1e4fcddfc2
Make Unit-test happy... again.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:16 +03:00
e1b2270d64
Use a pipe to temp file to cleanly capture required output for export subcommand and use a custom runCommand to supress stdout to the host Console.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:16 +03:00
a276d3f146
Make Unit test happy again.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:16 +03:00
fcf28d4a0a
Fix Tests.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:16 +03:00
fbe46ca7c7
Hot fix: Regression when removing.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
75e418ed99
Hot fix: Discard invalid output from the run with output.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
534e56d71b
Add Test
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
b70a94d713
Update export.go
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
2e8f6fca3b
Update unexport.go
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
c913579025
Add missing asert
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
66ecdcdda5
Fix Test 2
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
2a39b488c9
Fix Test
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
6f372f0381
Fix Test Failure due to missing .local/bin
...
We forgot to create the .local/bin directory in $HOME when calling exportBinary unlike exportApplication, where we make sure we create .local/share/applications.
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
3022520564
Try Tests again
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
2c7f7d2501
Try Tests.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:15 +03:00
96c0f8fb4d
Update utils.go
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
83e1f21a8b
Update utils.go
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
257af251f1
Format Code properly
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
967f5c515a
Use new RunCommandwithOutput Function instead of calling toolbox from
...
toolbox
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
849f06440b
Add flagcompletion to --container flag
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
8f66ed2db7
Unexport on Delete
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
2c8ae21f47
Add helper function for deletion
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
e4e414ad19
Import Utils
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
4805d70764
Update toolbox.1.md
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
f84d5f8416
Update toolbox-unexport.1.md
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
4ec89ed1d6
Update toolbox-export.1.md
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:14 +03:00
3054161c87
Update unexport.go
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
95e0bf2e31
Update export.go
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
6917465aac
Add unexport Help
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
0bb8b677b3
add help function
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
230ac941b9
Add new subcommands to common Usage
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
cc714d6af7
Add Docs to new Features
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
1dad3c86fe
Add unexport and export.
...
Signed-off-by: Hadi Chokr <hadichokr@icloud.com>
2025-08-18 20:46:13 +03:00
e3ce0bc457
Prepare 0.2
...
https://github.com/containers/toolbox/pull/1703
2025-08-08 21:38:17 +02:00
b7e70e28c4
test/system: Tighten the regular expression used to check the version
...
The MAJOR version will always be 0, the MINOR version can't be 0 after
the release of 0.1.0; until 1.0.0 or 1.0 is released, which won't happen
in the short-term future. Similarly, the MICRO version can't be 0 after
the release of 0.1.1, until 0.2.0 is released.
Future releases will default to not having a MICRO version and use a
MAJOR.MINOR versioning scheme. A MICRO version will be reserved for the
same purposes that a NANO version was reserved for until now, and it
will never be 0.
Tighten the regular expression used to check the version to match this
present reality. It can be revisited when 1.0 is eventually released.
https://github.com/containers/toolbox/pull/1703
2025-08-08 21:38:17 +02:00
e2dda19349
test/system: Prepare for shorter version numbers
...
Toolbx started out with a MAJOR.MINOR.MICRO versioning scheme. eg.,
0.0.1, 0.0.2, etc.. A NANO version was reserved for releases to address
brown paper bag bugs [1] or other critical issues, and release
candidates. eg., a few releases used the MAJOR.MINOR.MICRO.NANO
versioning scheme between 0.0.98 and 0.1.0 to act as an extended set of
release candidates for the dot-zero 0.1.0 release.
The MAJOR.MINOR.MICRO versioning scheme was meant to indicate the
nascent nature of the Toolbx project and the ideas behind it when it
first started in August 2018. It's been seven years since then, and
both the project and the ideas that it implements are a lot more mature
and widely adopted. So much so, that there are a few independent
reimplementations today [2,3].
In version 0.0.90, Toolbx switched from a POSIX shell implementation to
a Go implementation. The practice of bundling and statically linking
the Go dependencies sometimes makes it necessary to update the
dependencies to address security bugs or other critical issues. It's
more convenient to do this as part of an upstream release than through
downstream patches by distributors.
Hence, it will be helpful for downstream distributors, especially those
that offer long-term support, to have targeted bug-fix releases that
only have the critical dependency updates or other critical fixes, and
nothing else.
To address this situation, future releases will default to not having a
MICRO version and use a MAJOR.MINOR versioning scheme. A MICRO version
will be reserved for the same purposes that a NANO version was reserved
for until now.
It's easier to read and remember a shorter MAJOR.MINOR version than a
longer one, and appropriately conveys the maturity of the project. When
a MICRO version is needed, it will also be easier to read and remember
than a longer one with a NANO version.
As per this new scheme, the next release will be version 0.2.
[1] https://www.computer-dictionary-online.org/definitions-b/brown-paper-bag-bug
[2] https://github.com/89luca89/distrobox/
[3] https://github.com/openSUSE/microos-toolbox/
https://github.com/containers/toolbox/pull/1703
2025-08-08 21:11:16 +02:00
7fa23036cd
.mailmap: Canonicalize Mario's name
...
From now on, masch <the.masch@gmail.com> will show up as Mario Sebastian
Chacon <the.masch@gmail.com>.
https://github.com/containers/toolbox/pull/1703
2025-08-08 14:27:31 +02:00
a273d25c1c
NEWS: Add missing entry about the minimum Go version
...
Fallout from 82e85bac9f40e3c5a63fhttps://github.com/containers/toolbox/pull/1700
2025-08-08 01:15:36 +02:00
39e0800867
pkg/utils, test/system: Preserve the Konsole profile, tab and window
...
Konsole injects the name of the current profile, and the identifiers
of the current tab and window into the process running inside it
through the KONSOLE_PROFILE_NAME, KONSOLE_DBUS_SESSION and
KONSOLE_DBUS_WINDOW environment variables respectively [1,2,3]. These
are used by programs like Neovim to detect the terminal features
supported by Konsole [4,5], or by users to save the shell's history
separately for each profile, tab or window [6].
These environment variables are not meant to be set by the shell's
start-up scripts, but directly by Konsole, and hence needs to be
preserved across the host operating system and Toolbx container.
Note that KONSOLE_PROFILE_NAME was later removed from Konsole [7].
However, Neovim still uses it, so it's better to preserve it.
[1] Konsole commit debfec2eb3c8ede8
https://invent.kde.org/utilities/konsole/-/commit/debfec2eb3c8ede8
https://bugs.kde.org/show_bug.cgi?id=227296
[2] Konsole commit fcd815256c3729f2
https://invent.kde.org/utilities/konsole/-/commit/fcd815256c3729f2
[3] Konsole commit 07cddfe302233c35
https://invent.kde.org/utilities/konsole/-/commit/07cddfe302233c35
https://bugs.kde.org/show_bug.cgi?id=276912
https://bugs.kde.org/show_bug.cgi?id=281513
https://bugs.kde.org/show_bug.cgi?id=292309
[4] Neovim commit 5fc4c2d442f01ab5
https://github.com/neovim/neovim/commit/5fc4c2d442f01ab5
https://github.com/neovim/neovim/pull/3129
[5] Neovim commit 3ccd59ee8216f3da
https://github.com/neovim/neovim/commit/3ccd59ee8216f3da
https://github.com/neovim/neovim/pull/6432
https://github.com/neovim/neovim/issues/6429
https://github.com/neovim/neovim/issues/6430
[6] https://userbase.kde.org/Konsole/en
[7] Konsole commit 9e3a30fdca2078e0
https://invent.kde.org/utilities/konsole/-/commit/9e3a30fdca2078e0
https://bugs.kde.org/show_bug.cgi?id=406955
https://github.com/containers/toolbox/issues/1449
https://github.com/containers/toolbox/pull/1696
https://github.com/containers/toolbox/pull/1698
2025-08-08 01:08:55 +02:00
1f127759b3
pkg/utils: Preserve environment variables set by a KDE session
...
A KDE session sets some environment variables to influence the behaviour
of various programs and to access various settings [1]. eg., if the
KDE_SESSION_VERSION environment variable is absent then applications
won't respect KDE's theme or display scaling settings.
These environment variables are not meant to be set by the shell's
start-up scripts, but directly by KDE, and hence needs to be preserved
across the host operating system and Toolbx container.
[1] https://userbase.kde.org/KDE_System_Administration/Environment_Variables
https://github.com/containers/toolbox/pull/1696
https://github.com/containers/toolbox/pull/1698
2025-08-08 01:08:55 +02:00
6c98db6ba2
test/system: Unbreak the 'toolbox run /etc' tests with Bash >= 5.3
...
Bash 5.3.0 changed the error messages shown by its exec built-in [1].
With Bash 5.2.37:
$ exec /etc
bash: /etc: Is a directory
bash: exec: /etc: cannot execute: Is a directory
With Bash 5.3.0:
$ exec /etc
bash: /etc: Is a directory
The 'assert' function cannot directly handle compound commands. So,
those need to be wrapped in 'bash -c "..."' [2].
[1] Bash commit b8c60bc9ca365f82
See how exec_builtin() handles EX_NOEXEC and EISDIR from
shell_execve() to avoid printing a duplicate error message.
https://cgit.git.savannah.gnu.org/cgit/bash.git/commit/?id=b8c60bc9ca365f82
[2] https://github.com/bats-core/bats-assert
https://github.com/containers/toolbox/pull/1688
https://github.com/containers/toolbox/pull/1699
2025-08-08 01:07:31 +02:00
d32dd5d322
Fix resolving /etc/localtime
...
Detected by https://www.shellcheck.net/ :
Line 1255:
if ! localtime_target=$(readlink /etc/localtime >/dev/null 2>&3) \
^-- SC2327 (warning): This command substitution
will be empty because the command's output
gets redirected away.
^-- SC2328 (error):
This redirection
takes output away
from the command
substitution.
See:
https://www.shellcheck.net/wiki/SC2327
https://www.shellcheck.net/wiki/SC2328
Fallout from 8db414ddc2https://github.com/containers/toolbox/pull/1701
2025-08-08 01:05:55 +02:00
f1f7d9c3d3
cmd/initContainer: Unbreak access to CA certificates in sshd(8) sessions
...
When a Toolbx container is set up to use the p11-kit-client.so PKCS #11
module instead of the usual p11-kit-trust.so module, the
P11_KIT_SERVER_ADDRESS environment variable must be set inside the
container, so that it can communicate with the host operating system.
Currently, this works as described above with the 'enter' and 'run'
commands, but not within child sessions started by an sshd(8) [1]
instance running inside a container, because P11_KIT_SERVER_ADDRESS is
absent.
To make this work, sshd(8) [1] must be configured [2] to set
P11_KIT_SERVER_ADDRESS in its child sessions.
If sshd(8) uses the /etc/ssh/sshd_config.d directory for configuration,
then the entry point will automatically do this from now on. This
requires at least OpenSSH 8.2, which added support for the 'Include'
directive in sshd_config(5) [2,3], and the directive must be used to
include the configuration from /etc/ssh/sshd_config.d.
Otherwise, the user will have to do it themself. eg., Ubuntu 16.04
Xenial Xerus and 18.04 Bionic Beaver don't use /etc/ssh/sshd_config.d
because their OpenSSH is too old [4,5].
Note that the permissions of the /etc/ssh/sshd_config.d directory and
its contents differ across operating system distributions. OSes within
the Fedora family use 0700 for the directory and 0600 for its contents.
Arch Linux and Ubuntu use 0755 and 0644. The entry point tries to
follow the permissions used by the distribution.
Fallout from 5ed2442214https://man7.org/linux/man-pages/man8/sshd.8.html
[2] https://man7.org/linux/man-pages/man5/sshd_config.5.html
[3] OpenSSH commit c2bd7f74b0e0f3a3
https://github.com/openssh/openssh-portable/commit/c2bd7f74b0e0f3a3
https://bugzilla.mindrot.org/show_bug.cgi?id=2468
[4] https://code.launchpad.net/~git-ubuntu-import/ubuntu/+source/openssh/+git/openssh/+ref/ubuntu/xenial-updates
[5] https://code.launchpad.net/~git-ubuntu-import/ubuntu/+source/openssh/+git/openssh/+ref/ubuntu/bionic-updates
https://github.com/containers/toolbox/issues/626
https://github.com/containers/toolbox/issues/1674
2025-08-07 14:32:28 +02:00
55582290eb
cmd/initContainer: Detect mount points when creating symbolic links
...
An error like this shouldn't happen unless Podman did something
unexpected or was used wrong or something else happened that inserted an
unexpected mount point in the container to surprise the entry point.
eg., removing the --no-hosts option from 'podman create' will trigger
this.
This change replaces the more generic error message:
$ toolbox enter
Error: failed to redirect /etc/hosts to /run/host/etc/hosts: remove
/etc/hosts: device or resource busy
... to something more precise:
$ toolbox enter
Error: failed to redirect /etc/hosts to /run/host/etc/hosts:
/etc/hosts is a mount point
https://github.com/containers/toolbox/pull/1692
2025-07-31 00:01:09 +02:00
655e5cca51
cmd/initContainer: Fail if non-folder files can't be removed for linking
...
There's no reason to ignore an error when trying to remove a file within
the container that's not a directory, before turning it into a symbolic
link.
The POSIX shell implementation didn't make any distinction between
directories and other types of files.
For files that aren't directories, it did:
cd /path/to \
&& rm --force file \
&& ln --symbolic /run/host/path/to/file file
For directories, it did:
rmdir /path/to/directory \
&& mkdir --parents /path/to/target \
&& ln --symbolic /path/to/target /path/to/directory
It's possible that this was a misunderstanding about the behaviour of
'rm --force' when writing the Go implementation. It only ignores errors
arising from missing files, and not every error [1]. eg., if the file
is a mount point, it won't ignore the error:
$ sudo mount --rbind /etc/machine-id foo
$ rm --force foo
rm: cannot remove 'foo': Device or resource busy
Fallout from 772b66bf3ehttps://man7.org/linux/man-pages/man1/rm.1.html
https://github.com/containers/toolbox/pull/1692
2025-07-30 23:49:23 +02:00
87b4c0c3e3
cmd/initContainer: Use errors.Is() instead of os.IsNotExist()
...
The os.IsNotExist() function [1] predates the introduction of the
errors.Is() function [2] in Go 1.13 [3]. From Go >= 1.16, the
documentation explicitly recommends the use of errors.Is() instead of
os.IsNotExist() [4].
The Go implementation of Toolbx never used any Go older than 1.13 [5],
and currently it requires Go >= 1.22 [6]. So, there's no reason not to
use the more modern and recommended alternative.
[1] https://pkg.go.dev/os#IsNotExist
[2] https://pkg.go.dev/errors#Is
[3] https://go.dev/blog/go1.13-errors
[4] Go commit b641f0dcf48aa748
https://github.com/golang/go/commit/b641f0dcf48aa748
https://github.com/golang/go/issues/41122
[5] Commit d857471aa2https://github.com/containers/toolbox/commit/d857471aa2f233e5
https://github.com/containers/toolbox/pull/318
[6] Commit eb73692618https://github.com/containers/toolbox/commit/eb736926183b1c20
https://github.com/containers/toolbox/pull/1662
https://github.com/containers/toolbox/pull/1691
2025-07-30 22:00:05 +02:00
a61b85cf8f
playbooks/dependencies-fedora: Unbreak the missing subordinate ID ranges
...
On Fedora 42 onwards, useradd(8) stopped automatically assigning
subordinate group and user ID ranges [1,2] to address a security concern
marked as CVE-2024-56433 [3]. This breaks rootless Podman and Skopeo,
and therefore Toolbx [4].
Restore the subordinate group and user ID ranges until a different
solution emerges.
[1] Fedora shadow-utils commit e1cfa31731cd68aa
https://src.fedoraproject.org/rpms/shadow-utils/c/e1cfa31731cd68aa
https://bugzilla.redhat.com/show_bug.cgi?id=2334168
[2] Fedora shadow-utils commit 4929903292e027ca
https://src.fedoraproject.org/rpms/shadow-utils/c/4929903292e027ca
https://bugzilla.redhat.com/show_bug.cgi?id=2334169
[3] https://github.com/shadow-maint/shadow/issues/1157
[4] https://bugzilla.redhat.com/show_bug.cgi?id=2382662
https://github.com/containers/toolbox/pull/1688
2025-07-25 00:09:02 +02:00
69fb9c3bb5
build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.8
...
... for CVE-2025-23266 and CVE-2025-23267.
The src/go.sum file was updated with 'go mod tidy'.
https://github.com/containers/toolbox/pull/1687
2025-07-22 10:21:55 +02:00
b3d259ca07
build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.7
...
The src/go.sum file was updated with 'go mod tidy'.
https://github.com/containers/toolbox/pull/1687
2025-07-21 22:47:33 +02:00
fd0a7bf418
build: Bump github.com/NVIDIA/go-nvlib to 0.7.2
...
The src/go.sum file was updated with 'go mod tidy'.
https://github.com/containers/toolbox/pull/1687
2025-07-21 22:37:58 +02:00
Hadi Chokr
Debarshi Ray
Brian Koropoff
Dalibor Kricka
Tino Calancha