From 38783698eaf35b5bc3356830943903b1694a2db6 Mon Sep 17 00:00:00 2001 From: Andreas Runfalk Date: Mon, 24 May 2021 23:08:33 +0200 Subject: [PATCH] Use buildah for building images This allows us to build all Fedora images using the same script. Run it by calling `images/build-fedora` from the repository root. This also gets rid of the duplicated README files. --- images/build-fedora | 131 +++++++++++++++++++++++++ images/fedora/f28/Containerfile | 27 ------ images/fedora/f28/README.md | 1 - images/fedora/f28/extra-packages | 40 -------- images/fedora/f28/missing-docs | 22 ----- images/fedora/f29/Containerfile | 28 ------ images/fedora/f29/README.md | 1 - images/fedora/f29/extra-packages | 40 -------- images/fedora/f29/missing-docs | 20 ---- images/fedora/f30/Containerfile | 28 ------ images/fedora/f30/README.md | 1 - images/fedora/f30/extra-packages | 40 -------- images/fedora/f30/missing-docs | 18 ---- images/fedora/f31/Containerfile | 28 ------ images/fedora/f31/README.md | 1 - images/fedora/f31/extra-packages | 42 -------- images/fedora/f31/missing-docs | 18 ---- images/fedora/f32/Containerfile | 27 ------ images/fedora/f32/README.md | 162 ------------------------------- images/fedora/f32/extra-packages | 42 -------- images/fedora/f32/missing-docs | 18 ---- images/fedora/f33/Containerfile | 27 ------ images/fedora/f33/README.md | 162 ------------------------------- images/fedora/f33/extra-packages | 43 -------- images/fedora/f33/missing-docs | 15 --- images/fedora/f34/Containerfile | 27 ------ images/fedora/f34/README.md | 162 ------------------------------- images/fedora/f34/extra-packages | 43 -------- images/fedora/f34/missing-docs | 15 --- 29 files changed, 131 insertions(+), 1098 deletions(-) create mode 100755 images/build-fedora delete mode 100644 images/fedora/f28/Containerfile delete mode 120000 images/fedora/f28/README.md delete mode 100644 images/fedora/f28/extra-packages delete mode 100644 images/fedora/f28/missing-docs delete mode 100644 images/fedora/f29/Containerfile delete mode 120000 images/fedora/f29/README.md delete mode 100644 images/fedora/f29/extra-packages delete mode 100644 images/fedora/f29/missing-docs delete mode 100644 images/fedora/f30/Containerfile delete mode 120000 images/fedora/f30/README.md delete mode 100644 images/fedora/f30/extra-packages delete mode 100644 images/fedora/f30/missing-docs delete mode 100644 images/fedora/f31/Containerfile delete mode 120000 images/fedora/f31/README.md delete mode 100644 images/fedora/f31/extra-packages delete mode 100644 images/fedora/f31/missing-docs delete mode 100644 images/fedora/f32/Containerfile delete mode 100644 images/fedora/f32/README.md delete mode 100644 images/fedora/f32/extra-packages delete mode 100644 images/fedora/f32/missing-docs delete mode 100644 images/fedora/f33/Containerfile delete mode 100644 images/fedora/f33/README.md delete mode 100644 images/fedora/f33/extra-packages delete mode 100644 images/fedora/f33/missing-docs delete mode 100644 images/fedora/f34/Containerfile delete mode 100644 images/fedora/f34/README.md delete mode 100644 images/fedora/f34/extra-packages delete mode 100644 images/fedora/f34/missing-docs diff --git a/images/build-fedora b/images/build-fedora new file mode 100755 index 000000000..3ba8160b0 --- /dev/null +++ b/images/build-fedora @@ -0,0 +1,131 @@ +#!/bin/bash +set -Eeuo pipefail + +cd $(dirname "$0") + +if [ -z "${1+x}" ]; then + echo "Usage: $0 FEDORA_RELEASE_NUMBER" + exit 1 +fi + +if [[ ! "$1" =~ ^[0-9]+$ || "$1" -lt 28 ]]; then + echo "Invalid Fedora version '$1'. Earliest supported version is Fedora 28" + exit 1 +fi + +# Container name and version label +name="fedora-toolbox" +version=$1 + +# Build container +container=$(buildah from registry.fedoraproject.org/fedora:$version) + +# It's important to set environment variables before running the setup script +buildah config \ + --env NAME="$name" \ + --env VERSION="$version" \ + --label com.github.containers.toolbox="true" \ + --label com.github.debarshiray.toolbox="true" \ + --label com.redhat.component="$name" \ + --label name="$name" \ + --label version="$version" \ + --label usage="This image is meant to be used with the toolbox command" \ + --label summary="Base image for creating Fedora toolbox containers" \ + --label maintainer="Debarshi Ray " \ + --cmd /bin/sh \ + $container + +# Create script that runs inside the container (saves the script in $setup_script) +# || true is needed because read return 1 on EOF +tmp_setup_script=$(mktemp) +chmod +x "$tmp_setup_script" +cat <<'EOF' > $tmp_setup_script || true +#!/bin/bash +set -Eeuo pipefail + +# Enable docs installation +sed -i "/tsflags=nodocs/d" /etc/dnf/dnf.conf + +# Reinstall all currently installed packages to get docs +dnf -y reinstall $(dnf list --installed|cut -d' ' -f1) + +# Update every package to the latest version +dnf -y distro-sync + +# Add extra packages on a per release basis +case $VERSION in + 28) + extra_pkgs="PackageKit-command-not-found" + ;; + 29) + extra_pkgs="flatpak-xdg-utils" + ;; + 30) + extra_pkgs="flatpak-spawn" + ;; + 31|32) + extra_pkgs="flatpak-spawn xorg-x11-xauth gvfs-client" + ;; + 33|34) + extra_pkgs="flatpak-spawn xorg-x11-xauth gvfs-client nano-default-editor" + ;; + *) + extra_pkgs="" + ;; +esac + +# Install packages common for all versions (along with $extra_pkgs) +dnf -y install $extra_pkgs \ + bash-completion \ + bzip2 \ + diffutils \ + dnf-plugins-core \ + findutils \ + fpaste \ + git \ + gnupg \ + gnupg2-smime \ + hostname \ + iputils \ + jwhois \ + keyutils \ + krb5-libs \ + less \ + lsof \ + man-db \ + man-pages \ + mlocate \ + mtr \ + nss-mdns \ + openssh-clients \ + passwd \ + pigz \ + procps-ng \ + rsync \ + shadow-utils \ + sudo \ + tcpdump \ + time \ + traceroute \ + tree \ + unzip \ + vte-profile \ + wget \ + which \ + words \ + xz \ + zip + +# Clean package installation cache to save some space +dnf clean all +EOF + +# Inject and run setup script from $setup_script +buildah copy $container "$tmp_setup_script" /setup.sh +buildah run $container /setup.sh +buildah run $container rm /setup.sh + +# Add README and finish container +buildah copy $container ../README.md /README.md +buildah commit $container $name:$version +buildah rm $container diff --git a/images/fedora/f28/Containerfile b/images/fedora/f28/Containerfile deleted file mode 100644 index b1285bfcd..000000000 --- a/images/fedora/f28/Containerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM registry.fedoraproject.org/fedora:28 - -ENV NAME=fedora-toolbox VERSION=28 -LABEL com.github.debarshiray.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$FGC/$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf -RUN dnf -y swap coreutils-single coreutils-full - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, SSH agent, etc.. - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" \ - com.github.debarshiray.toolbox="true" -``` diff --git a/images/fedora/f32/extra-packages b/images/fedora/f32/extra-packages deleted file mode 100644 index 942271c74..000000000 --- a/images/fedora/f32/extra-packages +++ /dev/null @@ -1,42 +0,0 @@ -bash-completion -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mlocate -mtr -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -vte-profile -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f32/missing-docs b/images/fedora/f32/missing-docs deleted file mode 100644 index f1f56bc08..000000000 --- a/images/fedora/f32/missing-docs +++ /dev/null @@ -1,18 +0,0 @@ -acl -bash -chkconfig -curl -dbus-daemon -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -rpm-plugin-systemd-inhibit -sed -systemd -tar diff --git a/images/fedora/f33/Containerfile b/images/fedora/f33/Containerfile deleted file mode 100644 index 151e04552..000000000 --- a/images/fedora/f33/Containerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM registry.fedoraproject.org/fedora:33 - -ENV NAME=fedora-toolbox VERSION=33 -LABEL com.github.containers.toolbox="true" \ - com.github.debarshiray.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, SSH agent, etc.. - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" \ - com.github.debarshiray.toolbox="true" -``` diff --git a/images/fedora/f33/extra-packages b/images/fedora/f33/extra-packages deleted file mode 100644 index 12fe02fb8..000000000 --- a/images/fedora/f33/extra-packages +++ /dev/null @@ -1,43 +0,0 @@ -bash-completion -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mlocate -mtr -nano-default-editor -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -vte-profile -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f33/missing-docs b/images/fedora/f33/missing-docs deleted file mode 100644 index b634f27b6..000000000 --- a/images/fedora/f33/missing-docs +++ /dev/null @@ -1,15 +0,0 @@ -acl -bash -curl -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -sed -systemd -tar diff --git a/images/fedora/f34/Containerfile b/images/fedora/f34/Containerfile deleted file mode 100644 index 3d0ef8a8a..000000000 --- a/images/fedora/f34/Containerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM registry.fedoraproject.org/fedora:34 - -ENV NAME=fedora-toolbox VERSION=34 -LABEL com.github.containers.toolbox="true" \ - com.github.debarshiray.toolbox="true" \ - com.redhat.component="$NAME" \ - name="$NAME" \ - version="$VERSION" \ - usage="This image is meant to be used with the toolbox command" \ - summary="Base image for creating Fedora toolbox containers" \ - maintainer="Debarshi Ray " - -COPY README.md / - -RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf - -COPY missing-docs / -RUN dnf -y reinstall $( - -[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox) -[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic) - -[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/) -[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/) - -[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating -systems, which allows the use of containerized command line environments. It is -built on top of [Podman](https://podman.io/) and other standard container -technologies from [OCI](https://opencontainers.org/). - -This is particularly useful on -[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like -[Fedora CoreOS](https://coreos.fedoraproject.org/) and -[Silverblue](https://silverblue.fedoraproject.org/). The intention of these -systems is to discourage installation of software on the host, and instead -install software as (or in) containers — they mostly don't even have package -managers like DNF or YUM. This makes it difficult to set up a development -environment or install tools for debugging in the usual way. - -Toolbox solves this problem by providing a fully mutable container within -which one can install their favourite development and debugging tools, editors -and SDKs. For example, it's possible to do `yum install ansible` without -affecting the base operating system. - -However, this tool doesn't *require* using an OSTree based system. It works -equally well on Fedora Workstation and Server, and that's a useful way to -incrementally adopt containerization. - -The toolbox environment is based on an [OCI](https://www.opencontainers.org/) -image. On Fedora this is the `fedora-toolbox` image. This image is used to -create a toolbox container that seamlessly integrates with the rest of the -operating system by providing access to the user's home directory, the Wayland -and X11 sockets, SSH agent, etc.. - -## Installation - -Toolbox is installed by default on Fedora Silverblue. On other operating -systems it's just a matter of installing the `toolbox` package. - -## Usage - -### Create your toolbox container: -```console -[user@hostname ~]$ toolbox create -Created container: fedora-toolbox-33 -Enter with: toolbox enter -[user@hostname ~]$ -``` -This will create a container called `fedora-toolbox-`. - -### Enter the toolbox: -```console -[user@hostname ~]$ toolbox enter -⬢[user@toolbox ~]$ -``` - -### Remove a toolbox container: -```console -[user@hostname ~]$ toolbox rm fedora-toolbox-33 -[user@hostname ~]$ -``` - -## Dependencies and Building - -Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build -system. - -The following dependencies are required to build it: -- meson -- go-md2man -- systemd -- go -- ninja - -The following dependencies enable various optional features: -- bash-completion - -It can be built and installed as any other typical Meson-based project: -```console -[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir -[user@hostname toolbox]$ ninja -C builddir -[user@hostname toolbox]$ sudo ninja -C builddir install -``` - -Toolbox is written in Go. Consult the -[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file -for a full list of all the Go dependencies. - -By default, Toolbox uses Go modules and all the required Go packages are -automatically downloaded as part of the build. There's no need to worry about -the Go dependencies, unless the build environment doesn't have network access -or any such peculiarities. - -## Distro support - -By default, Toolbox creates the container using an -[OCI](https://www.opencontainers.org/) image called -`-toolbox:`, where `` and `` are taken from the -host's `/usr/lib/os-release`. For example, the default image on a Fedora 33 -host would be `fedora-toolbox:33`. - -This default can be overridden by the `--image` option in `toolbox create`, -but operating system distributors should provide an adequately configured -default image to ensure a smooth user experience. - -## Image requirements - -Toolbox customizes newly created containers in a certain way. This requires -certain tools and paths to be present and have certain characteristics inside -the OCI image. - -Tools: -* `getent(1)` -* `id(1)` -* `ln(1)` -* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `passwd(1)` -* `readlink(1)` -* `rm(1)` -* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home` -* `sleep(1)` -* `test(1)` -* `touch(1)` -* `unlink(1)` -* `useradd(8)` -* `usermod(8)` - -Paths: -* `/etc/host.conf`: optional, if present not a bind mount -* `/etc/hosts`: optional, if present not a bind mount -* `/etc/krb5.conf.d`: directory, not a bind mount -* `/etc/localtime`: optional, if present not a bind mount -* `/etc/resolv.conf`: optional, if present not a bind mount -* `/etc/timezone`: optional, if present not a bind mount - -Toolbox enables `sudo(8)` access inside containers. The following is necessary -for that to work: - -* The image should have `sudo(8)` enabled for users belonging to either the - `sudo` or `wheel` groups, and the group itself should exist. File an - [issue](https://github.com/containers/toolbox/issues/new) if you really need - support for a different group. However, it's preferable to keep this list as - short as possible. - -* The image should allow empty passwords for `sudo(8)`. This can be achieved - by either adding the `nullok` option to the `PAM(8)` configuration, or by - add the `NOPASSWD` tag to the `sudoers(5)` configuration. - -Since Toolbox only works with OCI images that fulfill certain requirements, -it will refuse images that aren't tagged with -`com.github.containers.toolbox="true"` and -`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be -used by the maintainer of the image to indicate that they have read this -document and tested that the image works with Toolbox. You can use the -following snippet in a Dockerfile for this: -```Dockerfile -LABEL com.github.containers.toolbox="true" \ - com.github.debarshiray.toolbox="true" -``` diff --git a/images/fedora/f34/extra-packages b/images/fedora/f34/extra-packages deleted file mode 100644 index 12fe02fb8..000000000 --- a/images/fedora/f34/extra-packages +++ /dev/null @@ -1,43 +0,0 @@ -bash-completion -bzip2 -diffutils -dnf-plugins-core -findutils -flatpak-spawn -fpaste -git -gnupg -gnupg2-smime -gvfs-client -hostname -iputils -jwhois -keyutils -krb5-libs -less -lsof -man-db -man-pages -mlocate -mtr -nano-default-editor -nss-mdns -openssh-clients -passwd -pigz -procps-ng -rsync -shadow-utils -sudo -tcpdump -time -traceroute -tree -unzip -vte-profile -wget -which -words -xorg-x11-xauth -xz -zip diff --git a/images/fedora/f34/missing-docs b/images/fedora/f34/missing-docs deleted file mode 100644 index b634f27b6..000000000 --- a/images/fedora/f34/missing-docs +++ /dev/null @@ -1,15 +0,0 @@ -acl -bash -curl -gawk -grep -gzip -libcap -openssl -p11-kit -pam -python3 -rpm -sed -systemd -tar