 'sudo' access) inside the container... +(NOTE that, if 'sudo' and related packages are not present in the image already, +this may take some time. But this will only happen now that the toolbox is being created) +Container started successfully. To exit, type 'exit'. +dario@toolbox:~> +... +dario@toolbox:~> exit +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +0dbfbe02b020 registry.opensuse.org/opensuse/toolbox:latest /bin/bash 8 minutes ago Exited (0) 6 minutes ago toolbox-dario-user-virt +b20985e6de68 registry.opensuse.org/opensuse/toolbox:latest /bin/bash 10 minutes ago Exited (0) 7 minutes ago toolbox-dario-user +``` + ### Automatically enter toolbox on login Set an `/etc/passwd` entry for one of the users to `/usr/bin/toolbox`: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-toolbox-1.0+git20191014.3034fbc/toolbox new/microos-toolbox-1.0+git20200217.cd18bfb/toolbox --- old/microos-toolbox-1.0+git20191014.3034fbc/toolbox 2019-10-14 14:39:14.000000000 +0200 +++ new/microos-toolbox-1.0+git20200217.cd18bfb/toolbox 2020-02-17 10:06:19.000000000 +0100 @@ -50,6 +50,8 @@ container_runlabel return fi + # We want to do the user setup only when the container is created for the first time + [[ ! -z ${CREATE_AS_USER} ]] && SETUP_USER=true else echo "Container '$TOOLBOX_NAME' already exists. Trying to start..." echo "(To remove the container and start with a fresh toolbox, run: podman rm '$TOOLBOX_NAME')" @@ -63,6 +65,22 @@ return 1 fi + if [[ "${SETUP_USER}" = "true" ]]; then + echo "Setting up user '${USER_NAME}' (with 'sudo' access) inside the container..." + echo "(NOTE that, if 'sudo' and related packages are not present in the image already," + echo "this may take some time. But this will only happen now that the toolbox is being created)" + cat <<EOF > /tmp/${TOOLBOX_NAME}-user-setup.sh +#!/bin/bash +groupadd -g ${USER_GID} ${USER_GNAME} &> /dev/null +useradd -M -N -g ${USER_GNAME} -u ${USER_ID} ${USER_NAME} &> /dev/null +zypper install -y --no-recommends sudo system-group-wheel &> /dev/null +echo "%wheel ALL = (root) NOPASSWD:ALL" > /etc/sudoers.d/wheel 2> /dev/null +usermod -G wheel -a ${USER_NAME} &> /dev/null +EOF + ${SUDO} podman cp /tmp/${TOOLBOX_NAME}-user-setup.sh ${TOOLBOX_NAME}:/tmp/user-setup.sh + ${SUDO} podman exec --user root ${TOOLBOX_NAME} bash /tmp/user-setup.sh + fi + echo "Container started successfully. To exit, type 'exit'." container_exec "$@" } @@ -98,7 +116,7 @@ --network host \ --privileged \ --security-opt label=disable \ - --tty \ + --tty ${CREATE_AS_USER} \ --volume /:/media/root:rslave \ "$TOOLBOX_IMAGE" 2>&1; then echo "$0: failed to create container '$TOOLBOX_NAME'" @@ -125,20 +143,22 @@ --env LANG="$LANG" \ --env TERM="$TERM" \ --interactive \ - --tty \ + --tty ${EXEC_AS_USER} \ "$TOOLBOX_NAME" \ "$@" } show_help() { - echo "USAGE: toolbox [-h/--help]|[-r/--root] [command] + echo "USAGE: toolbox [[-h/--help] | [-r/--root] [-u/--user] [-t/--tag <tag>] [command]] toolbox is a small script that launches a container to let you bring in your favorite debugging or admin tools. The toolbox container is a pet container and will be restarted on following runs. To remove the container and start fresh, do podman rm ${TOOLBOX_NAME}. Options: -h/--help: Shows this help message + -u/--user: Run as the current user inside the container -r/--root: Runs podman via sudo as root + -t/--tag <tag>: Add <tag> to the toolbox name You may override the following variables by setting them in ${TOOLBOXRC}: - REGISTRY: The registry to pull from. Default: $REGISTRY @@ -157,14 +177,46 @@ # Execute setup first so we get proper variables setup # If we are passed a help switch, show help and exit - if [[ "$1" =~ ^(--help|-h)$ ]]; then - show_help - exit 0 - fi - if [[ "$1" =~ ^(--root|-r)$ ]]; then - shift - SUDO=sudo - fi + ARGS=`getopt -o hrut: --long help,root,user,tag: -n toolbox -- "$@"` + eval set -- "$ARGS" + while true; do + case "$1" in + -h|--help) + show_help + exit 0 + ;; + -r|--root) + shift + SUDO=sudo + ;; + -u|--user) + shift + USER_ID=`id -u`; USER_GID=`id -g` + USER_NAME=`id -un` ; USER_GNAME=`id -gn` + USER_HOME=$HOME + TOOLBOX_NAME="${TOOLBOX_NAME}-user" + + # We want to keep the pid namespace of the running user. + # We, however, use root:root while creating, so that later we + # can modify the user's name, groups, etc, within the container. + CREATE_AS_USER="--pid host --userns=keep-id -v ${HOME}:${HOME} --user root:root -w `pwd`" + EXEC_AS_USER="--user ${USER_ID}:${USER_GID}" + ;; + -t|--tag) + TOOLBOX_NAME="${TOOLBOX_NAME}-$2" + shift 2 + ;; + --) + shift + break + ;; + *) + echo "unknown parameter: '$1'" + show_help + exit 1 + ;; + esac + done if [ -z "$*" ]; then run ${TOOLBOX_SHELL}
