Compare commits

...

114 Commits

Author SHA1 Message Date
Debarshi Ray eb73692618 build, pkg/nvidia: Bump NVIDIA Container Toolkit to 1.17.5
NVIDIA Container Toolkit 1.17.5 requires Go >= 1.22 [1], and starts
using enable-cuda-compat hooks in the Container Device Interface
specification generated by it [2].  For example:
  "hookName": "createContainer",
  "path": "/usr/bin/nvidia-cdi-hook",
  "args": [
    "nvidia-cdi-hook",
    "enable-cuda-compat",
    "--host-driver-version=570.153.02"
  ]

The new hook makes it possible to have containers with a
/usr/local/cuda/compat/libcuda.so.* that's newer than the proprietary
NVIDIA driver on the host operating system, so that applications can use
a newer CUDA without having to update the driver [3].  Even though this
sounds useful, the hook has been disabled until it's handled by the
'init-container' command and there's a clear way to test it.

The src/go.sum file was updated with 'go mod tidy'.

[1] NVIDIA Container Toolkit commit 5bdf14b1e7c24763
    https://github.com/NVIDIA/nvidia-container-toolkit/commit/5bdf14b1e7c24763
    https://github.com/NVIDIA/nvidia-container-toolkit/pull/941
    https://github.com/NVIDIA/nvidia-container-toolkit/pull/950

[2] NVIDIA Container Toolkit commit 76040ff2ad63fb82
    https://github.com/NVIDIA/nvidia-container-toolkit/commit/76040ff2ad63fb82
    https://github.com/NVIDIA/nvidia-container-toolkit/pull/906
    https://github.com/NVIDIA/nvidia-container-toolkit/pull/948

[3] https://docs.nvidia.com/deploy/cuda-compatibility/

https://github.com/containers/toolbox/pull/1662
2025-06-11 21:30:11 +02:00
Debarshi Ray a49f70effe build: Bump tags.cncf.io/container-device-interface to 0.8.1
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1662
2025-06-11 15:22:06 +02:00
Debarshi Ray 40e3c5a63f Prepare 0.1.2
https://github.com/containers/toolbox/pull/1653
2025-06-03 22:08:50 +02:00
Debarshi Ray 231904e5ad build: Unbreak 'go build' by using micro version in go.mod's go line
Currently, 'go build' is failing on Fedora 42 Workstation:
  $ meson compile -C builddir --verbose
  ...
  /path/src/go-build-wrapper /path/src /path/builddir src/toolbox 0.1.1
      cc /lib64/ld-linux-x86-64.so.2 false
  go: updates to go.mod needed; to update it:
          go mod tidy
  ninja: build stopped: subcommand failed.

... with Go version:
  $ go version
  go version go1.24.3 linux/amd64
  $ rpm -q golang
  golang-1.24.3-2.fc42.x86_64

Strangely, the CI hasn't been failing on Fedora 42 with the same Go
version [1].

Starting from Go version 1.21.0, Go started using an explicit 0 micro
version instead of skipping it - compare Go 1.20 and 1.21.0 [2].  It
looks like recent versions of Go are pedantic about using the exact
version number.

[1] https://github.com/containers/toolbox/pull/1657

[2] https://github.com/golang/go/releases/tag/go1.20
    https://github.com/golang/go/releases/tag/go1.21.0

https://github.com/containers/toolbox/pull/1659
2025-06-03 22:07:00 +02:00
Debarshi Ray 9ac6728597 build: Bump github.com/spf13/viper to 1.20.1
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1656
2025-06-02 22:34:17 +02:00
Debarshi Ray 7ee347278e .github, build, playbooks: Bump github.com/spf13/viper to 1.20.0
... to reduce the number of indirect dependencies [1].

The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

This reverts commit 8b62d7e95d because the
go.opencensus.io dependency was removed from github.com/spf13/viper in
version 1.20.0 [1].

[1] Viper commit 7ad8e1ea014790e2
    https://github.com/spf13/viper/commit/7ad8e1ea014790e2
    https://github.com/spf13/viper/pull/1860
    https://github.com/spf13/viper/issues/1845

https://github.com/containers/toolbox/pull/1657
2025-06-02 22:33:30 +02:00
Debarshi Ray a0314d88fe build: Bump golang.org/x/sys to 0.29.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1656
2025-06-02 22:30:22 +02:00
Debarshi Ray 740e92cf7b build: Bump golang.org/x/sys to 0.28.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1656
2025-06-02 22:30:18 +02:00
Debarshi Ray 858916cae4 build: Bump golang.org/x/sys to 0.27.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1656
2025-06-02 22:30:16 +02:00
Debarshi Ray 2333edfac5 build: Bump github.com/fsnotify/fsnotify to 1.8.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1655
2025-06-02 19:48:33 +02:00
Debarshi Ray 5ed2442214 Give access to the CA certificates from the host
This uses the same approach taken by Flatpak [1] to ensure that the
certificates from certificate authorities (or CAs) that are available
inside a Toolbx container are kept synchronized with the host operating
system.  Any program that uses PKCS #11 to access CA certificates should
see the same ones both inside the container and on the host.

During every 'enter' and 'run' command, toolbox(1) ensures that an
instance of 'p11-kit server' is running on the host listening on a local
file system socket that's accessible to both the container and the host.
If an instance is already running, then a second one is not created.
The location of the socket is injected into the container through the
P11_KIT_SERVER_ADDRESS environment variable.

Just like Flatpak, the singleton 'p11-kit server' process is not
terminated when the last 'enter' or 'run' command exits.

The Toolbx container's entry point configures it to use the
p11-kit-client.so PKCS #11 module instead of the usual p11-kit-trust.so
module.  This talks to the 'p11-kit server' instance running on the host
over the socket instead of reading the CA certificates that are present
inside the container.

However, unlike Flatpak, this doesn't use D-Bus to set up the
communication between the container and the host, because when invoked
as 'sudo toolbox ...' there's no user or session D-Bus instance
available for the root user.

This set-up is skipped if 'p11-kit server' can't be run on the host, or
if the /etc/pkcs11/modules directory for configuring PKCS #11 modules or
p11-kit-client.so are missing inside the container.  None of these are
considered hard dependencies to accommodate size-constrained OSes like
Fedora CoreOS that might not have 'p11-kit server', and existing Toolbx
containers and old images that might not have p11-kit-client.so.

The UBI-based toolbox images haven't yet been updated to contain
p11-kit-client.so.  Until that happens, containers created from them
won't have access to the CA certificates from the host.

The CI needs to be run without 'p11-kit server' because the lingering
singleton process causes Bats to hang when tearing down the suite of
system tests [2].  To terminate the 'p11-kit server' instance run by the
system tests, it needs to be distinguishable from the instance run by
'normal' use of Toolbx by the user.  One way to do this is to isolate
the host operating system's XDG_RUNTIME_DIR from the system tests.
Unfortunately, this is easier said than done [3].  So, this workaround
has to suffice until the problem is solved.

On the Ubuntu 22.04 CI nodes, it's not possible to remove the p11-kit
package that provides 'p11-kit server', because it leads to:
  $ sudo dpkg --purge p11-kit
  dpkg: dependency problems prevent removal of p11-kit:
   adoptium-ca-certificates depends on p11-kit.

Therefore, as a workaround only the /usr/libexec/p11-kit/p11-kit-server
binary that provides the 'server' command is removed.  The rest of the
p11-kit package is left untouched.

[1] Flatpak commit 66b2ff40f7caf3a7
    https://github.com/flatpak/flatpak/commit/66b2ff40f7caf3a7
    https://github.com/flatpak/flatpak/pull/1757
    https://github.com/p11-glue/p11-kit/issues/68

[2] https://bats-core.readthedocs.io/en/stable/writing-tests.html

[3] https://github.com/containers/toolbox/pull/1652

https://github.com/containers/toolbox/issues/626
2025-06-02 15:58:46 +02:00
Debarshi Ray 9e776b6c94 pkg/utils: Add a function to check if p11-kit-client.so is present
A subsequent commit will use this to give Toolbx containers access to
the certificates from certificate authorities on the host.

The ideal goal is to ensure that all supported Toolbx containers and
images have p11-kit-client.so in them.  In practice, some of them never
will.  Either because it's an existing container or an older version of
an image that was already present in the local containers/storage image
store, or because the operating system is too old.

Therefore, there needs to be a way to check at runtime if a Toolbx
container has p11-kit-client.so or not.

https://github.com/containers/toolbox/issues/626
2025-06-01 15:26:01 +02:00
Debarshi Ray 456f37794d cmd/root, pkg/utils: Split out the code to acquire a file lock
A subsequent commit will use this to give Toolbx containers access to
the certificates from certificate authorities on the host.

This changes the user-visible error message from:
  $ toolbox --verbose list
  ...
  DEBU Migrating to newer Podman: failed to create migration lock file
      /run/user/1000/toolbox/migrate.lock: open
      /run/user/1000/toolbox/migrate.lock: no such file or directory
  Error: failed to create migration lock file

... to:
  $ toolbox --verbose list
  ...
  DEBU Migrating to newer Podman: failed to create lock file
      /run/user/1000/toolbox/migrate.lock: open
      /run/user/1000/toolbox/migrate.lock: no such file or directory
  Error: failed to create lock file

Or, from:
  $ toolbox --verbose list
  ...
  DEBU Migrating to newer Podman: failed to acquire migration lock on
      /run/user/1000/toolbox/migrate.lock: bad file descriptor
  Error: failed to acquire migration lock

... to:
  $ toolbox --verbose list
  ...
  DEBU Migrating to newer Podman: failed to acquire lock on
      /run/user/1000/toolbox/migrate.lock: bad file descriptor
  Error: failed to acquire lock

This is admittedly less specific without the debug logs, but it's
probably alright because it's such an unlikely error.

https://github.com/containers/toolbox/issues/626
2025-06-01 15:26:01 +02:00
Debarshi Ray b7be82d51e pkg/utils: Update fallback release to 42 for non-fedora hosts
Fedora 40 reached End of Life on 13th May 2025:
https://docs.fedoraproject.org/en-US/releases/eol/

https://github.com/containers/toolbox/pull/1651
2025-05-30 15:07:17 +02:00
Debarshi Ray 7cfe9a7f18 .zuul: Drop testing on Fedora 40
Fedora 40 reached End of Life on 13th May 2025:
https://docs.fedoraproject.org/en-US/releases/eol/

https://github.com/containers/toolbox/pull/1650
2025-05-29 23:44:56 +02:00
Jens Petersen 88a08351b2 .github/workflows, images/ubuntu: Add image definition for Ubuntu 25.04
https://github.com/containers/toolbox/pull/1638

Signed-off-by: Jens Petersen <petersen@redhat.com>
2025-05-29 23:22:43 +02:00
Debarshi Ray 836c0557f4 test/system: Optimize the environment variable tests
The system tests can be very I/O intensive, because many of them copy
OCI images from the test suite's image cache directory to its local
container/storage store, create containers, and then delete everything
to run the next test with a clean slate.  This makes them slow.

The runtime environment tests, which includes the environment variable
tests, are particularly slow because they don't skip the I/O even when
testing error handling.  This makes them a good target for
optimizations.

The environment variable tests query the values of different environment
variables from different containers without changing their state.
Therefore, a lot of disk I/O can be avoided by creating these containers
only once for all the tests.

This can reduce the time needed to run the environment variable tests
from almost 26 minutes to almost 9 minutes.

https://github.com/containers/toolbox/pull/1646
2025-05-12 23:26:00 +02:00
Debarshi Ray a5a0d5350f test/system: Remove redundant clean-up
The IMAGE_CACHE_DIR environment variable is defined as
"${BATS_SUITE_TMPDIR}/image-cache" [1].  Earlier, it used to be
"${BATS_RUN_TMPDIR}/image-cache".

There's no need to clean up anything inside BATS_RUN_TMPDIR or
BATS_SUITE_TMPDIR after the test suite has finished running, because
their life cycle is managed by Bats [2].

[1] Commit 3a549a6252
    https://github.com/containers/toolbox/commit/3a549a6252e990d6
    https://github.com/containers/toolbox/pull/1452

[2] https://bats-core.readthedocs.io/en/stable/writing-tests.html

Fallout from 9820550c82

https://github.com/containers/toolbox/pull/1645
2025-05-12 17:58:15 +02:00
Debarshi Ray d64682af0d test/system: Don't use XDG_CACHE_HOME or HOME for temporary files
The XDG_CACHE_HOME environment variable is supposed to default to
$HOME/.cache [1], just as it did in the test suite, and this location is
meant to be used as a cache for 'normal' use by the user.  Test suites
generally don't qualify as 'normal' use.

One expects that deleting the cache shouldn't affect 'normal' use other
than degrading performance.  However, deleting these temporary files
used by the test suite will cause actual breakage.  Even if the user
doesn't manually delete the cache, two concurrent invocations of the
test suite can do so or lead to other unexpected collisions, because the
paths are constant across multiple invocations.

Therefore, it's better to limit the scope of the test suite's temporary
files within the sandbox offered by Bats [2].  The sandbox is clearly
labelled as being used by Bats, is unique for each invocation, and Bats
takes care of cleaning everything up once it has finished running.

Note that there's no need for the system-test-storage sub-directory
under BATS_SUITE_TMPDIR.  So it was left out.

[1] https://specifications.freedesktop.org/basedir-spec/latest/

[2] https://bats-core.readthedocs.io/en/stable/writing-tests.html

https://github.com/containers/toolbox/pull/1645
2025-05-12 17:41:52 +02:00
Debarshi Ray e98032352e images/ubuntu: Create the directory for configuring PKCS#11 modules
The p11-kit-modules package in Ubuntu provides p11-kit-client.so, but
the /etc/pkcs11/modules directory that's necessary to configure p11-kit
to use p11-kit-client.so is not created by any package.

It's better to ensure that the /etc/pkcs11/modules directory exists in
the image, instead of having the Toolbx container's entry point create
it at runtime, because it can be a confirmation that p11-kit was built
to read the module configuration from this location.

This should have been part of commit aa8507730d.

https://github.com/containers/toolbox/issues/626
2025-05-07 19:03:18 +02:00
Debarshi Ray 26b3314fa5 images/arch: Create the directory for configuring PKCS#11 modules
The /etc/pkcs11 directory and /etc/pkcs11/pkcs11.conf.example file are
created by the p11-kit package in Arch Linux, and the lib11-kit package
provides p11-kit-client.so.  However, the /etc/pkcs11/modules directory
that's necessary to configure p11-kit to use p11-kit-client.so is not
created by any package.

It's better to ensure that the /etc/pkcs11/modules directory exists in
the image, instead of having the Toolbx container's entry point create
it at runtime, because it can be a confirmation that p11-kit was built
to read the module configuration from this location.

This should have been part of commit 259de86c8f.

https://github.com/containers/toolbox/issues/626
2025-05-07 17:43:29 +02:00
Debarshi Ray f0a7304e75 pkg/utils: Mark a private function as such and drop one that's unused
It's been a while since it's been necessary to read the ID field from
os-release(5) outside this package or the VARIANT_ID field anywhere at
all.  Therefore, it's time to adjust the code to reflect this reality.

Fallout from 8caa7cd828

https://github.com/containers/toolbox/pull/1642
2025-05-07 01:50:25 +02:00
Debarshi Ray 5881bc43f3 test/system: Optimize the D-Bus tests
The system tests can be very I/O intensive, because many of them copy
OCI images from the test suite's image cache directory to its local
container/storage store, create containers, and then delete everything
to run the next test with a clean slate.  This makes them slow.

The runtime environment tests, which includes the D-Bus tests, are
particularly slow because they don't skip the I/O even when testing
error handling.  This makes them a good target for optimizations.

The D-Bus tests check if methods can be called across the user or
session and system D-Bus instances from different containers without
changing their state.  Therefore, a lot of disk I/O can be avoided by
reating these containers only once for all the tests.

This can reduce the time needed to run the D-Bus tests from almost 10
minutes to almost 5 minutes.

https://github.com/containers/toolbox/pull/1641
2025-05-06 23:16:27 +02:00
Debarshi Ray 7a413e66b9 Move the code for Ubuntu support into its own file
This will reduce the size of the src/pkg/utils/utils.go file and make it
easier to specify which part of the code base is maintained by whom.

https://github.com/containers/toolbox/pull/1639
2025-05-06 02:39:28 +02:00
Debarshi Ray c794e183da Move the code for Red Hat Enterprise Linux support into its own file
This will reduce the size of the src/pkg/utils/utils.go file and make it
easier to specify which part of the code base is maintained by whom.

https://github.com/containers/toolbox/pull/1639
2025-05-06 02:20:18 +02:00
Debarshi Ray ab76cbca67 Move the code for Fedora support into its own file
This will reduce the size of the src/pkg/utils/utils.go file and make it
easier to specify which part of the code base is maintained by whom.

https://github.com/containers/toolbox/pull/1639
2025-05-06 02:07:17 +02:00
Debarshi Ray f9ebd5195b Move the code for Arch Linux support into its own file
This will reduce the size of the src/pkg/utils/utils.go file and make it
easier to specify which part of the code base is maintained by whom.

https://github.com/containers/toolbox/pull/1639
2025-05-06 01:56:01 +02:00
Debarshi Ray 1b9dd007ea test/system: Optimize the networking tests
The system tests can be very I/O intensive, because many of them copy
OCI images from the test suite's image cache directory to its local
container/storage store, create containers, and then delete everything
to run the next test with a clean slate.  This makes them slow.

The runtime environment tests, which includes the networking tests, are
particularly slow because they don't skip the I/O even when testing
error handling.  This makes them a good target for optimizations.

The networking tests check the behaviour and configuration of the
network in different containers without changing their state.
Therefore, a lot of disk I/O can be avoided by creating these containers
only once for all the tests.

This can reduce the time needed to run the networking tests from almost
15 minutes to almost 6 minutes.

https://github.com/containers/toolbox/pull/1637
2025-05-01 23:28:17 +02:00
Debarshi Ray 259de86c8f images/arch: Avoid losing p11-kit-client.so by accident
The libp11-kit package was added to the arch-toolbox image to ensure the
presence of p11-kit-client.so.  Currently, the package is already pulled
in by various dependencies, like the gnutls and p11-kit packages.
Therefore, it doesn't increase the size of the base image, but serves as
a safeguard against any inadvertent changes.

A subsequent commit will use this to give Toolbx containers access to
the certificates from certificate authorities on the host.  This commit
was kept separate from the changes to toolbox(1) to ensure that the
arch-toolbox image is ready before that happens.

https://github.com/containers/toolbox/issues/626
2025-05-01 20:37:18 +02:00
Debarshi Ray aa8507730d .github/workflows, images/ubuntu: Add p11-kit-client.so to newer Ubuntus
A subsequent commit will use this to give Toolbx containers access to
the certificates from certificate authorities on the host.  This commit
was kept separate from the changes to toolbox(1) to ensure that the
ubuntu-toolbox images are ready before that happens.

Unfortunately, Ubuntu 16.04 Xenial Xerus has p11-kit 0.23.2 [1], while
p11-kit-client.so was introduced in p11-kit 0.23.10 [2].  Therefore,
this feature will be disabled for Ubuntu 16.04.

This reverts parts of commit 1e9308625a to
re-enable building the ubuntu-toolbox:18.04 image.

[1] https://code.launchpad.net/~git-ubuntu-import/ubuntu/+source/p11-kit/+git/p11-kit/+ref/ubuntu/xenial-updates

[2] p11-kit commit 0684cd7b7f815b41
    https://github.com/p11-glue/p11-kit/commit/0684cd7b7f815b41
    https://github.com/p11-glue/p11-kit/pull/15

https://github.com/containers/toolbox/issues/626
2025-05-01 20:29:12 +02:00
Debarshi Ray 02fe08f70e cmd/initContainer: Style fix
Use a strings.Builder [1] instance instead of raw string literals for
consistency.

Fallout from 772b66bf3e

[1] https://pkg.go.dev/strings#Builder

https://github.com/containers/toolbox/pull/1636
2025-05-01 20:28:04 +02:00
Debarshi Ray 3017a46c03 test/system: Optimize the group and user tests
The system tests can be very I/O intensive, because many of them copy
OCI images from the test suite's image cache directory to its local
container/storage store, create containers, and then delete everything
to run the next test with a clean slate.  This makes them slow.

The runtime environment tests, which includes the group and user tests,
are particularly slow because they don't skip the I/O even when testing
error handling.  This makes them a good target for optimizations.

The group and user tests check the group and user configuration in
different containers without changing their state.  Therefore, a lot of
disk I/O can be avoided by creating these containers only once for all
the tests.

This can reduce the time needed to run the group and user tests from
almost 22 minutes to almost 5 minutes.

https://github.com/containers/toolbox/pull/1635
2025-05-01 20:24:07 +02:00
Debarshi Ray 69d6b11a9b test/system: Optimize the help tests
The system tests can be very I/O intensive, because many of them copy
OCI images from the test suite's image cache directory to its local
container/storage store, create containers, and then delete everything
to run the next test with a clean slate.  This makes them slow.

The tests for toolbox(1) invocations forwarded to the host, which
includes the help tests, are particularly slow because they never skip
the I/O.  This makes them a good target for optimizations.

The help tests for toolbox(1) invocations forwarded to the host use the
same default Toolbx container to invoke toolbox(1) from without changing
its state.  Therefore, a lot of disk I/O can be avoided by creating the
default container only once for all those tests.

This can reduce the time needed to run the help tests from almost 7
minutes to a few seconds.

https://github.com/containers/toolbox/pull/1635
2025-05-01 18:05:28 +02:00
Debarshi Ray a062224db3 Link to the website instead of the code repository (part 2)
Now that there's a website at https://containertoolbx.org/ it makes more
sense to link to it instead of the code repository.  The website is a
superset of the code repository and contains a lot more useful
information for someone who is not familiar with the Toolbx project.

https://github.com/containers/toolbox/pull/1632
2025-05-01 14:11:42 +02:00
Debarshi Ray 6b703b8d3c cmd: Simplify string building
When the fmt.Fprintf() [1] function is used to write to a
strings.Builder [2] instance, it uses the io.Writer [3] interface, which
is the strings.Builder.Write() method.  This method is practically the
same as the strings.Builder.WriteString() method, other than the fact
that the former accepts a slice of bytes and the latter accepts a
string.  So, the difference is the initial call to fmt.Fprintf().

Therefore, unless format verbs [4] are needed to build the string,
fmt.Fprintf() can be replaced with strings.Builder.WriteString().  It
reduces one function call and is shorter to type.

Fallout from the following:
  * e390f15469
  * 7542f5fc86
  * e58992066f
  * 8dd2f8e80a
  * 063bdf965f

[1] https://pkg.go.dev/fmt#Fprintf

[2] https://pkg.go.dev/strings#Builder

[3] https://pkg.go.dev/io#Writer

[4] https://pkg.go.dev/fmt

https://github.com/containers/toolbox/pull/1632
2025-05-01 00:15:00 +02:00
Debarshi Ray 2956ecacb4 cmd, pkg/utils: Split out the code to get the initialization stamp path
This will prevent any silly bug in getting the initialization stamp path
from breaking the communication protocol between the 'enter' or 'run'
commands on the host and the Toolbx container's entry point process.

https://github.com/containers/toolbox/pull/1633
2025-05-01 00:13:48 +02:00
Debarshi Ray 63309e4666 cmd/initContainer: Sprinkle some debug logs
https://github.com/containers/toolbox/pull/1631
2025-04-30 22:32:34 +02:00
Debarshi Ray ee182260b7 cmd/initContainer: Split out the code to configure Kerberos
This is meant to reduce the size of the initContainer() function that
implements the heart of the 'init-container' command.

The debug log and error message were tweaked to match the name of the
function and for consistency with the configureRPM() function.

https://github.com/containers/toolbox/pull/1631
2025-04-30 16:19:30 +02:00
Debarshi Ray 06f81546ef cmd/initContainer: Split out the code to configure RPM
This is meant to reduce the size of the initContainer() function that
implements the heart of the 'init-container' command.

https://github.com/containers/toolbox/pull/1631
2025-04-30 16:19:30 +02:00
Debarshi Ray 69702119b4 .github/workflows, test/system: Test the Kerberos configuration
https://github.com/containers/toolbox/pull/1631
2025-04-30 16:12:22 +02:00
Debarshi Ray 9ec4f139df .github/workflows, test/system: Test the RPM configuration
https://github.com/containers/toolbox/pull/1631
2025-04-30 01:45:20 +02:00
Debarshi Ray c512909acc build: Bump github.com/spf13/viper to 1.19.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1630
2025-04-28 14:10:39 +02:00
Debarshi Ray c2096cb7fa build: Bump github.com/spf13/viper to 1.18.2
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1630
2025-04-28 13:56:45 +02:00
Debarshi Ray 4dac44d42e build: Bump github.com/spf13/viper to 1.18.1
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1630
2025-04-28 13:55:13 +02:00
Debarshi Ray 454c05685a build: Bump github.com/spf13/viper to 1.18.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1630
2025-04-28 13:44:22 +02:00
Debarshi Ray 9989ffac14 cmd/root, pkg/utils: Use errors.Is() instead of os.IsNotExist()
The os.IsNotExist() function [1] predates the introduction of the
errors.Is() function [2] in Go 1.13 [3].  From Go >= 1.16, the
documentation explicitly recommends the use of errors.Is() instead of
os.IsNotExist() [4].

The Go implementation of Toolbx never used any Go older than 1.13 [5],
and currently it requires Go >= 1.21 [6].  So, there's no reason not to
use the more modern and recommended alternative.

[1] https://pkg.go.dev/os#IsNotExist

[2] https://pkg.go.dev/errors#Is

[3] https://go.dev/blog/go1.13-errors

[4] Go commit b641f0dcf48aa748
    https://github.com/golang/go/commit/b641f0dcf48aa748
    https://github.com/golang/go/issues/41122

[5] Commit d857471aa2
    https://github.com/containers/toolbox/commit/d857471aa2f233e5
    https://github.com/containers/toolbox/pull/318

[6] Commit 82e85bac9f
    https://github.com/containers/toolbox/commit/82e85bac9f5e69a5
    https://github.com/containers/toolbox/pull/1614

https://github.com/containers/toolbox/pull/1629
2025-04-28 13:39:49 +02:00
Debarshi Ray e9e77fb069 pkg/utils: Test PathExists
https://github.com/containers/toolbox/pull/1629
2025-04-28 13:29:28 +02:00
Debarshi Ray c4df57944e cmd/run: Style fixes
Fallout from d8289fb832 and
815d7f6035

https://github.com/containers/toolbox/pull/1628
2025-04-26 00:10:31 +02:00
Debarshi Ray 389216cdca cmd/initContainer: Tweak the debug logs for brevity
Debug logs are sweeter when they are shorter.

Fallout from 6e848b250b and
91a019bef6

https://github.com/containers/toolbox/pull/1628
2025-04-25 23:48:53 +02:00
Debarshi Ray fd427863b0 cmd/initContainer: Style fixes
Fallout from the following:
  * 7542f5fc86
  * 786723116c
  * 6e848b250b

https://github.com/containers/toolbox/pull/1628
2025-04-25 23:48:48 +02:00
Debarshi Ray 94a75d631b build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.4
... for CVE-2025-23359 or GHSA-4hmh-pm5p-9j7j.

The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1627
2025-04-23 03:06:16 +02:00
Debarshi Ray e824bf7216 build: Bump github.com/NVIDIA/go-nvlib to 0.7.1
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1626
2025-04-23 00:02:03 +02:00
Debarshi Ray ec286bb186 pkg/utils: Optimize getting the runtime directory
The runtime directory is needed a few times during the course of
commonly used Toolbx commands.  It's used at start-up for all commands
except 'completion' and 'init-container' to synchronize the invocation
of 'podman system migrate'.  The entry point (ie., 'init-container')
uses it to read the generated Container Device Interface specification
and create the initialization stamp file.  The 'enter' and 'run'
commands use it to write the CDI specification and twice to detect the
creation of the initialization stamp file.

Since the runtime directory is always the same within a process, there's
no need to repeatedly go through all the steps of parsing the user and
group IDs, creating the directory, setting its ownership, and logging
the name of directory.  Once the directory is successfully created, it's
path can be cached and returned for subsequent use.

In case an error occurred while setting up the runtime directory,
subsequent attempts to get it will go through all the steps again.  This
doesn't matter much in practice because toolbox(1) can't continue in the
absence of a working runtime directory.

https://github.com/containers/toolbox/pull/1624
2025-04-11 22:10:53 +02:00
Debarshi Ray 3321bb20b6 cmd/root: Style fix
Fallout from 4a1aa4652e and
c2ba67569b

https://github.com/containers/toolbox/pull/1623
2025-04-11 17:12:06 +02:00
Debarshi Ray fb4cb2eb90 cmd/run: Style fixes
Fallout from d8289fb832 and
815d7f6035

https://github.com/containers/toolbox/pull/1623
2025-04-11 17:11:35 +02:00
Debarshi Ray c2520f2016 .zuul: Enable testing on Fedora 42
https://github.com/containers/toolbox/pull/1619
2025-03-29 01:03:01 +01:00
Debarshi Ray 4f4c3c9d19 build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.3
... for CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or
GHSA-vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4.

The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1614
2025-01-31 00:24:26 +01:00
Debarshi Ray ebd2fc1f8b build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.2
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1614
2025-01-30 23:01:26 +01:00
Debarshi Ray 8b603ad05f build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.1
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1614
2025-01-30 21:36:14 +01:00
Debarshi Ray 82e85bac9f build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.17.0
... for CVE-2024-0134 or GHSA-7jm9-xpwx-v999.

NVIDIA Container Toolkit 1.17.0 requires Go >= 1.21, even though it's
not mentioned in its go.mod file [1].

The src/go.sum file was updated with 'go mod tidy'.

[1] https://github.com/NVIDIA/nvidia-container-toolkit/issues/886

https://github.com/containers/toolbox/pull/1614
2025-01-30 21:36:14 +01:00
Debarshi Ray 4717be5e23 build: Bump github.com/NVIDIA/go-nvlib to 0.7.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1614
2025-01-30 00:28:24 +01:00
Debarshi Ray 957601f1d8 build: Bump github.com/NVIDIA/go-nvml to 0.12.4-1
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1614
2025-01-29 21:20:28 +01:00
Debarshi Ray 85fcd6f4c7 build: Bump golang.org/x/sys to 0.26.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1613
2025-01-29 21:09:10 +01:00
Debarshi Ray 09773b9af2 build: Bump golang.org/x/sys to 0.25.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1613
2025-01-29 21:03:54 +01:00
Debarshi Ray bff269a9e9 build: Bump github.com/spf13/viper to 1.17.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1612
2025-01-27 18:46:01 +01:00
Debarshi Ray 5196d21294 build: Bump github.com/spf13/viper to 1.16.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1612
2025-01-27 17:58:27 +01:00
Debarshi Ray 03fd9c5498 build: Bump github.com/spf13/viper to 1.15.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

The src/go.sum file was skipped from the codespell test because it's
generated with 'go mod tidy'.  Otherwise codespell would complain:
  : github.com/spf13/viper v1.15.0
      h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
  > github.com/spf13/viper v1.15.0/go.mod
      h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
  : github.com/stretchr/objx v0.1.0/go.mod
      h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
  ./src/go.sum:384: KeT ==> key, kept

https://github.com/containers/toolbox/pull/1612
2025-01-27 14:51:32 +01:00
Debarshi Ray 8829db69c5 build: Bump github.com/spf13/viper to 1.14.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1612
2025-01-24 19:57:48 +01:00
Debarshi Ray 9c19e2d8f0 build: Bump github.com/spf13/viper to 1.13.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1612
2025-01-24 17:35:47 +01:00
Debarshi Ray 6400ff245d build: Bump github.com/spf13/viper to 1.12.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1612
2025-01-24 01:37:29 +01:00
Debarshi Ray 10e1544938 build: Bump github.com/spf13/viper to 1.11.0
The indirect dependencies in the src/go.mod file, and the src/go.sum
file were updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1612
2025-01-23 17:44:43 +01:00
Debarshi Ray 97ad50d303 build: Bump github.com/briandowns/spinner to 1.23.2
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1611
2025-01-23 17:39:42 +01:00
Debarshi Ray 8b62d7e95d .github/workflows, playbooks: Unbreak 'go mod download'
Currently, the CI is failing because 'go mod download' is encountering an
expired TLS certificate:
  $ go mod download
  go: github.com/spf13/viper@v1.10.1 requires
      go.opencensus.io@v0.23.0: unrecognized import path "go.opencensus.io":
        https fetch: Get "https://go.opencensus.io/?go-get=1": tls: failed to
        verify certificate: x509: certificate has expired or is not yet valid:
        current time 2025-01-23T17:00:16+01:00 is after 2025-01-21T03:43:04Z

Therefore, disable the TLS certificate check until the certificate gets
updated or the dependency gets removed [1].

[1] https://pkg.go.dev/cmd/go#hdr-Environment_variables

https://github.com/containers/toolbox/pull/1611
2025-01-23 17:39:42 +01:00
Debarshi Ray 4b61032711 build: Bump github.com/stretchr/testify to 1.10.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1610
2025-01-20 21:27:35 +01:00
Debarshi Ray 0bb4ff8b80 .zuul: Drop testing on Fedora 39
Fedora 39 reached End of Life on 26th November 2024:
https://docs.fedoraproject.org/en-US/releases/eol/

https://github.com/containers/toolbox/pull/1602
2024-12-09 18:47:05 +01:00
Debarshi Ray b378596b14 test/system: Try to handle /etc/resolv.conf on host as absolute symlink
Some Arch Linux hosts have /etc/resolv.conf as an absolute symbolic link
to /run/systemd/resolve/stub-resolv.conf, instead of being a relative
symbolic link to ../run/systemd/resolve/stub-resolv.conf or a regular
file.  eg., the images built by arch-boxes [1].

This changes the target that the Toolbx container's /etc/resolv.conf
points at and confuses the tests [2].

Ideally, these host operating systems should be fixed to use relative
symbolic links.  This is highlighted by skipping the tests, because
there's no point in failing them until that happens.

This is a step towards running the CI on Arch Linux.

[1] https://gitlab.archlinux.org/archlinux/arch-boxes
    https://geo.mirror.pkgbuild.com/images/latest/

[2] Commit 88a95b07af
    https://github.com/containers/toolbox/commit/88a95b07af335be2
    https://github.com/containers/toolbox/issues/187

https://github.com/containers/toolbox/issues/1438
2024-11-18 20:45:44 +01:00
Debarshi Ray f900585739 test/system: Enable 102-list.bats on Arch Linux
This is a step towards running the CI on Arch Linux.

https://github.com/containers/toolbox/issues/1438
2024-11-17 11:26:29 +01:00
Penn Bauman fead837404 test/system: Enable 101-create.bats on Arch Linux
This is a step towards running the CI on Arch Linux.

https://github.com/containers/toolbox/issues/1438
https://github.com/containers/toolbox/pull/1535
2024-11-17 11:26:29 +01:00
Penn Bauman e805291a10 test/system: Support host operating systems without VERSION_ID
The VERSION_ID field in os-release(5) is optional [1].  It's absent on
Arch Linux, which follows a rolling-release model and uses the BUILD_ID
field instead:
  BUILD_ID=rolling

A subsequent commit will run the CI on Arch Linux.  Hence, the code to
get the default release from the host operating system can no longer
assume the presence of the VERSION_ID field in os-release(5).

Note that the arch-toolbox image is tagged with 'latest', in accordance
with OCI conventions, not 'rolling' [2,3], which is the os-release(5)
BUILD_ID.

A similar change was made to toolbox(1) in commits 2ee82affeb and
d14fd7bb50.

[1] https://www.freedesktop.org/software/systemd/man/os-release.html

[2] Commit 2568528cb7
    https://github.com/containers/toolbox/commit/2568528cb7f52663
    https://github.com/containers/toolbox/pull/861

[3] Commit a4e5861ae5
    https://github.com/containers/toolbox/commit/a4e5861ae5c93625
    https://github.com/containers/toolbox/pull/1308

https://github.com/containers/toolbox/issues/1438
https://github.com/containers/toolbox/pull/1535
2024-11-17 11:26:29 +01:00
Debarshi Ray d8ad631ae1 test/system: Check the line count in the standard error & output streams
https://github.com/containers/toolbox/pull/1596
2024-11-15 21:53:56 +01:00
Debarshi Ray 02648e61ea test/system: Fix typo
This wasn't negatively impacting the validity of the test, but it was
inconsistent with the pattern used elsewhere.

Fallout from 55c0e63786

https://github.com/containers/toolbox/pull/1596
2024-11-15 19:45:40 +01:00
Debarshi Ray d29adbf10e test/system: Ensure that error messages go to the standard error stream
Currently, there's no way to get assert_line to use the stderr_lines
array [1].  This is worked around by assigning stderr_lines to the
'lines' array.

[1] https://github.com/bats-core/bats-assert/issues/42

https://github.com/containers/toolbox/pull/1595
2024-11-15 18:54:38 +01:00
Debarshi Ray f97d524af4 test/system: Check whole lines instead of partials
https://github.com/containers/toolbox/pull/1595
2024-11-14 22:57:26 +01:00
Debarshi Ray adc8650660 test/system: Optimize the 'create' tests
The system tests can be very I/O intensive, because many of them copy
OCI images from the test suite's image cache directory to its local
container/storage store, create containers, and then delete everything
to run the next test with a clean slate.  This makes them slow.

In the case of these two particular tests, toolbox(1) is supposed to
validate the command line options before trying to find the image.  So,
there's no need to copy the image from the test suite's image cache
directory to its local container/storage store.

If the toolbox(1) code breaks, then either it won't throw the expected
error or it will download the image before validating the command line
options.  The first possibility will be easily detected.  The other
could have been harder to notice, but, fortunately, commit
55c0e63786 added variants of these tests without the --assumeyes
option and there are other tests to ensure that images cannot be
downloaded without that option.  So, any unexpected attempts to download
the image will be caught by those variants of these tests.

Fallout from 32b147b9ff

https://github.com/containers/toolbox/pull/1595
2024-11-14 22:55:42 +01:00
Debarshi Ray 91c539606a test/system: Remove unnecessary --assumeyes
It shouldn't be necessary to use the --assumeyes option when creating a
Toolbx container, if the corresponding image is already present in the
local containers/storage image store.  It's harmful to test it with the
option, even when it shouldn't be needed, because it's off by default
and most users won't enable it.

Therefore, it's better to test the most common scenario that most users
will encounter.

https://github.com/containers/toolbox/pull/1595
2024-11-14 12:43:26 +01:00
Debarshi Ray fbffd45384 playbooks, test/system: Drop the PODMAN and SKOPEO environment variables
The toolbox(1) binary always relies on the PATH environment variable to
find the podman(1) and skopeo(1) binaries.  There's no way to override
those with the PODMAN and SKOPEO environment variables, and they only
affect any direct use of podman(1) and skopeo(1) within the test suite.

Therefore, offering the PODMAN and SKOPEO environment variables in their
current form is needlessly confusing and misleading, and can lead to
surprises arising from different podman(1) and skopeo(1) binaries being
used in different places.  Either toolbox(1) should also honour them or
the test suite shouldn't offer them.  The former is more complicated
without any obvious need for it, so the latter was chosen.

https://github.com/containers/toolbox/pull/1592
2024-11-14 02:06:33 +01:00
Debarshi Ray c11a03ce37 playbooks: Use pkgconfig(bash-completion) to install bash-completion.pc
Unlike Fedora, where the package providing bash-completion.pc changed in
Fedora 41 onwards [1,2], it hasn't changed in CentOS Stream 9.  So, this
doesn't change the behaviour of the CI.

However, the Fedora Packaging Guidelines recommend using pkgconfig(...)
to depend on a *.pc file [3], instead of the name of the package, and
there has been a problem on Fedora caused by not doing that.  Therefore,
it's better to follow the guidelines for consistency and safety.

[1] Fedora bash-completion commit d1f5dc48c0440cc6
    https://src.fedoraproject.org/rpms/bash-completion/c/d1f5dc48c0440cc6
    https://bugzilla.redhat.com/show_bug.cgi?id=1457164

[2] Commit 204919917e
    https://github.com/containers/toolbox/commit/204919917e4af528

[3] https://docs.fedoraproject.org/en-US/packaging-guidelines/PkgConfigBuildRequires/

https://github.com/containers/toolbox/pull/1593
2024-11-14 01:20:00 +01:00
Debarshi Ray 204919917e playbooks: Restore the generation & installation of the Bash completions
The package providing /usr/share/pkgconfig/bash-completion.pc changed
from bash-completion to bash-completion-devel in Fedora 41 onwards [1].
This meant that the Bash completions were no longer being generated and
installed by the CI.

[1] Fedora bash-completion commit d1f5dc48c0440cc6
    https://src.fedoraproject.org/rpms/bash-completion/c/d1f5dc48c0440cc6
    https://bugzilla.redhat.com/show_bug.cgi?id=1457164

https://github.com/containers/toolbox/pull/1593
2024-11-12 23:09:38 +01:00
Debarshi Ray 05202bb35c test/system: Skip the test before doing any needless work
https://github.com/containers/toolbox/pull/1591
2024-11-12 01:35:36 +01:00
Debarshi Ray 9b1f7aa573 .github/workflows, test/system: Enable 102-list.bats on Ubuntu 22.04
https://github.com/containers/toolbox/pull/1591
2024-11-12 01:35:36 +01:00
Debarshi Ray b443428126 playbooks/dependencies-centos-9-stream: Show the Bash version
Fallout from 6626b11e15

https://github.com/containers/toolbox/pull/1587
2024-11-06 01:01:50 +01:00
Debarshi Ray bb2cda1db0 cmd/create: Replace deprecated github.com/briandowns/spinner API
A new API was added to github.com/briandowns/spinner 1.23.0 to deprecate
the io.Writer output in favour of a pointer to an os.File [1].  This new
API enables the spinner to automatically detect whether the output is
connected to a terminal or not, which is convenient.

Commit 944b3ac95f already bumped the required
github.com/briandowns/spinner version to 1.23.0, so take advantage of
that.

[1] github.com/briandowns/spinner commit 1445186377e2e283
    https://github.com/briandowns/spinner/commit/1445186377e2e283
    https://github.com/briandowns/spinner/issues/142

https://github.com/containers/toolbox/pull/1586
2024-11-01 23:48:04 +01:00
Debarshi Ray 38ca815f84 build: Bump github.com/briandowns/spinner to 1.23.1
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1585
2024-11-01 15:16:11 +01:00
Debarshi Ray 944b3ac95f build: Bump github.com/briandowns/spinner to 1.23.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1585
2024-11-01 14:05:45 +01:00
Debarshi Ray baab11e997 build: Bump github.com/briandowns/spinner to 1.22.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1585
2024-11-01 13:50:18 +01:00
Debarshi Ray fda91a240d build: Bump github.com/briandowns/spinner to 1.21.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1585
2024-11-01 13:46:03 +01:00
Debarshi Ray 930918073b build: Bump github.com/briandowns/spinner to 1.20.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1584
2024-11-01 13:25:43 +01:00
Debarshi Ray b8650a10c4 build: Bump github.com/briandowns/spinner to 1.19.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1584
2024-11-01 13:22:12 +01:00
Debarshi Ray aa6c7a3336 build: Bump github.com/briandowns/spinner to 1.18.1
Note that github.com/briandowns/spinner 1.18.1 introduced an undesired
dependency on github.com/mattn/go-isatty for the IsTerminal() API, which
was later removed in 1.23.1 [1].  Fewer dependencies are always good
because it reduces the amount of code in use.

Therefore, this is a step towards using github.com/briandowns/spinner
1.23.1.  Instead of bumping it straight to its final desired version,
doing it in smaller steps makes it easier to bisect any uncaught
regressions in future.

The src/go.sum file was updated with 'go mod tidy'.

[1] github.com/briandowns/spinner commit 8f269dd04fbfe236
    https://github.com/briandowns/spinner/commit/8f269dd04fbfe236
    https://github.com/briandowns/spinner/pull/156

https://github.com/containers/toolbox/pull/1584
2024-11-01 13:21:55 +01:00
Debarshi Ray 896b6b96b6 NEWS: Fix regression annotations
Fallout from b9ed02a283

https://github.com/containers/toolbox/pull/1583
2024-11-01 10:37:30 +01:00
Debarshi Ray b9ed02a283 Prepare 0.1.1
Now that Toolbx 0.1.0 has been released, it's a good time to revisit the
format of the release notes.

The release notes are now written in the past tense as suggested by the
Kubernetes guidelines [1].  They are broken down into different sections
to make it easier to understand the impact of the changes, with the
names of the sections loosely taken from projects like Flatpak [2].

[1] https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md

[2] https://github.com/flatpak/flatpak/blob/main/NEWS

https://github.com/containers/toolbox/pull/1581
2024-10-31 19:24:31 +01:00
dependabot[bot] f4324df383 build: Bump github.com/NVIDIA/nvidia-container-toolkit to 1.16.2
... for CVE-2024-0132 or GHSA-mjjw-553x-87pq, and CVE-2024-0133 or
GHSA-f748-7hpg-88ch.

https://github.com/containers/toolbox/pull/1579
https://github.com/containers/toolbox/security/dependabot/17
https://github.com/containers/toolbox/security/dependabot/18

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-29 22:39:26 +01:00
Debarshi Ray f98f3f5353 build: Bump golang.org/x/sys to 0.23.0
The src/go.sum file was updated with 'go mod tidy'.

https://github.com/containers/toolbox/pull/1580
2024-10-29 22:35:01 +01:00
Jean-Baptiste Trystram 325cf696b5 cmd/initContainer: Unbreak 'enter' if NVIDIA Persistence Daemon is used
If the NVIDIA Persistence Daemon is used, then 'enter' fails with:
  $ sudo systemctl start nvidia-persistenced.service
  $ toolbox enter
  Error: mount: /run/nvidia-persistenced/socket: mount point does not exist.
         dmesg(1) may have more information after failed mount system call.
  failed to apply mount from Container Device Interface for NVIDIA

This is due to the socket at /run/nvidia-persistenced/socket being
listed in the Container Device Interface specification when the NVIDIA
Persistence Daemon is used.

Fallout from 6e848b250b

https://github.com/containers/toolbox/issues/1572
2024-10-29 13:01:49 +01:00
Debarshi Ray 201380fb44 pkg/nvidia: Unbreak 'enter' if proprietary driver is there but not used
If the proprietary NVIDIA driver is installed, particularly
libnvidia-ml.so.1, but the kernel driver is not being used, then 'enter'
fails with:
  $ toolbox enter
  Error: failed to initialize NVIDIA Management Library

This was tested on Fedora 39 Workstation with the proprietary NVIDIA
driver from RPM Fusion, which makes it possible to easily disable the
driver without uninstalling it [1].

Note that, with and without this change, there's a delay of a few
seconds inside nvmlInit() from the NVIDIA Management Library.

[1] https://rpmfusion.org/Howto/NVIDIA

https://github.com/containers/toolbox/issues/1573
2024-10-24 20:23:45 +02:00
Debarshi Ray d21f8e895c Prepare 0.1.0
https://github.com/containers/toolbox/pull/1570
2024-10-23 13:12:36 +02:00
Debarshi Ray 2bac22bc28 .zuul, playbooks: Optimize the CI on stable Fedora nodes
Currently, the runtime environment tests have been frequently timing out
on stable Fedora nodes.  Instead of taking the shortcut of increasing
the timeout, they were split by the Toolbx images they use, similar to
what already happens for Fedora Rawhide nodes [1].

[1] Commit 987f5e2592
    https://github.com/containers/toolbox/commit/987f5e259289b4b3
    https://github.com/containers/toolbox/pull/1551

https://github.com/containers/toolbox/pull/1571
2024-10-23 13:06:45 +02:00
Ievgen Popovych 1e9308625a workflows: ubuntu-images: Do not build 16.04 and 18.04
..since they are not updated anymore
(2 years and over 1 year respectively).

Signed-off-by: Ievgen Popovych <jmennius@gmail.com>
2024-10-21 18:40:48 +03:00
Tom Reinders 3dadbfe517 workflows: ubuntu-images: Do not fail the workflow early
...if one of the releases fails, let other releases build and publish.

Signed-off-by: Tom Reinders <t.reinders@recognize.nl>
2024-10-21 18:40:48 +03:00
Tom Reinders 3496110fae images: ubuntu: 24.04: Fix missing `unminimize` script
`unminimize` has been moved to a dedicated package:
https://discourse.ubuntu.com/t/oracular-oriole-release-notes/44878#unminimize-33

Fixes: #1566
Signed-off-by: Tom Reinders <t.reinders@recognize.nl>
2024-10-21 13:06:10 +03:00
David Scholberg 67c487ec1a images: ubuntu: Add 24.10 interim, remove 23.10 (interim, EOL)
Signed-off-by: David Scholberg <recombinant.vector@gmail.com>
2024-10-21 11:11:28 +03:00
Debarshi Ray ed14cd483a Revert "playbooks, test/system: Work around bug in pasta(1) networks"
The bug in pasta(1) that necessitated this workaround has since been
fixed in passt 2024_05_10.7288448 [1].  Some host operating systems like
CentOS Stream 10 no longer have slirp4netns(1), and it's generally
better to test the defaults.

This reverts commit b58f9a5108.

[1] https://github.com/containers/podman/issues/22575
    https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/
    https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/

https://github.com/containers/toolbox/pull/1562
2024-10-04 22:17:50 +02:00
Debarshi Ray b524f4cebd pkg/utils: Update fallback release to 40 for non-fedora hosts
Fedora 38 reached End of Life on 21st May 2024:
https://docs.fedoraproject.org/en-US/releases/eol/

https://bugzilla.redhat.com/show_bug.cgi?id=2316312
https://github.com/containers/toolbox/pull/1561
2024-10-03 22:10:26 +02:00
Debarshi Ray 1e90c72185 test/system: Unbreak the downstream Fedora CI
The working directory from which bats(1) is invoked might not be part of
the Toolbx container.  eg., the downstream Fedora CI invokes the tests
as:
  $ cd /path/to/toolbox/test/system
  $ bats .

... and it led to:
  not ok 8 help: Try unknown command (forwarded to host)
  # tags: commands-options
  # (from function `assert_line' in file
      ./libs/bats-assert/src/assert.bash, line 488,
  #  in test file ./002-help.bats, line 135)
  #   `assert_line --index 0
        "Error: unknown command \"foo\" for \"toolbox\""' failed
  #
  # -- line differs --
  # index    : 0
  # expected : Error: unknown command "foo" for "toolbox"
  # actual   : Error: crun: chdir to `/usr/share/toolbox/test/system`:
      No such file or directory: OCI runtime attempted to invoke a
      command that was not found
  # --
  #

https://github.com/containers/toolbox/pull/1560
2024-10-02 22:52:01 +02:00
67 changed files with 2615 additions and 1532 deletions

2
.github/CODEOWNERS vendored
View File

@ -7,3 +7,5 @@
/images/arch @Foxboron
/images/rhel @debarshiray @olivergs
/images/ubuntu @Jmennius
/src/pkg/utils/arch.go @Foxboron
/src/pkg/utils/ubuntu.go @Jmennius

View File

@ -36,7 +36,8 @@ jobs:
build-push-images:
strategy:
matrix:
release: ['16.04', '18.04', '20.04', '22.04', '23.10', '24.04']
release: ['18.04', '20.04', '22.04', '24.04', '24.10', '25.04']
fail-fast: false
runs-on: ubuntu-latest
steps:

View File

@ -1,5 +1,5 @@
#
# Copyright © 2023 2024 Red Hat, Inc.
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -45,7 +45,7 @@ jobs:
flatpak \
gcc \
go-md2man \
golang-1.20 \
golang-1.21 \
meson \
ninja-build \
openssl \
@ -55,9 +55,12 @@ jobs:
systemd \
udisks2
- name: Set up PATH for Go 1.20
- name: Ensure that 'p11-kit server' is absent
run: sudo rm /usr/libexec/p11-kit/p11-kit-server
- name: Set up PATH for Go 1.21
run: |
echo "PATH=/usr/lib/go-1.20/bin:$PATH" >> "$GITHUB_ENV"
echo "PATH=/usr/lib/go-1.21/bin:$PATH" >> "$GITHUB_ENV"
- name: Checkout Bats
uses: actions/checkout@v4
@ -129,7 +132,7 @@ jobs:
working-directory: containers/toolbox/src
- name: Set up build directory
run: meson setup --fatal-meson-warnings builddir
run: meson setup builddir
working-directory: containers/toolbox
- name: Build
@ -150,6 +153,7 @@ jobs:
test/system/001-version.bats \
test/system/002-help.bats \
test/system/101-create.bats \
test/system/102-list.bats \
test/system/103-container.bats \
test/system/105-enter.bats \
test/system/106-rm.bats \
@ -158,6 +162,8 @@ jobs:
test/system/201-ipc.bats \
test/system/203-network.bats \
test/system/220-environment-variables.bats \
test/system/250-kerberos.bats \
test/system/270-rpm.bats \
test/system/501-create.bats \
test/system/505-enter.bats
env:

View File

@ -81,6 +81,39 @@
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-ubuntu.yaml
- job:
name: system-test-fedora-42-commands-options
description: Run Toolbx's commands-options system tests in Fedora 42
timeout: 6300
nodeset:
nodes:
- name: fedora-42
label: cloud-fedora-42
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-42-runtime-environment-arch-fedora
description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora 42
timeout: 6300
nodeset:
nodes:
- name: fedora-42
label: cloud-fedora-42
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-arch-fedora.yaml
- job:
name: system-test-fedora-42-runtime-environment-ubuntu
description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora 42
timeout: 6300
nodeset:
nodes:
- name: fedora-42
label: cloud-fedora-42
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-ubuntu.yaml
- job:
name: system-test-fedora-41-commands-options
description: Run Toolbx's commands-options system tests in Fedora 41
@ -93,59 +126,26 @@
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-41-runtime-environment
description: Run Toolbx's runtime-environment system tests in Fedora 41
name: system-test-fedora-41-runtime-environment-arch-fedora
description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora 41
timeout: 6300
nodeset:
nodes:
- name: fedora-41
label: cloud-fedora-41
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment.yaml
run: playbooks/system-test-runtime-environment-arch-fedora.yaml
- job:
name: system-test-fedora-40-commands-options
description: Run Toolbx's commands-options system tests in Fedora 40
name: system-test-fedora-41-runtime-environment-ubuntu
description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora 41
timeout: 6300
nodeset:
nodes:
- name: fedora-40
label: cloud-fedora-40
- name: fedora-41
label: cloud-fedora-41
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-40-runtime-environment
description: Run Toolbx's runtime-environment system tests in Fedora 40
timeout: 6300
nodeset:
nodes:
- name: fedora-40
label: cloud-fedora-40
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment.yaml
- job:
name: system-test-fedora-39-commands-options
description: Run Toolbx's commands-options system tests in Fedora 39
timeout: 6300
nodeset:
nodes:
- name: fedora-39
label: cloud-fedora-39
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-39-runtime-environment
description: Run Toolbx's runtime-environment system tests in Fedora 39
timeout: 6300
nodeset:
nodes:
- name: fedora-39
label: cloud-fedora-39
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment.yaml
run: playbooks/system-test-runtime-environment-ubuntu.yaml
- project:
periodic:
@ -153,12 +153,12 @@
- system-test-fedora-rawhide-commands-options
- system-test-fedora-rawhide-runtime-environment-arch-fedora
- system-test-fedora-rawhide-runtime-environment-ubuntu
- system-test-fedora-42-commands-options
- system-test-fedora-42-runtime-environment-arch-fedora
- system-test-fedora-42-runtime-environment-ubuntu
- system-test-fedora-41-commands-options
- system-test-fedora-41-runtime-environment
- system-test-fedora-40-commands-options
- system-test-fedora-40-runtime-environment
- system-test-fedora-39-commands-options
- system-test-fedora-39-runtime-environment
- system-test-fedora-41-runtime-environment-arch-fedora
- system-test-fedora-41-runtime-environment-ubuntu
check:
jobs:
- unit-test
@ -167,12 +167,12 @@
- system-test-fedora-rawhide-commands-options
- system-test-fedora-rawhide-runtime-environment-arch-fedora
- system-test-fedora-rawhide-runtime-environment-ubuntu
- system-test-fedora-42-commands-options
- system-test-fedora-42-runtime-environment-arch-fedora
- system-test-fedora-42-runtime-environment-ubuntu
- system-test-fedora-41-commands-options
- system-test-fedora-41-runtime-environment
- system-test-fedora-40-commands-options
- system-test-fedora-40-runtime-environment
- system-test-fedora-39-commands-options
- system-test-fedora-39-runtime-environment
- system-test-fedora-41-runtime-environment-arch-fedora
- system-test-fedora-41-runtime-environment-ubuntu
gate:
jobs:
- unit-test
@ -181,9 +181,9 @@
- system-test-fedora-rawhide-commands-options
- system-test-fedora-rawhide-runtime-environment-arch-fedora
- system-test-fedora-rawhide-runtime-environment-ubuntu
- system-test-fedora-42-commands-options
- system-test-fedora-42-runtime-environment-arch-fedora
- system-test-fedora-42-runtime-environment-ubuntu
- system-test-fedora-41-commands-options
- system-test-fedora-41-runtime-environment
- system-test-fedora-40-commands-options
- system-test-fedora-40-runtime-environment
- system-test-fedora-39-commands-options
- system-test-fedora-39-runtime-environment
- system-test-fedora-41-runtime-environment-arch-fedora
- system-test-fedora-41-runtime-environment-ubuntu

605
NEWS
View File

@ -1,580 +1,71 @@
Overview of changes in 0.0.99.6
===============================
0.1.2
=====
* Add all the iconv converter modules for glibc to the fedora-toolbox images
* Add an extra space after the ⬢ in the PS1
* Add cracklib-dicts to the fedora-toolbox images
* Add logos to the Arch Linux and Fedora badges, and a badge for the Ubuntu
package
* Add manual pages and pacman progress bars to the arch-toolbox image
* Add toolbox image definitions for RHELs 8.8, 8.9, 9.2 and 9.3
* Add translations for gawk to the fedora-toolbox images
* Add ubuntu-toolbox image definitions for Ubuntu 24.04
* Avoid running out of storage space when running the system tests on the CI
* Bump the minimum github.com/briandowns/spinner version to 1.18.0
* Depend on github.com/go-logfmt/logfmt version 0.5.0
* Depend on github.com/NVIDIA/go-nvlib version 0.6.1
* Depend on github.com/NVIDIA/nvidia-container-toolkit version 1.16.1
* Don't unmarshal the 'podman ps' JSON twice
* Don't use use auto dependencies for shell completion scripts
* Drop one "o" and rename the project as "Toolbx"
* Enable more tests on Ubuntu 22.04 by setting the SHELL environment variable
* Enable the proprietary NVIDIA driver
* Exclude the meson.build files when installing the system tests
* Fix pacman cache removal in the arch-toolbox image
* Let 'create' use an image without a name
* Let the terminal know the active container on all host operating systems,
and not just Fedora Silverblue and Workstation
* Limit the scope of temporary files used by the system tests
* Optimize 'enter' and 'run' for both an already running container and a
container getting initialized
* Optimize the CI on Fedora nodes
* Optimize the resource limits tests
* Preserve the Konsole and xterm versions
* Require --assumeyes to pull an image when not connected to a terminal
* Retain errors from toolbox(1) without --verbose when forwarding to host
* Retain exit codes from toolbox(1) when forwarding to host
* Show the entry point's debug logs & errors in 'enter' and 'run'
* Support 64-bit LoongArch
* Synchronize the documentation with the website
* Unbreak Podman's downstream Fedora CI
* Use Buildah and Podman to build and test the arch-toolbox and ubuntu-toolbox
images
* Use the same linker flags as NVIDIA Container Toolkit, and '-z now' is
unsupported
* Work around bug in pasta(1) networks in the system tests
### Security fixes
* Bumped the minimum github.com/briandowns/spinner version to 1.23.2 for
CVE-2022-29526 or GHSA-p782-xgp4-8hr8, and other bug fixes
* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.17.4 for CVE-2024-0134 or GHSA-7jm9-xpwx-v999, CVE-2024-0135 or
GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA-vcfp-63cx-4h59, CVE-2024-0137 or
GHSA-frhw-w3wm-6cw4, and CVE-2025-23359 or GHSA-4hmh-pm5p-9j7j
Overview of changes in 0.0.99.5
===============================
### Enhancements
* Add psmisc to the fedora-toolbox images
* Add several new system and unit tests, and make the existing ones stricter
* Add workaround to support configuring the user's password on some Active
Directory set-ups
* Be aware of security hardened mount points marked with 'nosuid,nodev,noexec'
* Bump the minimum Bats version to 1.7.0 to simplify running a subset of the
system tests and fix various warnings
* Bump the minimum Go requirement to 1.20
* Bump the minimum github.com/docker/go-units version to 0.5.0
* Bump the minimum golang.org/x/sys version to 0.1.0 for CVE-2022-29526 or
GHSA-p782-xgp4-8hr8
* Bump the minimum golang.org/x/text version to 0.3.8 for CVE-2022-32149 or
GHSA-69ch-w2m2-3vjp
* Bump the minimum gopkg.in/yaml.v3 version to 3.0.0 for CVE-2022-28948 or
GHSA-hp87-p4gw-j4gq
* Deprecate the --monitor-host option of 'init-container'
* Don't leak the NAME and VERSION environment variables into containers made
from the fedora-toolbox images
* Drop golang.org/x/term as a dependency
* Ensure that Toolbx containers start even if there aren't sufficient resources
for inotify(7)
* Ensure that the fedora-toolbox images retain documentation and translations
* Ensure that toolbox(1) can be built without using podman(1) and validating
subordinate IDs
* Fix DNS queries in Toolbx containers made from images with systemd-resolved,
when running on hosts that don't use it
* Handle space-separated input when asking for confirmation
* Let the terminal know the active container also on Fedora Linux Asahi Remix
* Offer built-in support for Arch Linux
* Offer built-in support for Ubuntu
* Preserve the host's environment variables for Bash's history facility inside
Toolbx containers
* Rely on podman >= 1.6.4 always being present
* Report the size of the image that will be downloaded from a registry
* Show welcome message on Fedora Sericea
* Support 64-bit RISC-V
* Update fallback release to 38 for non-fedora hosts
* Unbreak the line count checks with Bats >= 1.10.0
* Unbreak the manual page checks with GNU roff >= 1.23
* Various updates to the documentation and manuals
* Added ubuntu-toolbox image definitions for Ubuntu 25.04
* Gave access to the CA certificates from the host operating system — requires
new Toolbx images and 'p11-kit server' on the host. Note that the UBI-based
images for RHEL haven't yet been updated, and this feature is currently
disabled for those containers.
### Bug fixes
Overview of changes in 0.0.99.4
===============================
* Optimized getting the runtime directory
* Replaced links to the code repository with the website
* Updated fallback release to 42 for non-fedora hosts
* Add an --authfile option to 'create'
* Add a --preserve-fds option to 'run'
* Add a test that runs codespell
* Add fedora-toolbox image definition for Fedoras 37, 38 and 39
* Add several new system tests and make the existing ones stricter
* Avoid unexpected DNF behaviour with reinstalling or swapping RPMs when
building the fedora-toolbox images
* Be more strict when looking for a C compiler for building
* Call 'systemd-tmpfiles --create' when installing
* Check if subordinate ID ranges are present for also the UID, and not just
the username
* Document the toolbox.conf configuration file
* Don't create a nested pseudo-terminal device during 'run' if the standard
input and output streams are not connected to a terminal
* Don't leak ID and VARIANT_ID into the shell
* Don't unmarshal the 'podman images' JSON twice
* Enable OpenGL and Vulkan for hardware with free drivers on the
fedora-toolbox images
* Enable running non-nested display servers from a virtual terminal
* Enforce all the default 'go vet' checks on all Go sources
* Enforce gofmt on all Go sources
* Ensure that the 'distro' option is valid, instead of silently falling back
to Fedora
* Ensure that 'run' has the same container environment as 'enter'
* Ensure that the fedora-toolbox images has all the locales known to glibc,
and not just C, POSIX and C.UTF-8
* Exit 'run' with exit code of invoked command
* Fix the titles of the manuals
* Give precedence to /etc/os-release over /usr/lib/os-release in
/etc/profile.d/toolbox.sh
* Hide the Fedora-specific welcome banner on non-Fedora containers
* Improve the error messages if the 'distro' and 'release' options are invalid
* Improve the error messages for mutually exclusive options
* Improve the default image used for RHEL Toolbx containers to offer an
interactive command line experience similar to that on RHEL Workstation
* Make /etc/profile.d/toolbox.sh compatible with Z shell again
* Make sd_booted(3) work inside Toolbx containers
* Preserve the host's XDG_SESSION_CLASS environment variable inside Toolbx
containers
* Replace github.com/mattn/go-isatty and the deprecated
golang.org/x/crypto/ssh/terminal API with golang.org/x/term
* Replace jwhois with whois in the fedora-toolbox images for Fedora >= 37
* Replace the hand-written shell completion for Bash with ones generated by
Cobra that cover fish and Z shell too
* Restore more documentation removed from the base Fedora images
* Run unit tests with -Dmigration_path_for_coreos_toolbox on CentOS Stream 9 as
part of the CI
* Silence warning when running the system tests with Bats >= 1.7.0
* Support RHEL 9 Toolbx containers
* Support subordinate user and group ID ranges on enterprise set-ups
* Unbreak sorting and clearly identify copied images in 'list'
* Update fallback release to 37 for non-fedora hosts
* Update the Go dependencies with 'go get -u'
* Various updates to the documentation and manuals
* Work around Cobra 1.1.2's handling of usage functions
### Dependencies
* Added a new weak dependency on 'p11-kit server'
* Bumped the minimum github.com/NVIDIA/go-nvlib version to 0.7.1
* Bumped the minimum github.com/spf13/viper version to 1.20.1 to reduce the
number of indirect dependencies
* Bumped the minimum github.com/stretchr/testify version to 1.10.0
Overview of changes in 0.0.99.3
===============================
### Tests
* Add bc and iproute to the fedora-toolbox images
* Add fedora-toolbox image definition for Fedoras 35 and 36
* Add support for configuration files
* Add optional migration paths for coreos/toolbox users
* Allow overriding the path to tmpfilesdir
* Avoid RPM failures due to unexpected file owners
* Bump minimum Meson version to 0.58.0
* Ensure that binaries are run against their build-time ABI
* Expose the host's entire / in the container at /run/host
* Fix the PS1 on Z shell
* Fix wrong use of regexp.MatchString
* Give access to PC/SC smart card daemon
* Make locate(1) opt-in by default
* Make the test suite non-destructive
* Mention that private images require 'podman login'
* Remove misleading and redundant CMD from the fedora-toolbox images
* Remove the deprecated com.github.debarshiray.toolbox label from the
fedora-toolbox images, and when creating a new container
* Replace outdated logos with pixels
* Show basic help when man(1) is not available
* Show welcome message on Fedora Kinoite
* Test ImageReferenceCanBeID and ParseRelease
* Unbreak 'enter' if the shell had exited with 127
* Various additions and improvements to the test suite
* Various updates to the documentation and manuals
* Added runtime environment tests for the Kerberos and RPM configuration
* Added unit tests for utils.PathExists()
* Enabled the commands and options tests for 'list' on Arch and Ubuntu 22.04
* Enabled the system tests for 'create' and networking on Arch Linux
* Isolated the storage directory from the host's XDG_CACHE_HOME or HOME —
bumped the minimum Linux kernel version to 6.6
* Made the the commands and options tests for 'create' stricter
* Optimized the runtime environment tests by avoiding a lot of disk I/O
* Restored the generation and installation of the Bash completions on the CI
(regression from Fedora 41)
Overview of changes in 0.0.99.2
===============================
0.1.1
=====
* Add nano-default-editor to the fedora-toolbox images
* Add unit tests for pkg/shell
* Connect Go unit tests to Meson & rename CI job
* Decouple image caching from Zuul for the system tests
* Don't assume that the user's GID is the same as the UID
* Don't require /etc/machine-id in toolbox images
* Drop ShellCheck on Shell Toolbox
* Give access to systemd-resolved's Varlink socket
* Optimize 'enter' and 'run' in the non-fallback case
* Optimize the performance of 'list'
* Properly separate builddir setup & build in the Ansible playbooks
* Rename Dockerfile to Containerfile for the fedora-toolbox images
* Show test execution time for the system tests
* Support listing images without names
* Unbreak 'create' on an unlocked OSTree deployment
* Unbreak 'create' on CoreOS with read-only /boot
* Update default release to 33 for non-Fedora hosts
* Update the GitHub issue templates
* Use a regular file, not a symbolic link, for the README.md in the
fedora-toolbox images
* Fall back to $HOME when using a container if the current working directory
isn't present in it
* Various updates to the Bash completion
* Various updates to the manuals
### Security fixes
* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.16.2 for CVE-2024-0132 or GHSA-mjjw-553x-87pq, and CVE-2024-0133 or
GHSA-f748-7hpg-88ch
Overview of changes in 0.0.99.1
===============================
### Bug fixes
* Add deprecation notices to the POSIX shell implementation
* Add test for the new --distro option
* Drop the FGC namespace from the fedora-toolbox images
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Handle hosts with /etc/localtime as absolute symlink
* Improve README.md
* Improve the Zuul configuration
* Mount /mnt only if it is available
* Refactor the system tests, and use bats-assert and bats-support
* Test that sudo doesn't require a password
* Update the manuals
Overview of changes in 0.0.99
=============================
* Add a --distro option to 'create', 'enter' and 'run'
* Prevent setting VTE-specific PROMPT_COMMAND without VTE
* Remove the --candidate-registry option from Bash completion and the manual
for 'create'
* Remove the deprecated reset command
* Support RHEL hosts by creating containers based on UBI
* Try to avoid 'latest' tags, when looking at RepoTags
* Update the labels used for filtering toolbox containers images
* Update the range of supported Fedora releases
Overview of changes in 0.0.98.1
===============================
* Pass the USER environment variable to the container
* Make /etc/profile.d/toolbox.sh compatible with Z shell again
* Update the manual to mention that the --image and --release options of
'create' can't be used together
Overview of changes in 0.0.98
=============================
* Add nss-mdns to the fedora-toolbox images
* Correctly check validity of container name
* Don't leak all the os-release fields into the shell
* Don't rely on XDG_RUNTIME_DIR when running as root
* Give access to Avahi to resolve the .local mDNS domain
* Make coredumpctl(1) 'dump' and 'debug' work inside toolbox containers
* Make options --image and --release for 'create' mutually exclusive
* Notify the terminal about the real UID of 'toolbox enter'
* Remove periods at the end of flag descriptions
* Set XDG_RUNTIME_DIR when creating the toolbox container
* Unbreak 'enter' on hosts without a /etc/localtime
* Unbreak the system tests on Fedora 33
* Use the host's user namespace when running as root
Overview of changes in 0.0.97
=============================
* Allow X11 clients to run as root
* Color the output only when displaying on a terminal
* Don't rely on user D-Bus to track time zone configuration
* Enable running minikube on Silverblue
* Expose the host's /boot inside the container at /run/host
* Fix missing terminfo warning for Ubuntu containers
* Make locate(1) work inside toolbox containers
* Make pseudo-terminal devices be owned by the 'tty' group
* Rework test to check if a toolbox container started successfully
* Run a login shell when falling back to Bash during 'enter'
Overview of changes in 0.0.96
=============================
* Don't break GNU Readline's ctrl-p shortcut
* Enable system tests on Fedora 33
* Fix containers with missing /media possibly due to a failed RPM transaction
* Give access to the udev database
* Unbreak X11 applications with GNOME 3.38
* Update default release to 31 for non-Fedora hosts
Overview of changes in 0.0.95
=============================
* Try to handle configuration files that're absolute symlinks when the entry
point sets up the container
* Unbreak 'enter' on Fedora CoreOS
* Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
* Warn if $TERM has no terminfo entry in the container
Overview of changes in 0.0.94
=============================
* Add contribution guidelines
* Add fedora-toolbox image definition for Fedora 34
* Add more information to errors from creating symbolic links when setting up
the toolbox container in the entry point
* Ensure binaries built on Fedora 33 run on Fedoras 32 & 31
* Install the tests
* Make it more obvious when falling back to /bin/bash
* Document that sudo(8) should work without a password
* Mount a tmpfs at /tmp to match the host
* Update issue templates
Overview of changes in 0.0.93
=============================
* Ensure reproducible builds by using the -trimpath build flag
* Fix the test suite to work with the Go implementation
* Make listing of containers and images more robust against changes in the JSON
returned by Podman
* List out dependencies and installation instructions
* Re-enable highlighting of running containers
* Show the spinner only when connected to a terminal
* Speed things up by caching the Podman version at runtime
* Update hint after creating a container to use the new syntax
* Use the correct verb format for string
Overview of changes in 0.0.92
=============================
* Embed the version from Meson into the binary
* Make it build on aarch64
Overview of changes in 0.0.91
=============================
* Add gvfs-client to the fedora-toolbox images
* Adjust for changes in JSON output from 'podman ps' and 'podman images' in
Podman 2.0
* Lower the Go build requirements to make it easier to build on Fedora
* Show an error if $PWD is missing inside the container
Overview of changes in 0.0.90
=============================
* Rewrite Toolbox in Go
* Remove support for toolbox containers created by Toolbox 0.0.9 and older
* Add option --version to show current Toolbox version
* Add options --log-level and --log-podman as possible future replacements for
--verbose and --very-verbose
* Clean up the spinner when aborted by SIGINT (or ctrl+c) and such
* Fix duplication in the output of the list command
* Mark the reset command as deprecated (replaced by 'podman system reset')
* Support specifying the name of a toolbox container as an argument to the
create and enter commands, in addition to the --container option
Overview of changes in 0.0.18
=============================
* Check /usr/share/profile.d when bind mounting toolbox.sh
* Mount /media only if it is available
* Set up /media and /mnt to match the host
* Unbreak 'enter' when SELinux is disabled
Overview of changes in 0.0.17
=============================
* Add a --very-verbose or -vv option
* Deprecate all toolbox containers that don't use a reflexive entry point
* Ensure that 'run' has at least one argument for the command
* Give access to the host's systemd journal
* Wipe out the container's /sys/fs/selinux to not advertise SELinux
Overview of changes in 0.0.16
=============================
* Add a reset command
* Document requirements for distro support
* Don't use a toolbox container until after it has been configured
* Drop the coloured heading from 'list'
* Miscellaneous fixes to Bash completion
* Remove the hidden --sudo option and the /etc/sudoers.d snippet
* Try to migrate to a supported OCI runtime if 'podman start' suggests so
* Unbreak 'run' if container lacks files that are redirected to the host
Overview of changes in 0.0.15
=============================
* Be forgiving of a missing /etc/profile.d/toolbox.sh in 'run'
* Don't sanity check /etc/subgid and /etc/subuid when running as root
* Install only flatpak-spawn, not the rest of flatpak-xdg-utils, in the images
* Let the terminal know the active container only on some Fedora variants
* Rely on 'podman system migrate' always being present
* Simplify code by dropping compatibility with 'podman create' < 1.4.0
* Switch to using /usr/lib/os-release instead of /etc/os-release
* Unbreak 'create' on Silverblue
* Update default release to 30 when running on non-fedora hosts
Overview of changes in 0.0.14
=============================
* Adjust the grep match pattern to be more specific
* Don't exit with a non-zero code from 'toolbox list -i'
* Expose a few more host locations inside the container under /run/host
* Give access to the system Flatpak directory
* Give access to the system libvirt instance
* Mount /run/media only if it is available
* Preserve the host's ulimits when creating toolbox containers
* Work around 'podman exec' resetting the terminal size to 80x24
Overview of changes in 0.0.13
=============================
* Drop PackageKit-command-not-found from the images
* Improve the help or usage output
* Simplify code by taking advantage of 'podman create --userns=keep-id'
* Simplify code by taking advantage of 'podman exec --workdir ...'
* Tighten the Silverblue check for the welcome message
Overview of changes in 0.0.12
=============================
* Create /run/.toolboxenv inside the toolbox container's entry point too
* Don't use 'podman cp' to copy toolbox.sh to old containers
* Drop the "immutable" term
* Unbreak /etc/localtime & /etc/timezone if /run/host/monitor is absent
Overview of changes in 0.0.11
=============================
* Allow Qt applications to work without QT_X11_NO_MITSHM
* Check if /etc/subgid and /etc/subuid have entries for the user
* Give access to the entire /dev from the host operating system
* Keep /etc/host.conf, /etc/localtime and /etc/timezone synchronized with the
host
* Notify the terminal about the current toolbox container in use
* Prevent Podman from complaining about 'podman cp --pause=true ...'
* Unbreak rendering & wrapping of commands typed at an interactive prompt
* Unbreak setting up /home as a symbolic link
Overview of changes in 0.0.10
=============================
* Add a run command
* Create /run/.toolboxenv in 'toolbox enter' for identification
* Drop the Buildah dependency and the user-specific customized image
* Keep /etc/hosts and /etc/resolv.conf synchronized with the host
* Migrate existing containers when Podman is updated
* Retain the PS1 across su(1) and sudo(8)
* Set the Kerberos credential cache type only if Kerberos is available
* Support column(1) from bsdmainutils
* Support 'sudo' as default sudo(8) group
* Use a magenta hexagon instead of 🔹 in the PS1
Overview of changes in 0.0.9
============================
* Add Bash completion
* Allow connecting to Wayland displays other than "wayland-0"
* Ask for confirmation before downloading the base image
* Improve the onboarding experience
* Make it available inside the toolbox container
* Make 'toolbox enter' create or fall back to a container when possible
* Set TOOLBOX_CONTAINER in the environment to identify as a toolbox
* Set default release to 29 when running on non-fedora hosts
* Show welcome texts on interactive shells
Overview of changes in 0.0.8
============================
* Add label for tagging, not tied to the fedora-toolbox name
* Add short variants for various options in 'create' and 'enter'
* Ensure that names of toolbox containers don't have a colon
* Enable Travis
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Give access to Kerberos if KCM credential caches are being used
* Improve the onboarding experience
* Reduce the sizes of the images by removing temporary files created by DNF
* Use a lighter entry point than /bin/sh
Overview of changes in 0.0.7
============================
* Add fedora-toolbox image definition for Fedora 31
* Add flatpak-xdg-utils to Fedoras 29 and 30
* Add manuals
* Add rm and rmi commands
* Be more informative when creating the working container
* Clarify the error message if the toolbox container is not found
* Don't create volumes in the image for bind mounts from the host
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Give access to /dev/bus for control transfers from USB devices
* Give access to removable devices and other temporary mounts
* Lots of Bash-isms removed for POSIX correctness
* Make the --image flag override the base toolbox image, as documented
* Make the spinner more efficient
* Restore documentation removed from the base Fedora images
Overview of changes in 0.0.6
============================
* Add a list command
* Drop the "fedora" prefix and rename the project as just "toolbox"
* Fix typos pointed out by https://www.shellcheck.net/
* Lots of Bash-isms removed for POSIX correctness
* Make --container and --image command-specific options
* Make it work inside the toolbox container itself
* Shorten the prefix for debug and error messages
* Use the host's PID namespace for the toolbox container
* Use the standard error output for error messages
Overview of changes in 0.0.5
============================
* Give access to mounts under $HOME, and make autofs work
* Show a spinner when creating the toolbox
Overview of changes in 0.0.4
============================
* Avoid spooky root-like behaviour for non-root interactive shells
* Give access to the FUSE kernel module
* Improve the readability of the debug output
* Set up $HOME and /home to match the host
* Try to enter the same directory inside the toolbox
Overview of changes in 0.0.3
============================
* Clean up the Buildah working containers on error
* Unbreak creating the toolbox if the toolbox image already exists
Overview of changes in 0.0.2
============================
* Allow an 'F' or 'f' prefix when specifying the release
* Avoid a Bash-ism (ie. ==) and stick to POSIX (ie. =)
* Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
* Give access to the system D-Bus instance
* Make shm_open work
Overview of changes in 0.0.1
============================
* First preview release
* Unbroke 'enter' if the NVIDIA Persistence Daemon is used (regression in
0.0.99.6)
* Unbroke 'enter' if the proprietary NVIDIA driver is installed, but not used
(regression in 0.0.99.6)
----
Copyright © 2018 2024 Red Hat, Inc.
Copyright © 2024 Red Hat, Inc.
All rights reserved.
Copying and distribution of this file, with or without modification,

594
NEWS.old Normal file
View File

@ -0,0 +1,594 @@
Overview of changes in 0.1.0
============================
* Add ubuntu-toolbox image definitions for Ubuntu 24.10
* Optimize the CI on stable Fedora nodes
* Stop updating the ubuntu-toolbox images for Ubuntu 16.04 and 18.04
* Stop using slirp4netns(1) in the system tests
* Unbreak the downstream Fedora CI
* Unbreak the ubuntu-toolbox image build for Ubuntu 24.04
* Update fallback release to 40 for non-fedora hosts
Overview of changes in 0.0.99.6
===============================
* Add all the iconv converter modules for glibc to the fedora-toolbox images
* Add an extra space after the ⬢ in the PS1
* Add cracklib-dicts to the fedora-toolbox images
* Add logos to the Arch Linux and Fedora badges, and a badge for the Ubuntu
package
* Add manual pages and pacman progress bars to the arch-toolbox image
* Add toolbox image definitions for RHELs 8.8, 8.9, 9.2 and 9.3
* Add translations for gawk to the fedora-toolbox images
* Add ubuntu-toolbox image definitions for Ubuntu 24.04
* Avoid running out of storage space when running the system tests on the CI
* Bump the minimum github.com/briandowns/spinner version to 1.18.0
* Depend on github.com/go-logfmt/logfmt version 0.5.0
* Depend on github.com/NVIDIA/go-nvlib version 0.6.1
* Depend on github.com/NVIDIA/nvidia-container-toolkit version 1.16.1
* Don't unmarshal the 'podman ps' JSON twice
* Don't use use auto dependencies for shell completion scripts
* Drop one "o" and rename the project as "Toolbx"
* Enable more tests on Ubuntu 22.04 by setting the SHELL environment variable
* Enable the proprietary NVIDIA driver
* Exclude the meson.build files when installing the system tests
* Fix pacman cache removal in the arch-toolbox image
* Let 'create' use an image without a name
* Let the terminal know the active container on all host operating systems,
and not just Fedora Silverblue and Workstation
* Limit the scope of temporary files used by the system tests
* Optimize 'enter' and 'run' for both an already running container and a
container getting initialized
* Optimize the CI on Fedora nodes
* Optimize the resource limits tests
* Preserve the Konsole and xterm versions
* Require --assumeyes to pull an image when not connected to a terminal
* Retain errors from toolbox(1) without --verbose when forwarding to host
* Retain exit codes from toolbox(1) when forwarding to host
* Show the entry point's debug logs & errors in 'enter' and 'run'
* Support 64-bit LoongArch
* Synchronize the documentation with the website
* Unbreak Podman's downstream Fedora CI
* Use Buildah and Podman to build and test the arch-toolbox and ubuntu-toolbox
images
* Use the same linker flags as NVIDIA Container Toolkit, and '-z now' is
unsupported
* Work around bug in pasta(1) networks in the system tests
Overview of changes in 0.0.99.5
===============================
* Add psmisc to the fedora-toolbox images
* Add several new system and unit tests, and make the existing ones stricter
* Add workaround to support configuring the user's password on some Active
Directory set-ups
* Be aware of security hardened mount points marked with 'nosuid,nodev,noexec'
* Bump the minimum Bats version to 1.7.0 to simplify running a subset of the
system tests and fix various warnings
* Bump the minimum Go requirement to 1.20
* Bump the minimum github.com/docker/go-units version to 0.5.0
* Bump the minimum golang.org/x/sys version to 0.1.0 for CVE-2022-29526 or
GHSA-p782-xgp4-8hr8
* Bump the minimum golang.org/x/text version to 0.3.8 for CVE-2022-32149 or
GHSA-69ch-w2m2-3vjp
* Bump the minimum gopkg.in/yaml.v3 version to 3.0.0 for CVE-2022-28948 or
GHSA-hp87-p4gw-j4gq
* Deprecate the --monitor-host option of 'init-container'
* Don't leak the NAME and VERSION environment variables into containers made
from the fedora-toolbox images
* Drop golang.org/x/term as a dependency
* Ensure that Toolbx containers start even if there aren't sufficient resources
for inotify(7)
* Ensure that the fedora-toolbox images retain documentation and translations
* Ensure that toolbox(1) can be built without using podman(1) and validating
subordinate IDs
* Fix DNS queries in Toolbx containers made from images with systemd-resolved,
when running on hosts that don't use it
* Handle space-separated input when asking for confirmation
* Let the terminal know the active container also on Fedora Linux Asahi Remix
* Offer built-in support for Arch Linux
* Offer built-in support for Ubuntu
* Preserve the host's environment variables for Bash's history facility inside
Toolbx containers
* Rely on podman >= 1.6.4 always being present
* Report the size of the image that will be downloaded from a registry
* Show welcome message on Fedora Sericea
* Support 64-bit RISC-V
* Update fallback release to 38 for non-fedora hosts
* Unbreak the line count checks with Bats >= 1.10.0
* Unbreak the manual page checks with GNU roff >= 1.23
* Various updates to the documentation and manuals
Overview of changes in 0.0.99.4
===============================
* Add an --authfile option to 'create'
* Add a --preserve-fds option to 'run'
* Add a test that runs codespell
* Add fedora-toolbox image definition for Fedoras 37, 38 and 39
* Add several new system tests and make the existing ones stricter
* Avoid unexpected DNF behaviour with reinstalling or swapping RPMs when
building the fedora-toolbox images
* Be more strict when looking for a C compiler for building
* Call 'systemd-tmpfiles --create' when installing
* Check if subordinate ID ranges are present for also the UID, and not just
the username
* Document the toolbox.conf configuration file
* Don't create a nested pseudo-terminal device during 'run' if the standard
input and output streams are not connected to a terminal
* Don't leak ID and VARIANT_ID into the shell
* Don't unmarshal the 'podman images' JSON twice
* Enable OpenGL and Vulkan for hardware with free drivers on the
fedora-toolbox images
* Enable running non-nested display servers from a virtual terminal
* Enforce all the default 'go vet' checks on all Go sources
* Enforce gofmt on all Go sources
* Ensure that the 'distro' option is valid, instead of silently falling back
to Fedora
* Ensure that 'run' has the same container environment as 'enter'
* Ensure that the fedora-toolbox images has all the locales known to glibc,
and not just C, POSIX and C.UTF-8
* Exit 'run' with exit code of invoked command
* Fix the titles of the manuals
* Give precedence to /etc/os-release over /usr/lib/os-release in
/etc/profile.d/toolbox.sh
* Hide the Fedora-specific welcome banner on non-Fedora containers
* Improve the error messages if the 'distro' and 'release' options are invalid
* Improve the error messages for mutually exclusive options
* Improve the default image used for RHEL Toolbx containers to offer an
interactive command line experience similar to that on RHEL Workstation
* Make /etc/profile.d/toolbox.sh compatible with Z shell again
* Make sd_booted(3) work inside Toolbx containers
* Preserve the host's XDG_SESSION_CLASS environment variable inside Toolbx
containers
* Replace github.com/mattn/go-isatty and the deprecated
golang.org/x/crypto/ssh/terminal API with golang.org/x/term
* Replace jwhois with whois in the fedora-toolbox images for Fedora >= 37
* Replace the hand-written shell completion for Bash with ones generated by
Cobra that cover fish and Z shell too
* Restore more documentation removed from the base Fedora images
* Run unit tests with -Dmigration_path_for_coreos_toolbox on CentOS Stream 9 as
part of the CI
* Silence warning when running the system tests with Bats >= 1.7.0
* Support RHEL 9 Toolbx containers
* Support subordinate user and group ID ranges on enterprise set-ups
* Unbreak sorting and clearly identify copied images in 'list'
* Update fallback release to 37 for non-fedora hosts
* Update the Go dependencies with 'go get -u'
* Various updates to the documentation and manuals
* Work around Cobra 1.1.2's handling of usage functions
Overview of changes in 0.0.99.3
===============================
* Add bc and iproute to the fedora-toolbox images
* Add fedora-toolbox image definition for Fedoras 35 and 36
* Add support for configuration files
* Add optional migration paths for coreos/toolbox users
* Allow overriding the path to tmpfilesdir
* Avoid RPM failures due to unexpected file owners
* Bump minimum Meson version to 0.58.0
* Ensure that binaries are run against their build-time ABI
* Expose the host's entire / in the container at /run/host
* Fix the PS1 on Z shell
* Fix wrong use of regexp.MatchString
* Give access to PC/SC smart card daemon
* Make locate(1) opt-in by default
* Make the test suite non-destructive
* Mention that private images require 'podman login'
* Remove misleading and redundant CMD from the fedora-toolbox images
* Remove the deprecated com.github.debarshiray.toolbox label from the
fedora-toolbox images, and when creating a new container
* Replace outdated logos with pixels
* Show basic help when man(1) is not available
* Show welcome message on Fedora Kinoite
* Test ImageReferenceCanBeID and ParseRelease
* Unbreak 'enter' if the shell had exited with 127
* Various additions and improvements to the test suite
* Various updates to the documentation and manuals
Overview of changes in 0.0.99.2
===============================
* Add nano-default-editor to the fedora-toolbox images
* Add unit tests for pkg/shell
* Connect Go unit tests to Meson & rename CI job
* Decouple image caching from Zuul for the system tests
* Don't assume that the user's GID is the same as the UID
* Don't require /etc/machine-id in toolbox images
* Drop ShellCheck on Shell Toolbox
* Give access to systemd-resolved's Varlink socket
* Optimize 'enter' and 'run' in the non-fallback case
* Optimize the performance of 'list'
* Properly separate builddir setup & build in the Ansible playbooks
* Rename Dockerfile to Containerfile for the fedora-toolbox images
* Show test execution time for the system tests
* Support listing images without names
* Unbreak 'create' on an unlocked OSTree deployment
* Unbreak 'create' on CoreOS with read-only /boot
* Update default release to 33 for non-Fedora hosts
* Update the GitHub issue templates
* Use a regular file, not a symbolic link, for the README.md in the
fedora-toolbox images
* Fall back to $HOME when using a container if the current working directory
isn't present in it
* Various updates to the Bash completion
* Various updates to the manuals
Overview of changes in 0.0.99.1
===============================
* Add deprecation notices to the POSIX shell implementation
* Add test for the new --distro option
* Drop the FGC namespace from the fedora-toolbox images
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Handle hosts with /etc/localtime as absolute symlink
* Improve README.md
* Improve the Zuul configuration
* Mount /mnt only if it is available
* Refactor the system tests, and use bats-assert and bats-support
* Test that sudo doesn't require a password
* Update the manuals
Overview of changes in 0.0.99
=============================
* Add a --distro option to 'create', 'enter' and 'run'
* Prevent setting VTE-specific PROMPT_COMMAND without VTE
* Remove the --candidate-registry option from Bash completion and the manual
for 'create'
* Remove the deprecated reset command
* Support RHEL hosts by creating containers based on UBI
* Try to avoid 'latest' tags, when looking at RepoTags
* Update the labels used for filtering toolbox containers images
* Update the range of supported Fedora releases
Overview of changes in 0.0.98.1
===============================
* Pass the USER environment variable to the container
* Make /etc/profile.d/toolbox.sh compatible with Z shell again
* Update the manual to mention that the --image and --release options of
'create' can't be used together
Overview of changes in 0.0.98
=============================
* Add nss-mdns to the fedora-toolbox images
* Correctly check validity of container name
* Don't leak all the os-release fields into the shell
* Don't rely on XDG_RUNTIME_DIR when running as root
* Give access to Avahi to resolve the .local mDNS domain
* Make coredumpctl(1) 'dump' and 'debug' work inside toolbox containers
* Make options --image and --release for 'create' mutually exclusive
* Notify the terminal about the real UID of 'toolbox enter'
* Remove periods at the end of flag descriptions
* Set XDG_RUNTIME_DIR when creating the toolbox container
* Unbreak 'enter' on hosts without a /etc/localtime
* Unbreak the system tests on Fedora 33
* Use the host's user namespace when running as root
Overview of changes in 0.0.97
=============================
* Allow X11 clients to run as root
* Color the output only when displaying on a terminal
* Don't rely on user D-Bus to track time zone configuration
* Enable running minikube on Silverblue
* Expose the host's /boot inside the container at /run/host
* Fix missing terminfo warning for Ubuntu containers
* Make locate(1) work inside toolbox containers
* Make pseudo-terminal devices be owned by the 'tty' group
* Rework test to check if a toolbox container started successfully
* Run a login shell when falling back to Bash during 'enter'
Overview of changes in 0.0.96
=============================
* Don't break GNU Readline's ctrl-p shortcut
* Enable system tests on Fedora 33
* Fix containers with missing /media possibly due to a failed RPM transaction
* Give access to the udev database
* Unbreak X11 applications with GNOME 3.38
* Update default release to 31 for non-Fedora hosts
Overview of changes in 0.0.95
=============================
* Try to handle configuration files that're absolute symlinks when the entry
point sets up the container
* Unbreak 'enter' on Fedora CoreOS
* Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
* Warn if $TERM has no terminfo entry in the container
Overview of changes in 0.0.94
=============================
* Add contribution guidelines
* Add fedora-toolbox image definition for Fedora 34
* Add more information to errors from creating symbolic links when setting up
the toolbox container in the entry point
* Ensure binaries built on Fedora 33 run on Fedoras 32 & 31
* Install the tests
* Make it more obvious when falling back to /bin/bash
* Document that sudo(8) should work without a password
* Mount a tmpfs at /tmp to match the host
* Update issue templates
Overview of changes in 0.0.93
=============================
* Ensure reproducible builds by using the -trimpath build flag
* Fix the test suite to work with the Go implementation
* Make listing of containers and images more robust against changes in the JSON
returned by Podman
* List out dependencies and installation instructions
* Re-enable highlighting of running containers
* Show the spinner only when connected to a terminal
* Speed things up by caching the Podman version at runtime
* Update hint after creating a container to use the new syntax
* Use the correct verb format for string
Overview of changes in 0.0.92
=============================
* Embed the version from Meson into the binary
* Make it build on aarch64
Overview of changes in 0.0.91
=============================
* Add gvfs-client to the fedora-toolbox images
* Adjust for changes in JSON output from 'podman ps' and 'podman images' in
Podman 2.0
* Lower the Go build requirements to make it easier to build on Fedora
* Show an error if $PWD is missing inside the container
Overview of changes in 0.0.90
=============================
* Rewrite Toolbox in Go
* Remove support for toolbox containers created by Toolbox 0.0.9 and older
* Add option --version to show current Toolbox version
* Add options --log-level and --log-podman as possible future replacements for
--verbose and --very-verbose
* Clean up the spinner when aborted by SIGINT (or ctrl+c) and such
* Fix duplication in the output of the list command
* Mark the reset command as deprecated (replaced by 'podman system reset')
* Support specifying the name of a toolbox container as an argument to the
create and enter commands, in addition to the --container option
Overview of changes in 0.0.18
=============================
* Check /usr/share/profile.d when bind mounting toolbox.sh
* Mount /media only if it is available
* Set up /media and /mnt to match the host
* Unbreak 'enter' when SELinux is disabled
Overview of changes in 0.0.17
=============================
* Add a --very-verbose or -vv option
* Deprecate all toolbox containers that don't use a reflexive entry point
* Ensure that 'run' has at least one argument for the command
* Give access to the host's systemd journal
* Wipe out the container's /sys/fs/selinux to not advertise SELinux
Overview of changes in 0.0.16
=============================
* Add a reset command
* Document requirements for distro support
* Don't use a toolbox container until after it has been configured
* Drop the coloured heading from 'list'
* Miscellaneous fixes to Bash completion
* Remove the hidden --sudo option and the /etc/sudoers.d snippet
* Try to migrate to a supported OCI runtime if 'podman start' suggests so
* Unbreak 'run' if container lacks files that are redirected to the host
Overview of changes in 0.0.15
=============================
* Be forgiving of a missing /etc/profile.d/toolbox.sh in 'run'
* Don't sanity check /etc/subgid and /etc/subuid when running as root
* Install only flatpak-spawn, not the rest of flatpak-xdg-utils, in the images
* Let the terminal know the active container only on some Fedora variants
* Rely on 'podman system migrate' always being present
* Simplify code by dropping compatibility with 'podman create' < 1.4.0
* Switch to using /usr/lib/os-release instead of /etc/os-release
* Unbreak 'create' on Silverblue
* Update default release to 30 when running on non-fedora hosts
Overview of changes in 0.0.14
=============================
* Adjust the grep match pattern to be more specific
* Don't exit with a non-zero code from 'toolbox list -i'
* Expose a few more host locations inside the container under /run/host
* Give access to the system Flatpak directory
* Give access to the system libvirt instance
* Mount /run/media only if it is available
* Preserve the host's ulimits when creating toolbox containers
* Work around 'podman exec' resetting the terminal size to 80x24
Overview of changes in 0.0.13
=============================
* Drop PackageKit-command-not-found from the images
* Improve the help or usage output
* Simplify code by taking advantage of 'podman create --userns=keep-id'
* Simplify code by taking advantage of 'podman exec --workdir ...'
* Tighten the Silverblue check for the welcome message
Overview of changes in 0.0.12
=============================
* Create /run/.toolboxenv inside the toolbox container's entry point too
* Don't use 'podman cp' to copy toolbox.sh to old containers
* Drop the "immutable" term
* Unbreak /etc/localtime & /etc/timezone if /run/host/monitor is absent
Overview of changes in 0.0.11
=============================
* Allow Qt applications to work without QT_X11_NO_MITSHM
* Check if /etc/subgid and /etc/subuid have entries for the user
* Give access to the entire /dev from the host operating system
* Keep /etc/host.conf, /etc/localtime and /etc/timezone synchronized with the
host
* Notify the terminal about the current toolbox container in use
* Prevent Podman from complaining about 'podman cp --pause=true ...'
* Unbreak rendering & wrapping of commands typed at an interactive prompt
* Unbreak setting up /home as a symbolic link
Overview of changes in 0.0.10
=============================
* Add a run command
* Create /run/.toolboxenv in 'toolbox enter' for identification
* Drop the Buildah dependency and the user-specific customized image
* Keep /etc/hosts and /etc/resolv.conf synchronized with the host
* Migrate existing containers when Podman is updated
* Retain the PS1 across su(1) and sudo(8)
* Set the Kerberos credential cache type only if Kerberos is available
* Support column(1) from bsdmainutils
* Support 'sudo' as default sudo(8) group
* Use a magenta hexagon instead of 🔹 in the PS1
Overview of changes in 0.0.9
============================
* Add Bash completion
* Allow connecting to Wayland displays other than "wayland-0"
* Ask for confirmation before downloading the base image
* Improve the onboarding experience
* Make it available inside the toolbox container
* Make 'toolbox enter' create or fall back to a container when possible
* Set TOOLBOX_CONTAINER in the environment to identify as a toolbox
* Set default release to 29 when running on non-fedora hosts
* Show welcome texts on interactive shells
Overview of changes in 0.0.8
============================
* Add label for tagging, not tied to the fedora-toolbox name
* Add short variants for various options in 'create' and 'enter'
* Ensure that names of toolbox containers don't have a colon
* Enable Travis
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Give access to Kerberos if KCM credential caches are being used
* Improve the onboarding experience
* Reduce the sizes of the images by removing temporary files created by DNF
* Use a lighter entry point than /bin/sh
Overview of changes in 0.0.7
============================
* Add fedora-toolbox image definition for Fedora 31
* Add flatpak-xdg-utils to Fedoras 29 and 30
* Add manuals
* Add rm and rmi commands
* Be more informative when creating the working container
* Clarify the error message if the toolbox container is not found
* Don't create volumes in the image for bind mounts from the host
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Give access to /dev/bus for control transfers from USB devices
* Give access to removable devices and other temporary mounts
* Lots of Bash-isms removed for POSIX correctness
* Make the --image flag override the base toolbox image, as documented
* Make the spinner more efficient
* Restore documentation removed from the base Fedora images
Overview of changes in 0.0.6
============================
* Add a list command
* Drop the "fedora" prefix and rename the project as just "toolbox"
* Fix typos pointed out by https://www.shellcheck.net/
* Lots of Bash-isms removed for POSIX correctness
* Make --container and --image command-specific options
* Make it work inside the toolbox container itself
* Shorten the prefix for debug and error messages
* Use the host's PID namespace for the toolbox container
* Use the standard error output for error messages
Overview of changes in 0.0.5
============================
* Give access to mounts under $HOME, and make autofs work
* Show a spinner when creating the toolbox
Overview of changes in 0.0.4
============================
* Avoid spooky root-like behaviour for non-root interactive shells
* Give access to the FUSE kernel module
* Improve the readability of the debug output
* Set up $HOME and /home to match the host
* Try to enter the same directory inside the toolbox
Overview of changes in 0.0.3
============================
* Clean up the Buildah working containers on error
* Unbreak creating the toolbox if the toolbox image already exists
Overview of changes in 0.0.2
============================
* Allow an 'F' or 'f' prefix when specifying the release
* Avoid a Bash-ism (ie. ==) and stick to POSIX (ie. =)
* Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
* Give access to the system D-Bus instance
* Make shm_open work
Overview of changes in 0.0.1
============================
* First preview release
----
Copyright © 2018 2024 Red Hat, Inc.
All rights reserved.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.

View File

@ -23,3 +23,6 @@ RUN yes | pacman -Scc
# Enable sudo permission for wheel users
RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/toolbox
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules

View File

@ -4,6 +4,7 @@ flatpak-xdg-utils
git
gnupg
keyutils
libp11-kit
lsof
man-db
man-pages

View File

@ -33,6 +33,9 @@ RUN rm /extra-packages
# Allow authentication with empty password, promptless
RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

View File

@ -2,6 +2,7 @@ curl
git
gnupg2
keyutils
p11-kit-modules
tree
unzip
zip

View File

@ -35,6 +35,9 @@ RUN rm /extra-packages
# Allow authentication with empty password, promptless
RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

View File

@ -2,6 +2,7 @@ curl
git
gnupg2
keyutils
p11-kit-modules
tree
unzip
zip

View File

@ -32,6 +32,9 @@ RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

View File

@ -2,6 +2,7 @@ curl
git
gnupg2
keyutils
p11-kit-modules
tree
unzip
zip

View File

@ -21,9 +21,10 @@ RUN sed -Ei 's/^(hosts:.*)(\<files\>)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.
# Install ubuntu-minimal & ubuntu-standard
# Install extra packages as well as libnss-myhostname
COPY extra-packages /
RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \
apt-get update && \
yes | /usr/local/sbin/unminimize && \
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get -y install unminimize && \
sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/bin/unminimize && \
yes | /usr/bin/unminimize && \
DEBIAN_FRONTEND=noninteractive apt-get -y install \
ubuntu-minimal ubuntu-standard \
libnss-myhostname \
@ -32,6 +33,9 @@ RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

View File

@ -2,6 +2,7 @@ curl
git
gnupg2
keyutils
p11-kit-modules
tree
unzip
zip

View File

@ -1,8 +1,8 @@
FROM docker.io/library/ubuntu:23.10
FROM docker.io/library/ubuntu:24.10
LABEL com.github.containers.toolbox="true" \
name="ubuntu-toolbox" \
version="23.10" \
version="24.10" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Ubuntu Toolbx containers" \
maintainer="Ievgen Popovych <jmennius@gmail.com>"
@ -11,19 +11,14 @@ LABEL com.github.containers.toolbox="true" \
# Remove docker-gzip-indexes to help with "command-not-found"
RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages
# Enable myhostname nss plugin for clean hostname resolution without patching
# hosts (at least for sudo), add it right after 'files' entry. We expect that
# this entry is not present yet. Do this early so that package postinst (which
# adds it too late in the order) skips this step
RUN sed -Ei 's/^(hosts:.*)(\<files\>)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf
# Restore documentation but do not upgrade all packages
# Install ubuntu-minimal & ubuntu-standard
# Install extra packages as well as libnss-myhostname
COPY extra-packages /
RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \
apt-get update && \
yes | /usr/local/sbin/unminimize && \
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get -y install unminimize && \
sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/bin/unminimize && \
yes | /usr/bin/unminimize && \
DEBIAN_FRONTEND=noninteractive apt-get -y install \
ubuntu-minimal ubuntu-standard \
libnss-myhostname \
@ -32,6 +27,9 @@ RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty

View File

@ -2,6 +2,7 @@ curl
git
gnupg2
keyutils
p11-kit-modules
tree
unzip
zip

View File

@ -0,0 +1,44 @@
FROM docker.io/library/ubuntu:25.04
LABEL com.github.containers.toolbox="true" \
name="ubuntu-toolbox" \
version="25.04" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Ubuntu Toolbx containers" \
maintainer="Ievgen Popovych <jmennius@gmail.com>"
# Remove apt configuration optimized for containers
# Remove docker-gzip-indexes to help with "command-not-found"
RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages
# Restore documentation but do not upgrade all packages
# Install ubuntu-minimal & ubuntu-standard
# Install extra packages as well as libnss-myhostname
COPY extra-packages /
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get -y install unminimize && \
sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/bin/unminimize && \
yes | /usr/bin/unminimize && \
DEBIAN_FRONTEND=noninteractive apt-get -y install \
ubuntu-minimal ubuntu-standard \
libnss-myhostname \
flatpak-xdg-utils \
$(cat extra-packages | xargs) && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules
# Fix empty bind-mount to clear selinuxfs (see #337)
RUN mkdir /usr/share/empty
# Add flatpak-spawn to /usr/bin
RUN ln -s /usr/libexec/flatpak-xdg-utils/flatpak-spawn /usr/bin/
# Having anything in /home prevents toolbox from symlinking /var/home there,
# and 'ubuntu' user with UID 1000 will most likely conflict with host user as well
RUN userdel --remove ubuntu
# Disable APT ESM hook which tries to enable some systemd services on each apt invocation
RUN rm /etc/apt/apt.conf.d/20apt-esm-hook.conf

View File

@ -0,0 +1,9 @@
curl
git
gnupg2
keyutils
p11-kit-modules
tree
unzip
zip
zsh

View File

@ -1,7 +1,7 @@
project(
'toolbox',
'c',
version: '0.0.99.6',
version: '0.1.2',
license: 'ASL 2.0',
default_options: 'c_std=c99',
meson_version: '>= 0.58.0',
@ -23,6 +23,27 @@ bats = find_program('bats', required: false)
codespell = find_program('codespell', required: false)
htpasswd = find_program('htpasswd', required: false)
openssl = find_program('openssl', required: false)
p11kit_server_works = false
p11kit = find_program('p11-kit', required: false)
if p11kit.found()
res = run_command(p11kit, 'server', check: false)
if res.returncode() == 0
error('Command \'p11-kit server\' was supposed to fail')
endif
res_stdout = res.stdout()
if res_stdout.contains('--name') and res_stdout.contains('--provider')
p11kit_server_works = true
else
warning('Command \'p11-kit server\' doesn\'t work')
endif
endif
if not p11kit_server_works
warning('Containers won\'t have access to the CA certificates from the host')
endif
podman = find_program('podman', required: false)
shellcheck = find_program('shellcheck', required: false)
skopeo = find_program('skopeo', required: false)
@ -73,6 +94,7 @@ if codespell.found()
'--exclude-file', meson.project_source_root() / '.codespellexcludefile',
'--skip', meson.project_build_root(),
'--skip', meson.project_source_root() / '.git',
'--skip', meson.project_source_root() / 'src/go.sum',
'--skip', meson.project_source_root() / 'test/system/libs/bats-assert',
'--skip', meson.project_source_root() / 'test/system/libs/bats-support',
meson.project_source_root(),

View File

@ -2,7 +2,6 @@
become: yes
package:
name:
- bash-completion
- flatpak-session-helper
- gcc
- golang
@ -10,10 +9,10 @@
- meson
- ninja-build
- openssl
- pkgconfig(bash-completion)
- podman
- shadow-utils-subid-devel
- skopeo
- slirp4netns
- systemd
- udisks2
@ -39,6 +38,13 @@
- codespell
- fish
- name: Ensure that 'p11-kit server' is absent
become: yes
package:
name:
- p11-kit-server
state: absent
- name: Download Go modules
command: go mod download -x
args:
@ -55,7 +61,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
command: rpm -qa ShellCheck bash bash-completion bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
- name: Show podman versions
command: podman version

View File

@ -1,5 +1,5 @@
#
# Copyright © 2023 2024 Red Hat, Inc.
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -31,7 +31,6 @@
package:
name:
- ShellCheck
- bash-completion
- codespell
- fish
- flatpak-session-helper
@ -40,6 +39,7 @@
- golang-github-cpuguy83-md2man
- meson
- ninja-build
- pkgconfig(bash-completion)
- shadow-utils-subid-devel
- systemd
- udisks2
@ -47,6 +47,15 @@
update_cache: "{{ true if zuul.attempts > 1 else false }}"
use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
- name: Ensure that 'p11-kit server' is absent
become: yes
package:
name:
- p11-kit-server
state: absent
update_cache: "{{ true if zuul.attempts > 1 else false }}"
use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
- name: Ensure that podman(1) is absent
become: yes
package:
@ -81,4 +90,4 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man flatpak-session-helper
command: rpm -qa ShellCheck bash-completion codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man flatpak-session-helper

View File

@ -1,5 +1,5 @@
#
# Copyright © 2022 2024 Red Hat, Inc.
# Copyright © 2022 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@
update_cache: "{{ true if zuul.attempts > 1 else false }}"
name:
- ShellCheck
- bash-completion
- bats
- codespell
- fish
@ -32,14 +31,23 @@
- meson
- ninja-build
- openssl
- pkgconfig(bash-completion)
- podman
- shadow-utils-subid-devel
- skopeo
- slirp4netns
- systemd
- udisks2
use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
- name: Ensure that 'p11-kit server' is absent
become: yes
package:
name:
- p11-kit-server
state: absent
update_cache: "{{ true if zuul.attempts > 1 else false }}"
use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
- name: Download Go modules
command: go mod download -x
args:
@ -56,7 +64,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
command: rpm -qa ShellCheck bash bash-completion bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
- name: Show podman versions
command: podman version

View File

@ -20,6 +20,6 @@
- include_tasks: dependencies-centos-9-stream.yaml
- name: Set up build directory
command: meson -Dmigration_path_for_coreos_toolbox=true --fatal-meson-warnings builddir
command: meson -Dmigration_path_for_coreos_toolbox=true builddir
args:
chdir: '{{ zuul.project.src_dir }}'

View File

@ -20,6 +20,6 @@
- include_tasks: dependencies-fedora-restricted.yaml
- name: Set up build directory
command: meson setup --fatal-meson-warnings builddir
command: meson setup builddir
args:
chdir: '{{ zuul.project.src_dir }}'

View File

@ -20,6 +20,6 @@
- include_tasks: dependencies-fedora.yaml
- name: Set up build directory
command: meson setup --fatal-meson-warnings builddir
command: meson setup builddir
args:
chdir: '{{ zuul.project.src_dir }}'

View File

@ -22,7 +22,6 @@
- name: Run the commands-options system tests
command: bats --filter-tags commands-options ./test/system
environment:
PODMAN: '/usr/bin/podman'
TMPDIR: '/var/tmp'
TOOLBX: '/usr/local/bin/toolbox'
TOOLBX_TEST_SYSTEM_TAGS: 'arch-fedora,commands-options,custom-image,ubuntu'

View File

@ -22,7 +22,6 @@
- name: Run the (arch-fedora,runtime-environment) system tests
command: bats --filter-tags arch-fedora,runtime-environment ./test/system
environment:
PODMAN: '/usr/bin/podman'
TMPDIR: '/var/tmp'
TOOLBX: '/usr/local/bin/toolbox'
TOOLBX_TEST_SYSTEM_TAGS: 'arch-fedora,runtime-environment'

View File

@ -22,7 +22,6 @@
- name: Run the (runtime-environment,ubuntu) system tests
command: bats --filter-tags runtime-environment,ubuntu ./test/system
environment:
PODMAN: '/usr/bin/podman'
TMPDIR: '/var/tmp'
TOOLBX: '/usr/local/bin/toolbox'
TOOLBX_TEST_SYSTEM_TAGS: 'runtime-environment,ubuntu'

View File

@ -1,30 +0,0 @@
#
# Copyright © 2021 2024 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
- hosts: all
tasks:
- include_tasks: build.yaml
- name: Run the runtime-environment system tests
command: bats --filter-tags runtime-environment ./test/system
environment:
PODMAN: '/usr/bin/podman'
TMPDIR: '/var/tmp'
TOOLBX: '/usr/local/bin/toolbox'
TOOLBX_TEST_SYSTEM_TAGS: 'arch-fedora,runtime-environment,ubuntu'
args:
chdir: '{{ zuul.project.src_dir }}'

View File

@ -484,10 +484,9 @@ func createContainer(container, image, release, authFile string, showCommandToEn
logrus.Debugf("%s", arg)
}
s := spinner.New(spinner.CharSets[9], 500*time.Millisecond)
if logLevel := logrus.GetLevel(); logLevel < logrus.DebugLevel && term.IsTerminal(os.Stdout) {
s := spinner.New(spinner.CharSets[9], 500*time.Millisecond, spinner.WithWriterFile(os.Stdout))
if logLevel := logrus.GetLevel(); logLevel < logrus.DebugLevel {
s.Prefix = fmt.Sprintf("Creating container %s: ", container)
s.Writer = os.Stdout
s.Start()
defer s.Stop()
}
@ -734,10 +733,9 @@ func pullImage(image, release, authFile string) (bool, error) {
logrus.Debugf("Pulling image %s", imageFull)
if logLevel := logrus.GetLevel(); logLevel < logrus.DebugLevel && term.IsTerminal(os.Stdout) {
s := spinner.New(spinner.CharSets[9], 500*time.Millisecond)
if logLevel := logrus.GetLevel(); logLevel < logrus.DebugLevel {
s := spinner.New(spinner.CharSets[9], 500*time.Millisecond, spinner.WithWriterFile(os.Stdout))
s.Prefix = fmt.Sprintf("Pulling %s: ", imageFull)
s.Writer = os.Stdout
s.Start()
defer s.Stop()
}

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2019 2024 Red Hat Inc.
* Copyright © 2019 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -179,10 +179,10 @@ func initContainer(cmd *cobra.Command, args []string) error {
if toolbxFailEntryPoint, ok := getFailEntryPoint(); ok {
var builder strings.Builder
fmt.Fprintf(&builder, "TOOLBX_FAIL_ENTRY_POINT is set")
builder.WriteString("TOOLBX_FAIL_ENTRY_POINT is set")
if toolbxFailEntryPoint > 1 {
fmt.Fprintf(&builder, "\n")
fmt.Fprintf(&builder, "This environment variable should only be set when testing.")
builder.WriteString("\n")
builder.WriteString("This environment variable should only be set when testing.")
}
errMsg := builder.String()
@ -286,7 +286,7 @@ func initContainer(cmd *cobra.Command, args []string) error {
logrus.Debugf("Loading Container Device Interface for NVIDIA: file %s not found",
cdiFileForNvidia)
} else {
logrus.Debugf("Loading Container Device Interface for NVIDIA: failed: %s", err)
logrus.Debugf("Loading Container Device Interface for NVIDIA failed: %s", err)
return errors.New("failed to load Container Device Interface for NVIDIA")
}
}
@ -297,42 +297,16 @@ func initContainer(cmd *cobra.Command, args []string) error {
}
}
if utils.PathExists("/etc/krb5.conf.d") && !utils.PathExists("/etc/krb5.conf.d/kcm_default_ccache") {
logrus.Debug("Setting KCM as the default Kerberos credential cache")
kcmConfigString := `# Written by Toolbx
# https://github.com/containers/toolbox
#
# # To disable the KCM credential cache, comment out the following lines.
[libdefaults]
default_ccache_name = KCM:
`
kcmConfigBytes := []byte(kcmConfigString)
if err := ioutil.WriteFile("/etc/krb5.conf.d/kcm_default_ccache",
kcmConfigBytes,
0644); err != nil {
return errors.New("failed to set KCM as the default Kerberos credential cache")
}
if err := configureKerberos(); err != nil {
return err
}
if utils.PathExists("/usr/lib/rpm/macros.d") {
logrus.Debug("Configuring RPM to ignore bind mounts")
if err := configurePKCS11(targetUser); err != nil {
return err
}
var builder strings.Builder
fmt.Fprintf(&builder, "# Written by Toolbx\n")
fmt.Fprintf(&builder, "# https://github.com/containers/toolbox\n")
fmt.Fprintf(&builder, "\n")
fmt.Fprintf(&builder, "%%_netsharedpath /dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt\n")
rpmConfigString := builder.String()
rpmConfigBytes := []byte(rpmConfigString)
if err := ioutil.WriteFile("/usr/lib/rpm/macros.d/macros.toolbox",
rpmConfigBytes,
0644); err != nil {
return fmt.Errorf("failed to configure RPM to ignore bind mounts: %w", err)
}
if err := configureRPM(); err != nil {
return err
}
logrus.Debug("Setting up daily ticker")
@ -362,7 +336,8 @@ func initContainer(cmd *cobra.Command, args []string) error {
if err := watcherForHost.Add("/run/host/etc"); err != nil {
if errors.Is(err, unix.ENOMEM) || errors.Is(err, unix.ENOSPC) {
logrus.Debugf("Setting up watches for file system events: failed to add path: %s", err)
logrus.Debugf("Setting up watches for file system events: failed to add path: %s",
err)
} else {
return fmt.Errorf("failed to add path: %w", err)
}
@ -371,14 +346,12 @@ func initContainer(cmd *cobra.Command, args []string) error {
logrus.Debug("Finished initializing container")
toolboxRuntimeDirectory, err := utils.GetRuntimeDirectory(targetUser)
pid := os.Getpid()
initializedStamp, err := utils.GetInitializedStamp(pid, targetUser)
if err != nil {
return err
}
pid := os.Getpid()
initializedStamp := fmt.Sprintf("%s/container-initialized-%d", toolboxRuntimeDirectory, pid)
logrus.Debugf("Creating initialization stamp %s", initializedStamp)
initializedStampFile, err := os.Create(initializedStamp)
@ -566,6 +539,113 @@ func applyCDISpecForNvidiaHookUpdateLDCache(hookArgs []string) error {
return nil
}
func configureKerberos() error {
const logPrefix = "Configuring Kerberos to use KCM as the default credential cache"
logrus.Debugf("%s", logPrefix)
if path := "/etc/krb5.conf.d"; !utils.PathExists(path) {
logrus.Debugf("%s: directory %s not found", logPrefix, path)
logrus.Debugf("%s: skipping", logPrefix)
return nil
}
if path := "/etc/krb5.conf.d/kcm_default_ccache"; utils.PathExists(path) {
logrus.Debugf("%s: file %s already exists", logPrefix, path)
logrus.Debugf("%s: skipping", logPrefix)
return nil
}
var builder strings.Builder
builder.WriteString("# Written by Toolbx\n")
builder.WriteString("# https://containertoolbx.org/\n")
builder.WriteString("#\n")
builder.WriteString("# # To disable the KCM credential cache, comment out the following lines.\n")
builder.WriteString("\n")
builder.WriteString("[libdefaults]\n")
builder.WriteString(" default_ccache_name = KCM:\n")
kcmConfigString := builder.String()
kcmConfigBytes := []byte(kcmConfigString)
if err := ioutil.WriteFile("/etc/krb5.conf.d/kcm_default_ccache", kcmConfigBytes, 0644); err != nil {
return errors.New("failed to configure Kerberos to use KCM as the default credential cache")
}
return nil
}
func configurePKCS11(targetUser *user.User) error {
const logPrefix = "Configuring PKCS #11 to read from the host"
logrus.Debugf("%s", logPrefix)
if path := "/etc/pkcs11/modules"; !utils.PathExists(path) {
logrus.Debugf("%s: directory %s not found", logPrefix, path)
logrus.Debugf("%s: skipping", logPrefix)
return nil
}
if ok, err := utils.IsP11KitClientPresent(); err != nil {
logrus.Debugf("%s: %s", logPrefix, err)
if !ok {
logrus.Debugf("%s: p11-kit-client.so not found", logPrefix)
logrus.Debugf("%s: skipping", logPrefix)
return nil
}
} else {
if !ok {
logrus.Debugf("%s: p11-kit-client.so not found", logPrefix)
logrus.Debugf("%s: skipping", logPrefix)
return nil
}
}
if path, err := utils.GetP11KitServerSocket(targetUser); err != nil {
return err
} else if !utils.PathExists(path) {
logrus.Debugf("%s: socket %s not found", logPrefix, path)
logrus.Debugf("%s: skipping", logPrefix)
return nil
}
var builder strings.Builder
builder.WriteString("# Written by Toolbx\n")
builder.WriteString("# https://containertoolbx.org/\n")
builder.WriteString("\n")
builder.WriteString("module: p11-kit-client.so\n")
pkcs11ConfigString := builder.String()
pkcs11ConfigBytes := []byte(pkcs11ConfigString)
if err := renameio.WriteFile("/etc/pkcs11/modules/p11-kit-trust.module",
pkcs11ConfigBytes,
0644); err != nil {
return fmt.Errorf("failed to configure PKCS #11 to read from the host: %w", err)
}
return nil
}
func configureRPM() error {
if !utils.PathExists("/usr/lib/rpm/macros.d") {
return nil
}
logrus.Debug("Configuring RPM to ignore bind mounts")
var builder strings.Builder
builder.WriteString("# Written by Toolbx\n")
builder.WriteString("# https://containertoolbx.org/\n")
builder.WriteString("\n")
builder.WriteString("%_netsharedpath /dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt\n")
rpmConfigString := builder.String()
rpmConfigBytes := []byte(rpmConfigString)
if err := ioutil.WriteFile("/usr/lib/rpm/macros.d/macros.toolbox", rpmConfigBytes, 0644); err != nil {
return fmt.Errorf("failed to configure RPM to ignore bind mounts: %w", err)
}
return nil
}
func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShell string, homeLink bool) error {
if homeLink {
if err := redirectPath("/home", "/var/home", true); err != nil {
@ -627,7 +707,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
var stderr strings.Builder
if err := shell.Run("passwd", nil, nil, &stderr, "--delete", "root"); err != nil {
errString := stderr.String()
logrus.Debugf("Removing password for user root: failed: %s", errString)
logrus.Debugf("Removing password for user root failed: %s", errString)
return fmt.Errorf("failed to remove password for root: %w", err)
}
@ -735,7 +815,8 @@ func ldConfig(configFileBase string, dirs []string) error {
dirConfigBytes := []byte(dirConfigString)
configFile := filepath.Join("/etc/ld.so.conf.d", configFileBase)
if err := renameio.WriteFile(configFile, dirConfigBytes, 0644); err != nil {
logrus.Debugf("Updating dynamic linker cache: failed to update configuration: %s", err)
logrus.Debugf("Updating dynamic linker cache: failed to update configuration: %s",
err)
return errors.New("failed to update dynamic linker cache configuration")
}
}
@ -745,7 +826,7 @@ func ldConfig(configFileBase string, dirs []string) error {
}
if err := shell.Run("ldconfig", nil, nil, nil, args...); err != nil {
logrus.Debugf("Updating dynamic linker cache: failed: %s", err)
logrus.Debugf("Updating dynamic linker cache failed: %s", err)
return errors.New("failed to update dynamic linker cache")
}
@ -786,7 +867,7 @@ func mountBind(containerPath, source, flags string) error {
if err := os.MkdirAll(containerPath, 0755); err != nil {
return fmt.Errorf("failed to create directory %s: %w", containerPath, err)
}
} else if fileMode.IsRegular() {
} else if fileMode.IsRegular() || fileMode&os.ModeSocket != 0 {
logrus.Debugf("Creating regular file %s", containerPath)
containerPathDir := filepath.Dir(containerPath)

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2019 2024 Red Hat Inc.
* Copyright © 2019 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -263,25 +263,34 @@ func migrate(cmd *cobra.Command, args []string) error {
migrateLock := toolboxRuntimeDirectory + "/migrate.lock"
migrateLockFile, err := os.Create(migrateLock)
migrateLockFile, err := utils.Flock(migrateLock, syscall.LOCK_EX)
if err != nil {
logrus.Debugf("Migrating to newer Podman: failed to create migration lock file %s: %s", migrateLock, err)
return errors.New("failed to create migration lock file")
logrus.Debugf("Migrating to newer Podman: %s", err)
var errFlock *utils.FlockError
if errors.As(err, &errFlock) {
if errors.Is(err, utils.ErrFlockAcquire) {
err = utils.ErrFlockAcquire
} else if errors.Is(err, utils.ErrFlockCreate) {
err = utils.ErrFlockCreate
} else {
panicMsg := fmt.Sprintf("unexpected %T: %s", err, err)
panic(panicMsg)
}
}
return err
}
defer migrateLockFile.Close()
migrateLockFD := migrateLockFile.Fd()
migrateLockFDInt := int(migrateLockFD)
if err := syscall.Flock(migrateLockFDInt, syscall.LOCK_EX); err != nil {
logrus.Debugf("Migrating to newer Podman: failed to acquire migration lock on %s: %s", migrateLock, err)
return errors.New("failed to acquire migration lock")
}
stampBytes, err := ioutil.ReadFile(stampPath)
if err != nil {
if !os.IsNotExist(err) {
logrus.Debugf("Migrating to newer Podman: failed to read migration stamp file %s: %s", stampPath, err)
if !errors.Is(err, os.ErrNotExist) {
logrus.Debugf("Migrating to newer Podman: failed to read migration stamp file %s: %s",
stampPath,
err)
return errors.New("failed to read migration stamp file")
}
} else {
@ -291,9 +300,7 @@ func migrate(cmd *cobra.Command, args []string) error {
logrus.Debugf("Old Podman version is %s", podmanVersionOld)
if podmanVersion == podmanVersionOld {
logrus.Debugf("Migration not needed: Podman version %s is unchanged",
podmanVersion)
logrus.Debugf("Migration not needed: Podman version %s is unchanged", podmanVersion)
return nil
}

View File

@ -1,5 +1,5 @@
//
// Copyright © 2021 2024 Red Hat Inc.
// Copyright © 2021 2025 Red Hat Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -21,7 +21,6 @@ package cmd
import (
"errors"
"fmt"
"os"
"strings"
@ -32,9 +31,9 @@ import (
func preRunIsCoreOSBug() error {
if containerType := os.Getenv("container"); containerType == "" {
var builder strings.Builder
fmt.Fprintf(&builder, "/run/.containerenv found on what looks like the host\n")
fmt.Fprintf(&builder, "If this is the host, then remove /run/.containerenv and try again.\n")
fmt.Fprintf(&builder, "Otherwise, contact your system administrator or file a bug.")
builder.WriteString("/run/.containerenv found on what looks like the host\n")
builder.WriteString("If this is the host, then remove /run/.containerenv and try again.\n")
builder.WriteString("Otherwise, contact your system administrator or file a bug.")
errMsg := builder.String()
return errors.New(errMsg)

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2019 2024 Red Hat Inc.
* Copyright © 2019 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,6 +27,7 @@ import (
"path/filepath"
"strconv"
"strings"
"syscall"
"time"
"github.com/containers/toolbox/pkg/nvidia"
@ -271,8 +272,8 @@ func runCommand(container string,
if err != nil {
if errors.Is(err, nvidia.ErrNVMLDriverLibraryVersionMismatch) {
var builder strings.Builder
fmt.Fprintf(&builder, "the proprietary NVIDIA driver's kernel and user space don't match\n")
fmt.Fprintf(&builder, "Check the host operating system and systemd journal.")
builder.WriteString("the proprietary NVIDIA driver's kernel and user space don't match\n")
builder.WriteString("Check the host operating system and systemd journal.")
errMsg := builder.String()
return errors.New(errMsg)
@ -283,6 +284,11 @@ func runCommand(container string,
cdiEnviron = append(cdiEnviron, cdiSpecForNvidia.ContainerEdits.Env...)
}
p11KitServerEnviron, err := startP11KitServer()
if err != nil {
return err
}
startContainerTimestamp := time.Unix(-1, 0)
if entryPointPID <= 0 {
@ -335,10 +341,11 @@ func runCommand(container string,
logrus.Debugf("Container %s is initialized", container)
environ := append(cdiEnviron, p11KitServerEnviron...)
if err := runCommandWithFallbacks(container,
preserveFDs,
command,
cdiEnviron,
environ,
emitEscapeSequence,
fallbackToBash); err != nil {
return err
@ -592,13 +599,11 @@ func constructExecArgs(container, preserveFDs string,
}
func ensureContainerIsInitialized(container string, entryPointPID int, timestamp time.Time) error {
toolboxRuntimeDirectory, err := utils.GetRuntimeDirectory(currentUser)
initializedStamp, err := utils.GetInitializedStamp(entryPointPID, currentUser)
if err != nil {
return err
}
initializedStampBase := fmt.Sprintf("container-initialized-%d", entryPointPID)
initializedStamp := filepath.Join(toolboxRuntimeDirectory, initializedStampBase)
logrus.Debugf("Checking if initialization stamp %s exists", initializedStamp)
shouldUsePolling := isUsePollingSet()
@ -629,7 +634,9 @@ func ensureContainerIsInitialized(container string, entryPointPID int, timestamp
var err error
watcherForStamp, err = fsnotify.NewWatcher()
if err != nil {
if errors.Is(err, unix.EMFILE) || errors.Is(err, unix.ENFILE) || errors.Is(err, unix.ENOMEM) {
if errors.Is(err, unix.EMFILE) ||
errors.Is(err, unix.ENFILE) ||
errors.Is(err, unix.ENOMEM) {
logrus.Debugf("Setting up watches for file system events: failed to create Watcher: %s",
err)
logrus.Debug("Using polling instead")
@ -646,9 +653,15 @@ func ensureContainerIsInitialized(container string, entryPointPID int, timestamp
if watcherForStamp != nil {
defer watcherForStamp.Close()
toolboxRuntimeDirectory, err := utils.GetRuntimeDirectory(currentUser)
if err != nil {
return err
}
if err := watcherForStamp.Add(toolboxRuntimeDirectory); err != nil {
if errors.Is(err, unix.ENOMEM) || errors.Is(err, unix.ENOSPC) {
logrus.Debugf("Setting up watches for file system events: failed to add path: %s", err)
logrus.Debugf("Setting up watches for file system events: failed to add path: %s",
err)
logrus.Debug("Using polling instead")
fallbackToPolling = true
} else {
@ -736,7 +749,9 @@ func ensureContainerIsInitialized(container string, entryPointPID int, timestamp
// code should not be reached
}
func followEntryPointLogsAsync(ctx context.Context, container string, since time.Time) (<-chan string, <-chan error) {
func followEntryPointLogsAsync(ctx context.Context, container string, since time.Time) (
<-chan string, <-chan error,
) {
reader, writer := io.Pipe()
retValCh := make(chan string)
errCh := make(chan error)
@ -923,7 +938,9 @@ func showEntryPointLog(line string) error {
var err error
logLevel, err = logrus.ParseLevel(valueString)
if err != nil {
logrus.Debugf("Parsing entry point log-level %s failed: %s", valueString, err)
logrus.Debugf("Parsing entry point log-level %s failed: %s",
valueString,
err)
logLevel = logrus.DebugLevel
}
case "msg":
@ -1023,6 +1040,68 @@ func startContainer(container string) error {
return nil
}
func startP11KitServer() ([]string, error) {
serverSocket, err := utils.GetP11KitServerSocket(currentUser)
if err != nil {
return nil, err
}
const logPrefix = "Starting 'p11-kit server'"
logrus.Debugf("%s with socket %s", logPrefix, serverSocket)
serverSocketLock, err := utils.GetP11KitServerSocketLock(currentUser)
if err != nil {
return nil, err
}
serverSocketLockFile, err := utils.Flock(serverSocketLock, syscall.LOCK_EX)
if err != nil {
logrus.Debugf("%s: %s", logPrefix, err)
var errFlock *utils.FlockError
if errors.As(err, &errFlock) {
if errors.Is(err, utils.ErrFlockAcquire) {
err = utils.ErrFlockAcquire
} else if errors.Is(err, utils.ErrFlockCreate) {
err = utils.ErrFlockCreate
} else {
panicMsg := fmt.Sprintf("unexpected %T: %s", err, err)
panic(panicMsg)
}
}
return nil, err
}
defer serverSocketLockFile.Close()
serverSocketAddress := fmt.Sprintf("P11_KIT_SERVER_ADDRESS=unix:path=%s", serverSocket)
serverEnviron := []string{
serverSocketAddress,
}
if utils.PathExists(serverSocket) {
logrus.Debugf("%s: socket %s already exists", logPrefix, serverSocket)
logrus.Debugf("%s: skipping", logPrefix)
return serverEnviron, nil
}
serverArgs := []string{
"server",
"--name", serverSocket,
"--provider", "p11-kit-trust.so",
"pkcs11:model=p11-kit-trust?write-protected=yes",
}
if err := shell.Run("p11-kit", nil, nil, nil, serverArgs...); err != nil {
logrus.Debugf("%s failed: %s", logPrefix, err)
return nil, nil
}
return serverEnviron, nil
}
func (err *entryPointError) Error() string {
return err.msg
}

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2020 2024 Red Hat Inc.
* Copyright © 2020 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -343,9 +343,9 @@ func getCDIFileForNvidia(targetUser *user.User) (string, error) {
func getUsageForCommonCommands() string {
var builder strings.Builder
fmt.Fprintf(&builder, "create Create a new Toolbx container\n")
fmt.Fprintf(&builder, "enter Enter an existing Toolbx container\n")
fmt.Fprintf(&builder, "list List all existing Toolbx containers and images\n")
builder.WriteString("create Create a new Toolbx container\n")
builder.WriteString("enter Enter an existing Toolbx container\n")
builder.WriteString("list List all existing Toolbx containers and images\n")
usage := builder.String()
return usage
@ -475,7 +475,7 @@ func showManual(manual string) error {
fmt.Printf("%s", usage)
fmt.Printf("\n")
fmt.Printf("Go to https://github.com/containers/toolbox for further information.\n")
fmt.Printf("Go to https://containertoolbx.org/ for further information.\n")
return nil
}

View File

@ -1,52 +1,53 @@
module github.com/containers/toolbox
go 1.20
go 1.22.0
require (
github.com/HarryMichal/go-version v1.0.1
github.com/NVIDIA/go-nvlib v0.6.1
github.com/NVIDIA/go-nvml v0.12.4-0
github.com/NVIDIA/nvidia-container-toolkit v1.16.1
github.com/NVIDIA/go-nvlib v0.7.1
github.com/NVIDIA/go-nvml v0.12.4-1
github.com/NVIDIA/nvidia-container-toolkit v1.17.5
github.com/acobaugh/osrelease v0.1.0
github.com/briandowns/spinner v1.18.0
github.com/briandowns/spinner v1.23.2
github.com/docker/go-units v0.5.0
github.com/fsnotify/fsnotify v1.7.0
github.com/fsnotify/fsnotify v1.8.0
github.com/go-logfmt/logfmt v0.5.0
github.com/godbus/dbus/v5 v5.0.6
github.com/google/renameio/v2 v2.0.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.3.0
github.com/spf13/viper v1.10.1
github.com/stretchr/testify v1.9.0
golang.org/x/sys v0.22.0
tags.cncf.io/container-device-interface v0.8.0
github.com/spf13/viper v1.20.1
github.com/stretchr/testify v1.10.0
golang.org/x/sys v0.29.0
tags.cncf.io/container-device-interface v0.8.1
tags.cncf.io/container-device-interface/specs-go v0.8.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/fatih/color v1.14.1 // indirect
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mitchellh/mapstructure v1.4.3 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.17 // indirect
github.com/opencontainers/runtime-spec v1.2.1 // indirect
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/spf13/afero v1.6.0 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/sagikazarmark/locafero v0.7.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.12.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/spf13/pflag v1.0.6 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
golang.org/x/mod v0.19.0 // indirect
golang.org/x/text v0.3.8 // indirect
gopkg.in/ini.v1 v1.66.2 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/mod v0.20.0 // indirect
golang.org/x/term v0.1.0 // indirect
golang.org/x/text v0.21.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect

View File

@ -51,12 +51,12 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/HarryMichal/go-version v1.0.1 h1:Vgk1dPyHckkoUu0AED900+yO43+uwDuiNPsdpYe63KE=
github.com/HarryMichal/go-version v1.0.1/go.mod h1:UNoJ+GvCcmwu0F9Mu1u5y56lP5rWksgkiwLlGx3r+Pk=
github.com/NVIDIA/go-nvlib v0.6.1 h1:0/5FvaKvDJoJeJ+LFlh+NDQMxMlVw9wOXrOVrGXttfE=
github.com/NVIDIA/go-nvlib v0.6.1/go.mod h1:9UrsLGx/q1OrENygXjOuM5Ey5KCtiZhbvBlbUIxtGWY=
github.com/NVIDIA/go-nvml v0.12.4-0 h1:4tkbB3pT1O77JGr0gQ6uD8FrsUPqP1A/EOEm2wI1TUg=
github.com/NVIDIA/go-nvml v0.12.4-0/go.mod h1:8Llmj+1Rr+9VGGwZuRer5N/aCjxGuR5nPb/9ebBiIEQ=
github.com/NVIDIA/nvidia-container-toolkit v1.16.1 h1:PkY6RqYD1wIt1izCvYZ7kr7IitxK8e9+k/prO6b3vD0=
github.com/NVIDIA/nvidia-container-toolkit v1.16.1/go.mod h1:jJXYvHEdqqpDcRXvolaiFCBsgLxvCwmJWSBZM3zQPY8=
github.com/NVIDIA/go-nvlib v0.7.1 h1:7HHPZxoCjSLm1NgaRRjuhI8ffMCpc5Vgpg5yxQYUff8=
github.com/NVIDIA/go-nvlib v0.7.1/go.mod h1:2Kh2kYSP5IJ8EKf0/SYDzHiQKb9EJkwOf2LQzu6pXzY=
github.com/NVIDIA/go-nvml v0.12.4-1 h1:WKUvqshhWSNTfm47ETRhv0A0zJyr1ncCuHiXwoTrBEc=
github.com/NVIDIA/go-nvml v0.12.4-1/go.mod h1:8Llmj+1Rr+9VGGwZuRer5N/aCjxGuR5nPb/9ebBiIEQ=
github.com/NVIDIA/nvidia-container-toolkit v1.17.5 h1:aIE12dFRAG4xAp00vHoh9O1JL8onuldwMrX/GNSZy9Q=
github.com/NVIDIA/nvidia-container-toolkit v1.17.5/go.mod h1:UQcbm+GRu+Dwmeyqtwq2HDa57Xq82zzQsmUusidtndM=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE=
github.com/acobaugh/osrelease v0.1.0/go.mod h1:4bFEs0MtgHNHBrmHCt67gNisnabCRAlzdVasCEGHTWY=
@ -76,8 +76,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/briandowns/spinner v1.18.0 h1:SJs0maNOs4FqhBwiJ3Gr7Z1D39/rukIVGQvpNZVHVcM=
github.com/briandowns/spinner v1.18.0/go.mod h1:QOuQk7x+EaDASo80FEXwlwiA+j/PPIcX3FScO+3/ZPQ=
github.com/briandowns/spinner v1.23.2 h1:Zc6ecUnI+YzLmJniCfDNaMbW0Wid1d5+qcTq4L2FW8w=
github.com/briandowns/spinner v1.23.2/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
@ -103,8 +103,9 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@ -120,11 +121,14 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@ -136,6 +140,8 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4=
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@ -187,6 +193,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@ -222,6 +230,7 @@ github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/
github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
@ -243,7 +252,6 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
@ -272,26 +280,29 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
@ -301,7 +312,6 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -312,22 +322,23 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY
github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww=
github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
github.com/opencontainers/selinux v1.9.1 h1:b4VPEF3O5JLZgdTDBmGepaaIbAo0GqoF6EBRq5f/g3Y=
github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@ -349,27 +360,33 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0=
github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU=
github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@ -378,16 +395,18 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
github.com/urfave/cli v1.19.1/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
@ -409,7 +428,11 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@ -457,8 +480,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -595,9 +618,12 @@ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -607,8 +633,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -818,8 +844,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@ -845,7 +871,7 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
tags.cncf.io/container-device-interface v0.8.0 h1:8bCFo/g9WODjWx3m6EYl3GfUG31eKJbaggyBDxEldRc=
tags.cncf.io/container-device-interface v0.8.0/go.mod h1:Apb7N4VdILW0EVdEMRYXIDVRZfNJZ+kmEUss2kRRQ6Y=
tags.cncf.io/container-device-interface v0.8.1 h1:c0jN4Mt6781jD67NdPajmZlD1qrqQyov/Xfoab37lj0=
tags.cncf.io/container-device-interface v0.8.1/go.mod h1:Apb7N4VdILW0EVdEMRYXIDVRZfNJZ+kmEUss2kRRQ6Y=
tags.cncf.io/container-device-interface/specs-go v0.8.0 h1:QYGFzGxvYK/ZLMrjhvY0RjpUavIn4KcmRmVP/JjdBTA=
tags.cncf.io/container-device-interface/specs-go v0.8.0/go.mod h1:BhJIkjjPh4qpys+qm4DAYtUyryaTDg9zris+AczXyws=

View File

@ -31,7 +31,10 @@ sources = files(
'pkg/term/term.go',
'pkg/term/term_test.go',
'pkg/utils/libsubid-wrappers.c',
'pkg/utils/arch.go',
'pkg/utils/errors.go',
'pkg/utils/fedora.go',
'pkg/utils/rhel.go',
'pkg/utils/utils.go',
'pkg/utils/utils_cgo.go',
'pkg/utils/utils_test.go',

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2024 Red Hat Inc.
* Copyright © 2024 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -68,7 +68,10 @@ func GenerateCDISpec() (*specs.Spec, error) {
logrus.Debugf("Generating Container Device Interface for NVIDIA: failed to initialize NVML: %s",
err)
if err == nvml.ERROR_LIB_RM_VERSION_MISMATCH {
if err == nvml.ERROR_DRIVER_NOT_LOADED {
logrus.Debug("Generating Container Device Interface for NVIDIA: skipping")
return nil, ErrPlatformUnsupported
} else if err == nvml.ERROR_LIB_RM_VERSION_MISMATCH {
return nil, ErrNVMLDriverLibraryVersionMismatch
} else {
return nil, errors.New("failed to initialize NVIDIA Management Library")
@ -96,7 +99,10 @@ func GenerateCDISpec() (*specs.Spec, error) {
return nil, ErrPlatformUnsupported
}
cdi, err := nvcdi.New(nvcdi.WithInfoLib(info), nvcdi.WithLogger(logger), nvcdi.WithNvmlLib(nvmLib))
cdi, err := nvcdi.New(nvcdi.WithDisabledHook(nvcdi.HookEnableCudaCompat),
nvcdi.WithInfoLib(info),
nvcdi.WithLogger(logger),
nvcdi.WithNvmlLib(nvmLib))
if err != nil {
logrus.Debugf("Generating Container Device Interface for NVIDIA: failed to create library: %s", err)
return nil, errors.New("failed to create Container Device Interface library for NVIDIA")

39
src/pkg/utils/arch.go Normal file
View File

@ -0,0 +1,39 @@
/*
* Copyright © 2023 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package utils
func getDefaultReleaseArch() (string, error) {
return "latest", nil
}
func getFullyQualifiedImageArch(image, release string) string {
imageFull := "quay.io/toolbx/" + image
return imageFull
}
func getP11KitClientPathsArch() []string {
paths := []string{"/usr/lib/pkcs11/p11-kit-client.so"}
return paths
}
func parseReleaseArch(release string) (string, error) {
if release != "latest" && release != "rolling" && release != "" {
return "", &ParseReleaseError{"The release must be 'latest'."}
}
return "latest", nil
}

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2022 2024 Red Hat Inc.
* Copyright © 2022 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -31,6 +31,12 @@ type DistroError struct {
Err error
}
type FlockError struct {
Path string
Errs []error
errSuffix string
}
type ImageError struct {
Image string
Err error
@ -58,6 +64,25 @@ func (err *DistroError) Unwrap() error {
return err.Err
}
func (err *FlockError) Error() string {
if err.Errs == nil || len(err.Errs) != 2 {
panicMsg := fmt.Sprintf("invalid %T", err)
panic(panicMsg)
}
errSuffix := " "
if err.errSuffix != "" {
errSuffix = fmt.Sprintf(" %s ", err.errSuffix)
}
errMsg := fmt.Sprintf("%s%s%s: %s", err.Errs[0], errSuffix, err.Path, err.Errs[1])
return errMsg
}
func (err *FlockError) Unwrap() []error {
return err.Errs
}
func (err *ImageError) Error() string {
errMsg := fmt.Sprintf("%s: %s", err.Image, err.Err)
return errMsg

61
src/pkg/utils/fedora.go Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright © 2021 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package utils
import (
"strconv"
"strings"
"github.com/sirupsen/logrus"
)
func getDefaultReleaseFedora() (string, error) {
release, err := getHostVersionID()
if err != nil {
return "", err
}
return release, nil
}
func getFullyQualifiedImageFedora(image, release string) string {
imageFull := "registry.fedoraproject.org/" + image
return imageFull
}
func getP11KitClientPathsFedora() []string {
paths := []string{"/usr/lib64/pkcs11/p11-kit-client.so"}
return paths
}
func parseReleaseFedora(release string) (string, error) {
if strings.HasPrefix(release, "F") || strings.HasPrefix(release, "f") {
release = release[1:]
}
releaseN, err := strconv.Atoi(release)
if err != nil {
logrus.Debugf("Parsing release %s as an integer failed: %s", release, err)
return "", &ParseReleaseError{"The release must be a positive integer."}
}
if releaseN <= 0 {
return "", &ParseReleaseError{"The release must be a positive integer."}
}
return release, nil
}

69
src/pkg/utils/rhel.go Normal file
View File

@ -0,0 +1,69 @@
/*
* Copyright © 2021 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package utils
import (
"fmt"
"strconv"
"strings"
"github.com/sirupsen/logrus"
)
func getDefaultReleaseRHEL() (string, error) {
release, err := getHostVersionID()
if err != nil {
return "", err
}
return release, nil
}
func getFullyQualifiedImageRHEL(image, release string) string {
i := strings.IndexRune(release, '.')
if i == -1 {
panicMsg := fmt.Sprintf("release %s not in '<major>.<minor>' format", release)
panic(panicMsg)
}
releaseMajor := release[:i]
imageFull := "registry.access.redhat.com/ubi" + releaseMajor + "/" + image
return imageFull
}
func getP11KitClientPathsRHEL() []string {
paths := []string{"/usr/lib64/pkcs11/p11-kit-client.so"}
return paths
}
func parseReleaseRHEL(release string) (string, error) {
if i := strings.IndexRune(release, '.'); i == -1 {
return "", &ParseReleaseError{"The release must be in the '<major>.<minor>' format."}
}
releaseN, err := strconv.ParseFloat(release, 32)
if err != nil {
logrus.Debugf("Parsing release %s as a float failed: %s", release, err)
return "", &ParseReleaseError{"The release must be in the '<major>.<minor>' format."}
}
if releaseN <= 0 {
return "", &ParseReleaseError{"The release must be a positive number."}
}
return release, nil
}

91
src/pkg/utils/ubuntu.go Normal file
View File

@ -0,0 +1,91 @@
/*
* Copyright © 2023 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package utils
import (
"strconv"
"strings"
"unicode/utf8"
"github.com/sirupsen/logrus"
)
func getDefaultReleaseUbuntu() (string, error) {
release, err := getHostVersionID()
if err != nil {
return "", err
}
return release, nil
}
func getFullyQualifiedImageUbuntu(image, release string) string {
imageFull := "quay.io/toolbx/" + image
return imageFull
}
func getP11KitClientPathsUbuntu() []string {
paths := []string{
"/usr/lib/aarch64-linux-gnu/pkcs11/p11-kit-client.so",
"/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so",
}
return paths
}
func parseReleaseUbuntu(release string) (string, error) {
releaseParts := strings.Split(release, ".")
if len(releaseParts) != 2 {
return "", &ParseReleaseError{"The release must be in the 'YY.MM' format."}
}
releaseYear, err := strconv.Atoi(releaseParts[0])
if err != nil {
logrus.Debugf("Parsing release year %s as an integer failed: %s", releaseParts[0], err)
return "", &ParseReleaseError{"The release must be in the 'YY.MM' format."}
}
if releaseYear < 4 {
return "", &ParseReleaseError{"The release year must be 4 or more."}
}
releaseYearLen := utf8.RuneCountInString(releaseParts[0])
if releaseYearLen > 2 {
return "", &ParseReleaseError{"The release year cannot have more than two digits."}
} else if releaseYear < 10 && releaseYearLen == 2 {
return "", &ParseReleaseError{"The release year cannot have a leading zero."}
}
releaseMonth, err := strconv.Atoi(releaseParts[1])
if err != nil {
logrus.Debugf("Parsing release month %s as an integer failed: %s", releaseParts[1], err)
return "", &ParseReleaseError{"The release must be in the 'YY.MM' format."}
}
if releaseMonth < 1 {
return "", &ParseReleaseError{"The release month must be between 01 and 12."}
} else if releaseMonth > 12 {
return "", &ParseReleaseError{"The release month must be between 01 and 12."}
}
releaseMonthLen := utf8.RuneCountInString(releaseParts[1])
if releaseMonthLen != 2 {
return "", &ParseReleaseError{"The release month must have two digits."}
}
return release, nil
}

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2019 2024 Red Hat Inc.
* Copyright © 2019 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -28,7 +28,6 @@ import (
"strings"
"syscall"
"time"
"unicode/utf8"
"github.com/acobaugh/osrelease"
"github.com/containers/toolbox/pkg/shell"
@ -41,6 +40,7 @@ import (
type GetDefaultReleaseFunc func() (string, error)
type GetFullyQualifiedImageFunc func(string, string) string
type GetP11KitClientPathsFunc func() []string
type ParseReleaseFunc func(string) (string, error)
type Distro struct {
@ -49,6 +49,7 @@ type Distro struct {
ReleaseRequired bool
GetDefaultRelease GetDefaultReleaseFunc
GetFullyQualifiedImage GetFullyQualifiedImageFunc
GetP11KitClientPaths GetP11KitClientPathsFunc
ParseRelease ParseReleaseFunc
}
@ -64,7 +65,7 @@ const (
containerNamePrefixFallback = "fedora-toolbox"
distroFallback = "fedora"
idTruncLength = 12
releaseFallback = "38"
releaseFallback = "42"
)
const (
@ -116,6 +117,8 @@ var (
releaseDefault string
runtimeDirectories map[string]string
supportedDistros = map[string]Distro{
"arch": {
"arch-toolbox",
@ -123,6 +126,7 @@ var (
false,
getDefaultReleaseArch,
getFullyQualifiedImageArch,
getP11KitClientPathsArch,
parseReleaseArch,
},
"fedora": {
@ -131,6 +135,7 @@ var (
true,
getDefaultReleaseFedora,
getFullyQualifiedImageFedora,
getP11KitClientPathsFedora,
parseReleaseFedora,
},
"rhel": {
@ -139,6 +144,7 @@ var (
true,
getDefaultReleaseRHEL,
getFullyQualifiedImageRHEL,
getP11KitClientPathsRHEL,
parseReleaseRHEL,
},
"ubuntu": {
@ -147,6 +153,7 @@ var (
true,
getDefaultReleaseUbuntu,
getFullyQualifiedImageUbuntu,
getP11KitClientPathsUbuntu,
parseReleaseUbuntu,
},
}
@ -163,6 +170,10 @@ var (
ErrDistroWithoutRelease = errors.New("non-default distribution must specify release")
ErrFlockAcquire = errors.New("failed to acquire lock")
ErrFlockCreate = errors.New("failed to create lock file")
ErrImageWithoutBasename = errors.New("image does not have a basename")
)
@ -171,7 +182,7 @@ func init() {
distroDefault = distroFallback
releaseDefault = releaseFallback
hostID, err := GetHostID()
hostID, err := getHostID()
if err == nil {
if distroObj, supportedDistro := supportedDistros[hostID]; supportedDistro {
release, err := getDefaultReleaseForDistro(hostID)
@ -226,6 +237,23 @@ func EnsureXdgRuntimeDirIsSet(uid int) {
}
}
func Flock(path string, how int) (*os.File, error) {
file, err := os.Create(path)
if err != nil {
errs := []error{ErrFlockCreate, err}
return nil, &FlockError{Path: path, Errs: errs}
}
fd := file.Fd()
fdInt := int(fd)
if err := syscall.Flock(fdInt, how); err != nil {
errs := []error{ErrFlockAcquire, err}
return nil, &FlockError{Path: path, Errs: errs, errSuffix: "on"}
}
return file, nil
}
func ForwardToHost() (int, error) {
envOptions := GetEnvOptionsForPreservedVariables()
toolboxPath := os.Getenv("TOOLBOX_PATH")
@ -326,37 +354,6 @@ func getDefaultReleaseForDistro(distro string) (string, error) {
return release, nil
}
func getDefaultReleaseArch() (string, error) {
return "latest", nil
}
func getDefaultReleaseFedora() (string, error) {
release, err := getHostVersionID()
if err != nil {
return "", err
}
return release, nil
}
func getDefaultReleaseRHEL() (string, error) {
release, err := getHostVersionID()
if err != nil {
return "", err
}
return release, nil
}
func getDefaultReleaseUbuntu() (string, error) {
release, err := getHostVersionID()
if err != nil {
return "", err
}
return release, nil
}
func GetEnvOptionsForPreservedVariables() []string {
logrus.Debug("Creating list of environment variables to forward")
@ -417,33 +414,6 @@ func GetFullyQualifiedImageFromDistros(image, release string) (string, error) {
return "", fmt.Errorf("failed to resolve image %s", image)
}
func getFullyQualifiedImageArch(image, release string) string {
imageFull := "quay.io/toolbx/" + image
return imageFull
}
func getFullyQualifiedImageFedora(image, release string) string {
imageFull := "registry.fedoraproject.org/" + image
return imageFull
}
func getFullyQualifiedImageRHEL(image, release string) string {
i := strings.IndexRune(release, '.')
if i == -1 {
panicMsg := fmt.Sprintf("release %s not in '<major>.<minor>' format", release)
panic(panicMsg)
}
releaseMajor := release[:i]
imageFull := "registry.access.redhat.com/ubi" + releaseMajor + "/" + image
return imageFull
}
func getFullyQualifiedImageUbuntu(image, release string) string {
imageFull := "quay.io/toolbx/" + image
return imageFull
}
// GetGroupForSudo returns the name of the sudoers group.
//
// Some distros call it 'sudo' (eg. Ubuntu) and some call it 'wheel' (eg. Fedora).
@ -462,11 +432,11 @@ func GetGroupForSudo() (string, error) {
return "", errors.New("group for sudo not found")
}
// GetHostID returns the ID from the os-release files
// getHostID returns the ID from the os-release files
//
// Examples:
// - host is Fedora, returned string is 'fedora'
func GetHostID() (string, error) {
func getHostID() (string, error) {
osRelease, err := osrelease.Read()
if err != nil {
return "", err
@ -475,19 +445,6 @@ func GetHostID() (string, error) {
return osRelease["ID"], nil
}
// GetHostVariantID returns the VARIANT_ID from the os-release files
//
// Examples:
// - host is Fedora Workstation, returned string is 'workstation'
func GetHostVariantID() (string, error) {
osRelease, err := osrelease.Read()
if err != nil {
return "", err
}
return osRelease["VARIANT_ID"], nil
}
// getHostVersionID returns the VERSION_ID from the os-release files
//
// Examples:
@ -501,6 +458,17 @@ func getHostVersionID() (string, error) {
return osRelease["VERSION_ID"], nil
}
func GetInitializedStamp(entryPointPID int, targetUser *user.User) (string, error) {
toolbxRuntimeDirectory, err := GetRuntimeDirectory(targetUser)
if err != nil {
return "", err
}
initializedStampBase := fmt.Sprintf("container-initialized-%d", entryPointPID)
initializedStamp := filepath.Join(toolbxRuntimeDirectory, initializedStampBase)
return initializedStamp, nil
}
// GetMountPoint returns the mount point of a target.
func GetMountPoint(target string) (string, error) {
var stdout strings.Builder
@ -535,7 +503,35 @@ func GetMountOptions(target string) (string, error) {
return mountOptions, nil
}
func GetP11KitServerSocket(targetUser *user.User) (string, error) {
toolbxRuntimeDirectory, err := GetRuntimeDirectory(targetUser)
if err != nil {
return "", err
}
p11KitServerSocket := filepath.Join(toolbxRuntimeDirectory, "pkcs11")
return p11KitServerSocket, nil
}
func GetP11KitServerSocketLock(targetUser *user.User) (string, error) {
toolbxRuntimeDirectory, err := GetRuntimeDirectory(targetUser)
if err != nil {
return "", err
}
p11KitServerSocketLock := filepath.Join(toolbxRuntimeDirectory, "pkcs11.lock")
return p11KitServerSocketLock, nil
}
func GetRuntimeDirectory(targetUser *user.User) (string, error) {
if runtimeDirectories == nil {
runtimeDirectories = make(map[string]string)
}
if toolboxRuntimeDirectory, ok := runtimeDirectories[targetUser.Uid]; ok {
return toolboxRuntimeDirectory, nil
}
gid, err := strconv.Atoi(targetUser.Gid)
if err != nil {
return "", fmt.Errorf("failed to convert group ID to integer: %w", err)
@ -568,6 +564,7 @@ func GetRuntimeDirectory(targetUser *user.User) (string, error) {
return "", wrappedErr
}
runtimeDirectories[targetUser.Uid] = toolboxRuntimeDirectory
return toolboxRuntimeDirectory, nil
}
@ -659,6 +656,39 @@ func ImageReferenceHasDomain(image string) bool {
return true
}
func IsP11KitClientPresent() (bool, error) {
var p11KitClientPaths []string
var supportedDistro bool
hostID, err := getHostID()
if err == nil {
distroObj, ok := supportedDistros[hostID]
supportedDistro = ok
if supportedDistro {
p11KitClientPaths = distroObj.GetP11KitClientPaths()
}
}
if !supportedDistro {
if err == nil {
err = fmt.Errorf("failed to find %s in the list of supported distributions", hostID)
}
for _, distroObj := range supportedDistros {
paths := distroObj.GetP11KitClientPaths()
p11KitClientPaths = append(p11KitClientPaths, paths...)
}
}
for _, path := range p11KitClientPaths {
if PathExists(path) {
return true, err
}
}
return false, err
}
func SetUpConfiguration() error {
logrus.Debug("Setting up configuration")
@ -686,7 +716,7 @@ func SetUpConfiguration() error {
var errConfigFileNotFound viper.ConfigFileNotFoundError
var errConfigParse viper.ConfigParseError
if errors.As(err, &errConfigFileNotFound) || os.IsNotExist(err) {
if errors.As(err, &errConfigFileNotFound) || errors.Is(err, os.ErrNotExist) {
logrus.Debugf("Setting up configuration: file %s not found", configFile)
continue
} else if errors.As(err, &errConfigParse) {
@ -734,96 +764,9 @@ func parseRelease(distro, release string) (string, error) {
return release, err
}
func parseReleaseArch(release string) (string, error) {
if release != "latest" && release != "rolling" && release != "" {
return "", &ParseReleaseError{"The release must be 'latest'."}
}
return "latest", nil
}
func parseReleaseFedora(release string) (string, error) {
if strings.HasPrefix(release, "F") || strings.HasPrefix(release, "f") {
release = release[1:]
}
releaseN, err := strconv.Atoi(release)
if err != nil {
logrus.Debugf("Parsing release %s as an integer failed: %s", release, err)
return "", &ParseReleaseError{"The release must be a positive integer."}
}
if releaseN <= 0 {
return "", &ParseReleaseError{"The release must be a positive integer."}
}
return release, nil
}
func parseReleaseRHEL(release string) (string, error) {
if i := strings.IndexRune(release, '.'); i == -1 {
return "", &ParseReleaseError{"The release must be in the '<major>.<minor>' format."}
}
releaseN, err := strconv.ParseFloat(release, 32)
if err != nil {
logrus.Debugf("Parsing release %s as a float failed: %s", release, err)
return "", &ParseReleaseError{"The release must be in the '<major>.<minor>' format."}
}
if releaseN <= 0 {
return "", &ParseReleaseError{"The release must be a positive number."}
}
return release, nil
}
func parseReleaseUbuntu(release string) (string, error) {
releaseParts := strings.Split(release, ".")
if len(releaseParts) != 2 {
return "", &ParseReleaseError{"The release must be in the 'YY.MM' format."}
}
releaseYear, err := strconv.Atoi(releaseParts[0])
if err != nil {
logrus.Debugf("Parsing release year %s as an integer failed: %s", releaseParts[0], err)
return "", &ParseReleaseError{"The release must be in the 'YY.MM' format."}
}
if releaseYear < 4 {
return "", &ParseReleaseError{"The release year must be 4 or more."}
}
releaseYearLen := utf8.RuneCountInString(releaseParts[0])
if releaseYearLen > 2 {
return "", &ParseReleaseError{"The release year cannot have more than two digits."}
} else if releaseYear < 10 && releaseYearLen == 2 {
return "", &ParseReleaseError{"The release year cannot have a leading zero."}
}
releaseMonth, err := strconv.Atoi(releaseParts[1])
if err != nil {
logrus.Debugf("Parsing release month %s as an integer failed: %s", releaseParts[1], err)
return "", &ParseReleaseError{"The release must be in the 'YY.MM' format."}
}
if releaseMonth < 1 {
return "", &ParseReleaseError{"The release month must be between 01 and 12."}
} else if releaseMonth > 12 {
return "", &ParseReleaseError{"The release month must be between 01 and 12."}
}
releaseMonthLen := utf8.RuneCountInString(releaseParts[1])
if releaseMonthLen != 2 {
return "", &ParseReleaseError{"The release month must have two digits."}
}
return release, nil
}
// PathExists wraps around os.Stat providing a nice interface for checking an existence of a path.
func PathExists(path string) bool {
if _, err := os.Stat(path); !os.IsNotExist(err) {
if _, err := os.Stat(path); !errors.Is(err, os.ErrNotExist) {
return true
}

View File

@ -1,5 +1,5 @@
/*
* Copyright © 2021 2024 Red Hat Inc.
* Copyright © 2021 2025 Red Hat Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -17,6 +17,7 @@
package utils
import (
"os"
"testing"
"github.com/stretchr/testify/assert"
@ -361,3 +362,14 @@ func TestParseRelease(t *testing.T) {
})
}
}
func TestPathExists(t *testing.T) {
path, err := os.Executable()
assert.NoError(t, err)
exists := PathExists(path)
assert.True(t, exists)
path = "/does/not/exist"
exists = PathExists(path)
assert.False(t, exists)
}

View File

@ -1,6 +1,6 @@
# shellcheck shell=bats
#
# Copyright © 2020 2024 Red Hat, Inc.
# Copyright © 2020 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,13 +21,16 @@ load 'libs/bats-support/load'
load 'libs/bats-assert/load'
load 'libs/helpers.bash'
setup() {
setup_file() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
create_default_container
}
teardown() {
teardown_file() {
popd || return 1
cleanup_all
}
@ -73,7 +76,7 @@ teardown() {
assert_line --index 3 "create Create a new Toolbx container"
assert_line --index 4 "enter Enter an existing Toolbx container"
assert_line --index 5 "list List all existing Toolbx containers and images"
assert_line --index 7 "Go to https://github.com/containers/toolbox for further information."
assert_line --index 7 "Go to https://containertoolbx.org/ for further information."
assert [ ${#lines[@]} -eq 8 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
@ -106,7 +109,7 @@ teardown() {
assert_line --index 3 "create Create a new Toolbx container"
assert_line --index 4 "enter Enter an existing Toolbx container"
assert_line --index 5 "list List all existing Toolbx containers and images"
assert_line --index 7 "Go to https://github.com/containers/toolbox for further information."
assert_line --index 7 "Go to https://containertoolbx.org/ for further information."
assert [ ${#lines[@]} -eq 8 ]
# shellcheck disable=SC2154
@ -125,8 +128,6 @@ teardown() {
}
@test "help: Try unknown command (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox foo
assert_failure
@ -149,8 +150,6 @@ teardown() {
}
@test "help: Try unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox --foo
assert_failure
@ -173,8 +172,6 @@ teardown() {
}
@test "help: Try 'create' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox create --foo
assert_failure
@ -197,8 +194,6 @@ teardown() {
}
@test "help: Try 'enter' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox enter --foo
assert_failure
@ -221,8 +216,6 @@ teardown() {
}
@test "help: Try 'help' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox help --foo
assert_failure
@ -245,8 +238,6 @@ teardown() {
}
@test "help: Try 'init-container' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox init-container --foo
assert_failure
@ -269,8 +260,6 @@ teardown() {
}
@test "help: Try 'list' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox list --foo
assert_failure
@ -293,8 +282,6 @@ teardown() {
}
@test "help: Try 'rm' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox rm --foo
assert_failure
@ -317,8 +304,6 @@ teardown() {
}
@test "help: Try 'rmi' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox rmi --foo
assert_failure
@ -341,8 +326,6 @@ teardown() {
}
@test "help: Try 'run' with unknown flag (forwarded to host)" {
create_default_container
run -1 --keep-empty-lines --separate-stderr "$TOOLBX" run toolbox run --foo
assert_failure

File diff suppressed because it is too large Load Diff

View File

@ -373,8 +373,11 @@ teardown() {
local default_image
default_image="$(get_default_image)"
local system_id
system_id="$(get_system_id)"
local default_container
default_container="$(get_system_id)-toolbox-$(get_system_version)"
default_container="$system_id-toolbox-$(get_system_version)"
# Pull the two images
pull_default_image
@ -393,8 +396,17 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBX" list --images
assert_success
assert_line --index 1 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 2 --partial "$default_image"
if [ "$system_id" = "fedora" ]; then
assert_line --index 1 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 2 --partial "$default_image"
elif [ "$system_id" = "arch" ] || [ "$system_id" = "ubuntu" ]; then
assert_line --index 1 --partial "$default_image"
assert_line --index 2 --partial "registry.fedoraproject.org/fedora-toolbox:34"
else
fail "Define output for $system_id"
fi
assert [ ${#lines[@]} -eq 3 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
@ -402,9 +414,19 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBX" list --containers
assert_success
assert_line --index 1 --partial "$default_container"
assert_line --index 2 --partial "non-default-one"
assert_line --index 3 --partial "non-default-two"
if [ "$system_id" = "arch" ] || [ "$system_id" = "fedora" ]; then
assert_line --index 1 --partial "$default_container"
assert_line --index 2 --partial "non-default-one"
assert_line --index 3 --partial "non-default-two"
elif [ "$system_id" = "ubuntu" ]; then
assert_line --index 1 --partial "non-default-one"
assert_line --index 2 --partial "non-default-two"
assert_line --index 3 --partial "$default_container"
else
fail "Define output for $system_id"
fi
assert [ ${#lines[@]} -eq 4 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
@ -412,11 +434,29 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBX" list
assert_success
assert_line --index 1 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 2 --partial "$default_image"
assert_line --index 5 --partial "$default_container"
assert_line --index 6 --partial "non-default-one"
assert_line --index 7 --partial "non-default-two"
if [ "$system_id" = "fedora" ]; then
assert_line --index 1 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 2 --partial "$default_image"
elif [ "$system_id" = "arch" ] || [ "$system_id" = "ubuntu" ]; then
assert_line --index 1 --partial "$default_image"
assert_line --index 2 --partial "registry.fedoraproject.org/fedora-toolbox:34"
else
fail "Define output for $system_id"
fi
if [ "$system_id" = "arch" ] || [ "$system_id" = "fedora" ]; then
assert_line --index 5 --partial "$default_container"
assert_line --index 6 --partial "non-default-one"
assert_line --index 7 --partial "non-default-two"
elif [ "$system_id" = "ubuntu" ]; then
assert_line --index 5 --partial "non-default-one"
assert_line --index 6 --partial "non-default-two"
assert_line --index 7 --partial "$default_container"
else
fail "Define output for $system_id"
fi
assert [ ${#lines[@]} -eq 8 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
@ -425,6 +465,9 @@ teardown() {
local default_image
default_image="$(get_default_image)"
local system_id
system_id="$(get_system_id)"
pull_default_image
pull_distro_image fedora 34
build_image_without_name >/dev/null
@ -437,8 +480,17 @@ teardown() {
assert_success
assert_line --index 1 --partial "<none>"
assert_line --index 2 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 3 --partial "$default_image"
if [ "$system_id" = "fedora" ]; then
assert_line --index 2 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 3 --partial "$default_image"
elif [ "$system_id" = "arch" ] || [ "$system_id" = "ubuntu" ]; then
assert_line --index 2 --partial "$default_image"
assert_line --index 3 --partial "registry.fedoraproject.org/fedora-toolbox:34"
else
fail "Define output for $system_id"
fi
assert [ ${#lines[@]} -eq 4 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
@ -447,6 +499,9 @@ teardown() {
local default_image
default_image="$(get_default_image)"
local system_id
system_id="$(get_system_id)"
pull_default_image
pull_distro_image fedora 34
build_image_without_name >/dev/null
@ -455,8 +510,17 @@ teardown() {
assert_success
assert_line --index 1 --partial "<none>"
assert_line --index 2 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 3 --partial "$default_image"
if [ "$system_id" = "fedora" ]; then
assert_line --index 2 --partial "registry.fedoraproject.org/fedora-toolbox:34"
assert_line --index 3 --partial "$default_image"
elif [ "$system_id" = "arch" ] || [ "$system_id" = "ubuntu" ]; then
assert_line --index 2 --partial "$default_image"
assert_line --index 3 --partial "registry.fedoraproject.org/fedora-toolbox:34"
else
fail "Define output for $system_id"
fi
assert [ ${#lines[@]} -eq 4 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
@ -471,7 +535,7 @@ teardown() {
num_of_images="$(list_images)"
assert_equal "$num_of_images" 1
$PODMAN create --name busybox-container "$busybox_image"
podman create --name busybox-container "$busybox_image"
local num_of_containers
num_of_containers="$(list_containers)"
@ -494,7 +558,7 @@ teardown() {
num_of_images="$(list_images)"
assert_equal "$num_of_images" 1
$PODMAN create --name busybox-container "$busybox_image"
podman create --name busybox-container "$busybox_image"
local num_of_containers
num_of_containers="$(list_containers)"
@ -517,7 +581,7 @@ teardown() {
num_of_images="$(list_images)"
assert_equal "$num_of_images" 1
$PODMAN create --name busybox-container "$busybox_image"
podman create --name busybox-container "$busybox_image"
local num_of_containers
num_of_containers="$(list_containers)"

View File

@ -50,16 +50,16 @@ teardown() {
}
@test "container(Fedora Rawhide): Containers with supported versions start without issues" {
if ! is_fedora_rawhide; then
skip "This test is only for Fedora Rawhide"
fi
local system_id
system_id="$(get_system_id)"
local system_version
system_version="$(get_system_version)"
if ! is_fedora_rawhide; then
skip "This test is only for Fedora Rawhide"
fi
create_distro_container "$system_id" "$system_version" latest
run container_started latest
assert_success

View File

@ -842,11 +842,11 @@ teardown() {
local container="ancient"
run "$PODMAN" create --name "$container" "$default_image" true
run podman create --name "$container" "$default_image" true
assert_success
run $PODMAN ps --all
run podman ps --all
assert_success
assert_output --regexp "Created[[:blank:]]+$container"

View File

@ -1,6 +1,6 @@
# shellcheck shell=bats
#
# Copyright © 2023 2024 Red Hat, Inc.
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -33,14 +33,30 @@ print(addr)'
readonly RESOLVER_SH='resolvectl --legend false --no-pager --type "$0" query "$1" \
| cut --delimiter " " --fields 4'
setup() {
setup_file() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "arch" >/dev/null 2>/dev/null; then
create_distro_container arch latest arch-toolbox-latest
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "fedora" >/dev/null 2>/dev/null; then
create_default_container
create_distro_container fedora 34 fedora-toolbox-34
create_distro_container rhel 8.10 rhel-toolbox-8.10
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "ubuntu" >/dev/null 2>/dev/null; then
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
fi
}
teardown() {
teardown_file() {
popd || return 1
cleanup_all
}
@ -50,8 +66,6 @@ teardown() {
local ns_host
ns_host=$(readlink /proc/$$/ns/net)
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run sh -c 'readlink /proc/$$/ns/net'
assert_success
@ -64,12 +78,16 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: /etc/resolv.conf inside the default container" {
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -78,12 +96,16 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: /etc/resolv.conf inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -92,12 +114,16 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: /etc/resolv.conf inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -106,12 +132,16 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: /etc/resolv.conf inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -120,12 +150,16 @@ teardown() {
# bats test_tags=ubuntu
@test "network: /etc/resolv.conf inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -134,12 +168,16 @@ teardown() {
# bats test_tags=ubuntu
@test "network: /etc/resolv.conf inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -148,12 +186,16 @@ teardown() {
# bats test_tags=ubuntu
@test "network: /etc/resolv.conf inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 readlink /etc/resolv.conf
assert_success
assert_line --index 0 "/run/host/etc/resolv.conf"
if [ "${lines[0]}" = "/run/host/run/systemd/resolve/stub-resolv.conf" ]; then
skip "host has absolute symlink"
else
assert_line --index 0 "/run/host/etc/resolv.conf"
fi
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
@ -178,8 +220,6 @@ teardown() {
skip "DNS not working on host"
fi
create_default_container
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run python3 -c "$RESOLVER_PYTHON3" A k.root-servers.net
@ -217,8 +257,6 @@ teardown() {
skip "DNS not working on host"
fi
create_distro_container arch latest arch-toolbox-latest
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro arch \
@ -260,8 +298,6 @@ teardown() {
skip "DNS not working on host"
fi
create_distro_container fedora 34 fedora-toolbox-34
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
@ -305,8 +341,6 @@ teardown() {
skip "DNS not working on host"
fi
create_distro_container rhel 8.10 rhel-toolbox-8.10
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
@ -350,8 +384,6 @@ teardown() {
skip "DNS not working on host"
fi
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
@ -395,8 +427,6 @@ teardown() {
skip "DNS not working on host"
fi
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
@ -440,8 +470,6 @@ teardown() {
skip "DNS not working on host"
fi
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
if ! $ipv4_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
@ -469,8 +497,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: ping(8) inside the default container" {
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run ping -c 2 f.root-servers.net
if [ "$status" -eq 1 ]; then
@ -486,8 +512,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: ping(8) inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch ping -c 2 f.root-servers.net
if [ "$status" -eq 1 ]; then
@ -503,8 +527,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: ping(8) inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 ping -c 2 f.root-servers.net
if [ "$status" -eq 1 ]; then
@ -520,8 +542,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "network: ping(8) inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 ping -c 2 f.root-servers.net
if [ "$status" -eq 1 ]; then
@ -537,8 +557,6 @@ teardown() {
# bats test_tags=ubuntu
@test "network: ping(8) inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run -2 --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 ping -c 2 f.root-servers.net
assert_failure
@ -552,8 +570,6 @@ teardown() {
# bats test_tags=ubuntu
@test "network: ping(8) inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 ping -c 2 f.root-servers.net
if [ "$status" -eq 1 ]; then
@ -569,8 +585,6 @@ teardown() {
# bats test_tags=ubuntu
@test "network: ping(8) inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 ping -c 2 f.root-servers.net
if [ "$status" -eq 1 ]; then

View File

@ -1,6 +1,6 @@
# shellcheck shell=bats
#
# Copyright © 2023 2024 Red Hat, Inc.
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,14 +21,30 @@ load 'libs/bats-support/load'
load 'libs/bats-assert/load'
load 'libs/helpers'
setup() {
setup_file() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "arch" >/dev/null 2>/dev/null; then
create_distro_container arch latest arch-toolbox-latest
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "fedora" >/dev/null 2>/dev/null; then
create_default_container
create_distro_container fedora 34 fedora-toolbox-34
create_distro_container rhel 8.10 rhel-toolbox-8.10
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "ubuntu" >/dev/null 2>/dev/null; then
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
fi
}
teardown() {
teardown_file() {
popd || return 1
cleanup_all
}
@ -38,8 +54,6 @@ teardown() {
local ns_host
ns_host=$(readlink /proc/$$/ns/user)
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run sh -c 'readlink /proc/$$/ns/user'
assert_success
@ -56,13 +70,12 @@ teardown() {
local default_container
default_container="$(get_system_id)-toolbox-$(get_system_version)"
create_default_container
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount "$default_container")"
container_root_file_system="$(podman unshare podman mount "$default_container")"
"$TOOLBX" run true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount "$default_container"
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount "$default_container"
assert_success
assert_line --regexp '^root::.+$'
@ -74,13 +87,12 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: root in shadow(5) inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount arch-toolbox-latest)"
container_root_file_system="$(podman unshare podman mount arch-toolbox-latest)"
"$TOOLBX" run --distro arch true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount arch-toolbox-latest
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount arch-toolbox-latest
assert_success
assert_line --regexp '^root::.+$'
@ -92,13 +104,12 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: root in shadow(5) inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount fedora-toolbox-34)"
container_root_file_system="$(podman unshare podman mount fedora-toolbox-34)"
"$TOOLBX" run --distro fedora --release 34 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount fedora-toolbox-34
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount fedora-toolbox-34
assert_success
assert_line --regexp '^root::.+$'
@ -110,13 +121,12 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: root in shadow(5) inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount rhel-toolbox-8.10)"
container_root_file_system="$(podman unshare podman mount rhel-toolbox-8.10)"
"$TOOLBX" run --distro rhel --release 8.10 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount rhel-toolbox-8.10
assert_success
assert_line --regexp '^root::.+$'
@ -128,13 +138,12 @@ teardown() {
# bats test_tags=ubuntu
@test "user: root in shadow(5) inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-16.04)"
container_root_file_system="$(podman unshare podman mount ubuntu-toolbox-16.04)"
"$TOOLBX" run --distro ubuntu --release 16.04 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount ubuntu-toolbox-16.04
assert_success
assert_line --regexp '^root::.+$'
@ -146,13 +155,12 @@ teardown() {
# bats test_tags=ubuntu
@test "user: root in shadow(5) inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-18.04)"
container_root_file_system="$(podman unshare podman mount ubuntu-toolbox-18.04)"
"$TOOLBX" run --distro ubuntu --release 18.04 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount ubuntu-toolbox-18.04
assert_success
assert_line --regexp '^root::.+$'
@ -164,13 +172,12 @@ teardown() {
# bats test_tags=ubuntu
@test "user: root in shadow(5) inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-20.04)"
container_root_file_system="$(podman unshare podman mount ubuntu-toolbox-20.04)"
"$TOOLBX" run --distro ubuntu --release 20.04 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount ubuntu-toolbox-20.04
assert_success
assert_line --regexp '^root::.+$'
@ -188,8 +195,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run cat /etc/passwd
assert_success
@ -208,8 +213,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch cat /etc/passwd
assert_success
@ -228,8 +231,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 cat /etc/passwd
assert_success
@ -248,8 +249,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 cat /etc/passwd
assert_success
@ -268,8 +267,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 cat /etc/passwd
assert_success
@ -288,8 +285,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 cat /etc/passwd
assert_success
@ -308,8 +303,6 @@ teardown() {
local user_id_real
user_id_real="$(id --real --user)"
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 cat /etc/passwd
assert_success
@ -325,13 +318,12 @@ teardown() {
local default_container
default_container="$(get_system_id)-toolbox-$(get_system_version)"
create_default_container
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount "$default_container")"
container_root_file_system="$(podman unshare podman mount "$default_container")"
"$TOOLBX" run true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount "$default_container"
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount "$default_container"
assert_success
refute_line --regexp "^$USER:.*$"
@ -343,13 +335,12 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in shadow(5) inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount arch-toolbox-latest)"
container_root_file_system="$(podman unshare podman mount arch-toolbox-latest)"
"$TOOLBX" run --distro arch true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount arch-toolbox-latest
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount arch-toolbox-latest
assert_success
refute_line --regexp "^$USER:.*$"
@ -361,13 +352,12 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in shadow(5) inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount fedora-toolbox-34)"
container_root_file_system="$(podman unshare podman mount fedora-toolbox-34)"
"$TOOLBX" run --distro fedora --release 34 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount fedora-toolbox-34
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount fedora-toolbox-34
assert_success
refute_line --regexp "^$USER:.*$"
@ -379,13 +369,12 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in shadow(5) inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount rhel-toolbox-8.10)"
container_root_file_system="$(podman unshare podman mount rhel-toolbox-8.10)"
"$TOOLBX" run --distro rhel --release 8.10 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount rhel-toolbox-8.10
assert_success
refute_line --regexp "^$USER:.*$"
@ -397,13 +386,12 @@ teardown() {
# bats test_tags=ubuntu
@test "user: $USER in shadow(5) inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-16.04)"
container_root_file_system="$(podman unshare podman mount ubuntu-toolbox-16.04)"
"$TOOLBX" run --distro ubuntu --release 16.04 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount ubuntu-toolbox-16.04
assert_success
refute_line --regexp "^$USER:.*$"
@ -415,13 +403,12 @@ teardown() {
# bats test_tags=ubuntu
@test "user: $USER in shadow(5) inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-18.04)"
container_root_file_system="$(podman unshare podman mount ubuntu-toolbox-18.04)"
"$TOOLBX" run --distro ubuntu --release 18.04 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount ubuntu-toolbox-18.04
assert_success
refute_line --regexp "^$USER:.*$"
@ -433,13 +420,12 @@ teardown() {
# bats test_tags=ubuntu
@test "user: $USER in shadow(5) inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-20.04)"
container_root_file_system="$(podman unshare podman mount ubuntu-toolbox-20.04)"
"$TOOLBX" run --distro ubuntu --release 20.04 true
run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow"
"$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr podman unshare cat "$container_root_file_system/etc/shadow"
podman unshare podman unmount ubuntu-toolbox-20.04
assert_success
refute_line --regexp "^$USER:.*$"
@ -451,8 +437,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in group(5) inside the default container" {
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run cat /etc/group
assert_success
@ -466,8 +450,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in group(5) inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch cat /etc/group
assert_success
@ -481,8 +463,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in group(5) inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 cat /etc/group
assert_success
@ -496,8 +476,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: $USER in group(5) inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 cat /etc/group
assert_success
@ -511,8 +489,6 @@ teardown() {
# bats test_tags=ubuntu
@test "user: $USER in group(5) inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 cat /etc/group
assert_success
@ -526,8 +502,6 @@ teardown() {
# bats test_tags=ubuntu
@test "user: $USER in group(5) inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 cat /etc/group
assert_success
@ -541,8 +515,6 @@ teardown() {
# bats test_tags=ubuntu
@test "user: $USER in group(5) inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 cat /etc/group
assert_success
@ -556,8 +528,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: id(1) for $USER inside the default container" {
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run id
assert_success
@ -580,8 +550,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: id(1) for $USER inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch id
assert_success
@ -604,8 +572,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: id(1) for $USER inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 id
assert_success
@ -628,8 +594,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "user: id(1) for $USER inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 id
assert_success
@ -652,8 +616,6 @@ teardown() {
# bats test_tags=ubuntu
@test "user: id(1) for $USER inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 id
assert_success
@ -676,8 +638,6 @@ teardown() {
# bats test_tags=ubuntu
@test "user: id(1) for $USER inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 id
assert_success
@ -700,8 +660,6 @@ teardown() {
# bats test_tags=ubuntu
@test "user: id(1) for $USER inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 id
assert_success

View File

@ -1,6 +1,6 @@
# shellcheck shell=bats
#
# Copyright © 2023 2024 Red Hat, Inc.
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,14 +21,30 @@ load 'libs/bats-support/load'
load 'libs/bats-assert/load'
load 'libs/helpers'
setup() {
setup_file() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "arch" >/dev/null 2>/dev/null; then
create_distro_container arch latest arch-toolbox-latest
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "fedora" >/dev/null 2>/dev/null; then
create_default_container
create_distro_container fedora 34 fedora-toolbox-34
create_distro_container rhel 8.10 rhel-toolbox-8.10
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "ubuntu" >/dev/null 2>/dev/null; then
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
fi
}
teardown() {
teardown_file() {
popd || return 1
cleanup_all
}
@ -42,8 +58,6 @@ teardown() {
--object-path /org/freedesktop/DBus \
--method org.freedesktop.DBus.Peer.Ping)"
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run gdbus call \
--session \
--dest org.freedesktop.DBus \
@ -67,8 +81,6 @@ teardown() {
--object-path /org/freedesktop/DBus \
--method org.freedesktop.DBus.Peer.Ping)"
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro arch \
gdbus call \
@ -94,8 +106,6 @@ teardown() {
--object-path /org/freedesktop/DBus \
--method org.freedesktop.DBus.Peer.Ping)"
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
--release 34 \
@ -122,8 +132,6 @@ teardown() {
--object-path /org/freedesktop/DBus \
--method org.freedesktop.DBus.Peer.Ping)"
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
--release 8.10 \
@ -145,8 +153,6 @@ teardown() {
@test "dbus: session bus inside Ubuntu 16.04" {
busctl --user call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.Peer Ping
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 16.04 \
@ -165,8 +171,6 @@ teardown() {
@test "dbus: session bus inside Ubuntu 18.04" {
busctl --user call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.Peer Ping
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 18.04 \
@ -185,8 +189,6 @@ teardown() {
@test "dbus: session bus inside Ubuntu 20.04" {
busctl --user call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.Peer Ping
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 20.04 \
@ -212,8 +214,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run gdbus call \
--system \
--dest org.freedesktop.systemd1 \
@ -241,8 +241,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro arch \
gdbus call \
@ -272,8 +270,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
--release 34 \
@ -304,8 +300,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
--release 8.10 \
@ -334,8 +328,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 16.04 \
@ -362,8 +354,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 18.04 \
@ -390,8 +380,6 @@ teardown() {
org.freedesktop.systemd1.Manager \
Version)"
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 20.04 \

View File

@ -1,6 +1,6 @@
# shellcheck shell=bats
#
# Copyright © 2023 2024 Red Hat, Inc.
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,22 +21,36 @@ load 'libs/bats-support/load'
load 'libs/bats-assert/load'
load 'libs/helpers'
setup() {
setup_file() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "arch" >/dev/null 2>/dev/null; then
create_distro_container arch latest arch-toolbox-latest
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "fedora" >/dev/null 2>/dev/null; then
create_default_container
create_distro_container fedora 34 fedora-toolbox-34
create_distro_container rhel 8.10 rhel-toolbox-8.10
fi
if echo "$TOOLBX_TEST_SYSTEM_TAGS" | grep "ubuntu" >/dev/null 2>/dev/null; then
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
fi
}
teardown() {
teardown_file() {
popd || return 1
cleanup_all
}
# bats test_tags=arch-fedora
@test "environment variables: HISTFILESIZE inside the default container" {
create_default_container
if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
HISTFILESIZE=1001
@ -59,8 +73,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HISTFILESIZE inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
@ -84,8 +96,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HISTFILESIZE inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
@ -109,8 +119,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HISTFILESIZE inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
@ -134,8 +142,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
@ -160,8 +166,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
@ -186,8 +190,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
HISTFILESIZE=1001
@ -213,8 +215,6 @@ teardown() {
@test "environment variables: HISTSIZE inside the default container" {
skip "https://pagure.io/setup/pull-request/48"
create_default_container
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
HISTSIZE=1001
@ -237,8 +237,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HISTSIZE inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
@ -264,8 +262,6 @@ teardown() {
@test "environment variables: HISTSIZE inside Fedora 34" {
skip "https://pagure.io/setup/pull-request/48"
create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
@ -291,8 +287,6 @@ teardown() {
@test "environment variables: HISTSIZE inside RHEL 8.10" {
skip "https://pagure.io/setup/pull-request/48"
create_distro_container rhel 8.10 rhel-toolbox-8.10
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
@ -316,8 +310,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HISTSIZE inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
@ -341,8 +333,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HISTSIZE inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
@ -366,8 +356,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HISTSIZE inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
HISTSIZE=1001
@ -390,8 +378,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HOSTNAME inside the default container" {
create_default_container
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run bash -c 'echo "$HOSTNAME"'
@ -403,8 +389,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HOSTNAME inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch bash -c 'echo "$HOSTNAME"'
@ -416,8 +400,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HOSTNAME inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 bash -c 'echo "$HOSTNAME"'
@ -429,8 +411,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: HOSTNAME inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 bash -c 'echo "$HOSTNAME"'
@ -442,8 +422,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HOSTNAME inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 bash -c 'echo "$HOSTNAME"'
@ -455,8 +433,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HOSTNAME inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 bash -c 'echo "$HOSTNAME"'
@ -468,8 +444,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: HOSTNAME inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
# shellcheck disable=SC2016
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 bash -c 'echo "$HOSTNAME"'
@ -481,8 +455,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: KONSOLE_VERSION inside the default container" {
create_default_container
if [ "$KONSOLE_VERSION" = "" ]; then
# shellcheck disable=SC2030
export KONSOLE_VERSION=230804
@ -501,8 +473,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: KONSOLE_VERSION inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
# shellcheck disable=SC2031
if [ "$KONSOLE_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -522,8 +492,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: KONSOLE_VERSION inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2031
if [ "$KONSOLE_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -543,8 +511,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: KONSOLE_VERSION inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
# shellcheck disable=SC2031
if [ "$KONSOLE_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -564,8 +530,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: KONSOLE_VERSION inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2031
if [ "$KONSOLE_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -585,8 +549,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: KONSOLE_VERSION inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2031
if [ "$KONSOLE_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -606,8 +568,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: KONSOLE_VERSION inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
# shellcheck disable=SC2031
if [ "$KONSOLE_VERSION" = "" ]; then
export KONSOLE_VERSION=230804
@ -626,8 +586,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: XTERM_VERSION inside the default container" {
create_default_container
if [ "$XTERM_VERSION" = "" ]; then
# shellcheck disable=SC2030
export XTERM_VERSION="XTerm(385)"
@ -646,8 +604,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: XTERM_VERSION inside Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
# shellcheck disable=SC2031
if [ "$XTERM_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -667,8 +623,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: XTERM_VERSION inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2031
if [ "$XTERM_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -688,8 +642,6 @@ teardown() {
# bats test_tags=arch-fedora
@test "environment variables: XTERM_VERSION inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
# shellcheck disable=SC2031
if [ "$XTERM_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -709,8 +661,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: XTERM_VERSION inside Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2031
if [ "$XTERM_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -730,8 +680,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: XTERM_VERSION inside Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2031
if [ "$XTERM_VERSION" = "" ]; then
# shellcheck disable=SC2030
@ -751,8 +699,6 @@ teardown() {
# bats test_tags=ubuntu
@test "environment variables: XTERM_VERSION inside Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
# shellcheck disable=SC2031
if [ "$XTERM_VERSION" = "" ]; then
export XTERM_VERSION="XTerm(385)"

View File

@ -161,7 +161,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /run/toolbox.1
@ -241,7 +241,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /opt/bin/toolbox
@ -321,7 +321,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /usr/bin/toolbox.1
@ -453,7 +453,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /run/toolbox.1
@ -559,7 +559,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /run/toolbox.1
@ -639,7 +639,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /opt/bin/toolbox
@ -719,7 +719,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /usr/bin/toolbox.1
@ -851,7 +851,7 @@ teardown() {
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
"$PODMAN" stop "$default_container"
podman stop "$default_container"
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /run/toolbox.1

View File

@ -0,0 +1,228 @@
# shellcheck shell=bats
#
# Copyright © 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# bats file_tags=runtime-environment
load 'libs/bats-support/load'
load 'libs/bats-assert/load'
load 'libs/helpers'
setup() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
}
teardown() {
popd || return 1
cleanup_all
}
# bats test_tags=arch-fedora
@test "kerberos: Smoke test" {
local kerberos_skip=false
local system_id
system_id="$(get_system_id)"
if [ "$system_id" != "fedora" ]; then
kerberos_skip=true
fi
create_default_container
if $kerberos_skip; then
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /etc/krb5.conf.d
assert_failure
assert [ ${#lines[@]} -eq 0 ]
# shellcheck disable=SC2154
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run test -e /etc/krb5.conf.d/kcm_default_ccache
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
else
run --keep-empty-lines --separate-stderr "$TOOLBX" run cat /etc/krb5.conf.d/kcm_default_ccache
assert_success
assert_line --index 0 "# Written by Toolbx"
assert_line --index 1 "# https://containertoolbx.org/"
assert_line --index 2 "#"
assert_line --index 3 "# # To disable the KCM credential cache, comment out the following lines."
assert_line --index 4 ""
assert_line --index 5 "[libdefaults]"
assert_line --index 6 " default_ccache_name = KCM:"
assert [ ${#lines[@]} -eq 7 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run stat \
--format "%A %U:%G" \
/etc/krb5.conf.d/kcm_default_ccache
assert_success
assert_line --index 0 "-rw-r--r-- root:root"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
fi
}
# bats test_tags=arch-fedora
@test "kerberos: Smoke test with Arch Linux" {
create_distro_container arch latest arch-toolbox-latest
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch test -e /etc/krb5.conf.d
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro arch test -e /etc/krb5.conf.d/kcm_default_ccache
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=arch-fedora
@test "kerberos: Smoke test with Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
--release 34 \
cat /etc/krb5.conf.d/kcm_default_ccache
assert_success
assert_line --index 0 "# Written by Toolbx"
assert_line --index 1 "# https://containertoolbx.org/"
assert_line --index 2 "#"
assert_line --index 3 "# # To disable the KCM credential cache, comment out the following lines."
assert_line --index 4 ""
assert_line --index 5 "[libdefaults]"
assert_line --index 6 " default_ccache_name = KCM:"
assert [ ${#lines[@]} -eq 7 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
--release 34 \
stat \
--format "%A %U:%G" \
/etc/krb5.conf.d/kcm_default_ccache
assert_success
assert_line --index 0 "-rw-r--r-- root:root"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=arch-fedora
@test "kerberos: Smoke test with RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
--release 8.10 \
cat /etc/krb5.conf.d/kcm_default_ccache
assert_success
assert_line --index 0 "# Written by Toolbx"
assert_line --index 1 "# https://containertoolbx.org/"
assert_line --index 2 "#"
assert_line --index 3 "# # To disable the KCM credential cache, comment out the following lines."
assert_line --index 4 ""
assert_line --index 5 "[libdefaults]"
assert_line --index 6 " default_ccache_name = KCM:"
assert [ ${#lines[@]} -eq 7 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
--release 8.10 \
stat \
--format "%A %U:%G" \
/etc/krb5.conf.d/kcm_default_ccache
assert_success
assert_line --index 0 "-rw-r--r-- root:root"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=ubuntu
@test "kerberos: Smoke test with Ubuntu 16.04" {
create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 16.04 test -e /etc/krb5.conf.d
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 16.04 \
test -e /etc/krb5.conf.d/kcm_default_ccache
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=ubuntu
@test "kerberos: Smoke test with Ubuntu 18.04" {
create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 18.04 test -e /etc/krb5.conf.d
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 18.04 \
test -e /etc/krb5.conf.d/kcm_default_ccache
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=ubuntu
@test "kerberos: Smoke test with Ubuntu 20.04" {
create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro ubuntu --release 20.04 test -e /etc/krb5.conf.d
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro ubuntu \
--release 20.04 \
test -e /etc/krb5.conf.d/kcm_default_ccache
assert_failure
assert [ ${#lines[@]} -eq 0 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}

148
test/system/270-rpm.bats Normal file
View File

@ -0,0 +1,148 @@
# shellcheck shell=bats
#
# Copyright © 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# bats file_tags=runtime-environment
load 'libs/bats-support/load'
load 'libs/bats-assert/load'
load 'libs/helpers'
setup() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
}
teardown() {
popd || return 1
cleanup_all
}
# bats test_tags=arch-fedora
@test "rpm: %_netsharedpath inside the default container" {
local system_id
system_id="$(get_system_id)"
if [ "$system_id" != "fedora" ]; then
skip "doesn't use RPM"
fi
create_default_container
run --keep-empty-lines --separate-stderr "$TOOLBX" run rpm --eval %_netsharedpath
assert_success
assert_line --index 0 "/dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt"
assert [ ${#lines[@]} -eq 1 ]
# shellcheck disable=SC2154
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run cat /usr/lib/rpm/macros.d/macros.toolbox
assert_success
assert_line --index 0 "# Written by Toolbx"
assert_line --index 1 "# https://containertoolbx.org/"
assert_line --index 2 ""
assert_line --index 3 "%_netsharedpath /dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt"
assert [ ${#lines[@]} -eq 4 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run stat \
--format "%A %U:%G" \
/usr/lib/rpm/macros.d/macros.toolbox
assert_success
assert_line --index 0 "-rw-r--r-- root:root"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=arch-fedora
@test "rpm: %_netsharedpath inside Fedora 34" {
create_distro_container fedora 34 fedora-toolbox-34
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro fedora --release 34 rpm --eval %_netsharedpath
assert_success
assert_line --index 0 "/dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
--release 34 \
cat /usr/lib/rpm/macros.d/macros.toolbox
assert_success
assert_line --index 0 "# Written by Toolbx"
assert_line --index 1 "# https://containertoolbx.org/"
assert_line --index 2 ""
assert_line --index 3 "%_netsharedpath /dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt"
assert [ ${#lines[@]} -eq 4 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro fedora \
--release 34 \
stat \
--format "%A %U:%G" \
/usr/lib/rpm/macros.d/macros.toolbox
assert_success
assert_line --index 0 "-rw-r--r-- root:root"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}
# bats test_tags=arch-fedora
@test "rpm: %_netsharedpath inside RHEL 8.10" {
create_distro_container rhel 8.10 rhel-toolbox-8.10
run --keep-empty-lines --separate-stderr "$TOOLBX" run --distro rhel --release 8.10 rpm --eval %_netsharedpath
assert_success
assert_line --index 0 "/dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
--release 8.10 \
cat /usr/lib/rpm/macros.d/macros.toolbox
assert_success
assert_line --index 0 "# Written by Toolbx"
assert_line --index 1 "# https://containertoolbx.org/"
assert_line --index 2 ""
assert_line --index 3 "%_netsharedpath /dev:/media:/mnt:/proc:/sys:/tmp:/var/lib/flatpak:/var/lib/libvirt"
assert [ ${#lines[@]} -eq 4 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
run --keep-empty-lines --separate-stderr "$TOOLBX" run \
--distro rhel \
--release 8.10 \
stat \
--format "%A %U:%G" \
/usr/lib/rpm/macros.d/macros.toolbox
assert_success
assert_line --index 0 "-rw-r--r-- root:root"
assert [ ${#lines[@]} -eq 1 ]
assert [ ${#stderr_lines[@]} -eq 0 ]
}

View File

@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.8.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
}
teardown() {
popd || return 1
cleanup_all
}

View File

@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.8.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
}
teardown() {
popd || return 1
cleanup_all
}

View File

@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.8.0
_setup_environment
cleanup_all
pushd "$HOME" || return 1
}
teardown() {
popd || return 1
cleanup_all
}

View File

@ -38,10 +38,10 @@ and to speed up the cases.
By default the test suite uses the system versions of `podman`, `skopeo` and
`toolbox`.
If you have a `podman`, `skopeo` or `toolbox` installed in a nonstandard
location then you can use the `PODMAN`, `SKOPEO` and `TOOLBX` environmental
variables to set the path to the binaries. So the command to invoke the test
suite could look something like this: `PODMAN=/usr/libexec/podman TOOLBX=./toolbox bats ./test/system/`.
If you have `toolbox` installed in a nonstandard location then you can use the
`TOOLBX` environmental variable to set the path to the binary. So the command
to invoke the test suite could look something like this:
`TOOLBX=./toolbox bats ./test/system/`.
It's recommended to set the [TMPDIR](https://systemd.io/TEMPORARY_DIRECTORIES/)
environment variable to `/var/tmp` when running the tests. Otherwise, the
@ -90,6 +90,6 @@ Examples:
Example pull of the `fedora-toolbox:34` image:
```bash
$PODMAN login --username user --password user "$DOCKER_REG_URI"
$PODMAN pull "$DOCKER_REG_URI/fedora-toolbox:34"
podman login --username user --password user "$DOCKER_REG_URI"
podman pull "$DOCKER_REG_URI/fedora-toolbox:34"
```

View File

@ -4,25 +4,20 @@ load 'libs/bats-support/load'
load 'libs/bats-assert/load'
# Helpful globals
readonly TEMP_BASE_DIR="${XDG_CACHE_HOME:-$HOME/.cache}/toolbx"
readonly TEMP_STORAGE_DIR="${TEMP_BASE_DIR}/system-test-storage"
readonly IMAGE_CACHE_DIR="${BATS_SUITE_TMPDIR}/image-cache"
readonly ROOTLESS_PODMAN_STORE_DIR="${TEMP_STORAGE_DIR}/storage"
readonly ROOTLESS_PODMAN_RUNROOT_DIR="${TEMP_STORAGE_DIR}/runroot"
readonly PODMAN_STORE_CONFIG_FILE="${TEMP_STORAGE_DIR}/storage.conf"
readonly DOCKER_REG_ROOT="${TEMP_STORAGE_DIR}/docker-registry-root"
readonly ROOTLESS_PODMAN_STORE_DIR="${BATS_SUITE_TMPDIR}/storage"
readonly ROOTLESS_PODMAN_RUNROOT_DIR="${BATS_SUITE_TMPDIR}/runroot"
readonly PODMAN_STORE_CONFIG_FILE="${BATS_SUITE_TMPDIR}/storage.conf"
readonly DOCKER_REG_ROOT="${BATS_SUITE_TMPDIR}/docker-registry-root"
readonly DOCKER_REG_CERTS_DIR="${BATS_SUITE_TMPDIR}/certs"
readonly DOCKER_REG_AUTH_DIR="${BATS_SUITE_TMPDIR}/auth"
readonly DOCKER_REG_URI="localhost:50000"
readonly DOCKER_REG_NAME="docker-registry"
# Podman and Toolbx commands to run
readonly PODMAN="${PODMAN:-$(command -v podman)}"
readonly TOOLBX="${TOOLBX:-$(command -v toolbox)}"
readonly TOOLBX_TEST_SYSTEM_TAGS_ALL="arch-fedora,commands-options,custom-image,runtime-environment,ubuntu"
readonly TOOLBX_TEST_SYSTEM_TAGS="${TOOLBX_TEST_SYSTEM_TAGS:-$TOOLBX_TEST_SYSTEM_TAGS_ALL}"
readonly SKOPEO="${SKOPEO:-$(command -v skopeo)}"
# Images
declare -Ag IMAGES=([arch]="quay.io/toolbx/arch-toolbox" \
@ -34,8 +29,8 @@ declare -Ag IMAGES=([arch]="quay.io/toolbx/arch-toolbox" \
function cleanup_all() {
"$PODMAN" rm --all --force >/dev/null
"$PODMAN" rmi --all --force >/dev/null
podman rm --all --force >/dev/null
podman rmi --all --force >/dev/null
}
@ -45,23 +40,12 @@ function _setup_environment() {
}
function _setup_containers_storage() {
mkdir -p "${TEMP_STORAGE_DIR}"
# Set up a storage config file for PODMAN
echo -e "[storage]\n driver = \"overlay\"\n rootless_storage_path = \"${ROOTLESS_PODMAN_STORE_DIR}\"\n runroot = \"${ROOTLESS_PODMAN_RUNROOT_DIR}\"\n" > "${PODMAN_STORE_CONFIG_FILE}"
export CONTAINERS_STORAGE_CONF="${PODMAN_STORE_CONFIG_FILE}"
}
function _clean_temporary_storage() {
"$PODMAN" system reset --force >/dev/null
rm --force --recursive "${ROOTLESS_PODMAN_STORE_DIR}"
rm --force --recursive "${ROOTLESS_PODMAN_RUNROOT_DIR}"
rm --force --recursive "${PODMAN_STORE_CONFIG_FILE}"
rm --force --recursive "${TEMP_STORAGE_DIR}"
}
# Pulls an image using Podman and saves it to a image dir using Skopeo
#
# Parameters
@ -110,7 +94,7 @@ function _pull_and_cache_distro_image() {
local -i ret_val
for ((j = 0; j < num_of_retries; j++)); do
error_message="$( ("$SKOPEO" copy --dest-compress \
error_message="$( (skopeo copy --dest-compress \
"docker://${image}" \
"dir:${IMAGE_CACHE_DIR}/${image_archive}" >/dev/null) 2>&1)"
ret_val="$?"
@ -136,12 +120,6 @@ function _pull_and_cache_distro_image() {
}
# Removes the folder with cached images
function _clean_cached_images() {
rm --force --recursive "${IMAGE_CACHE_DIR}"
}
# Prepares a locally hosted image registry
#
# The registry is set up with Podman set to an alternative root. It won't
@ -183,11 +161,11 @@ function _setup_docker_registry() {
assert_success
# Pull Docker registry image
run "$PODMAN" --root "${DOCKER_REG_ROOT}" pull "${IMAGES[docker-reg]}"
run podman --root "${DOCKER_REG_ROOT}" pull "${IMAGES[docker-reg]}"
assert_success
# Create a Docker registry
run "$PODMAN" --root "${DOCKER_REG_ROOT}" run \
run podman --root "${DOCKER_REG_ROOT}" run \
--detach \
--env REGISTRY_AUTH=htpasswd \
--env REGISTRY_AUTH_HTPASSWD_PATH="/auth/htpasswd" \
@ -195,7 +173,6 @@ function _setup_docker_registry() {
--env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
--env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
--name "${DOCKER_REG_NAME}" \
--network slirp4netns \
--privileged \
--publish 50000:5000 \
--rm \
@ -204,20 +181,20 @@ function _setup_docker_registry() {
"${IMAGES[docker-reg]}"
assert_success
run "$PODMAN" login \
--authfile "${TEMP_BASE_DIR}/authfile.json" \
run podman login \
--authfile "${BATS_SUITE_TMPDIR}/authfile.json" \
--username user \
--password user \
"${DOCKER_REG_URI}"
assert_success
# Add fedora-toolbox:34 image to the registry
run "$SKOPEO" copy --dest-authfile "${TEMP_BASE_DIR}/authfile.json" \
run skopeo copy --dest-authfile "${BATS_SUITE_TMPDIR}/authfile.json" \
dir:"${IMAGE_CACHE_DIR}"/fedora-toolbox-34 \
docker://"${DOCKER_REG_URI}"/fedora-toolbox:34
assert_success
run rm "${TEMP_BASE_DIR}/authfile.json"
run rm "${BATS_SUITE_TMPDIR}/authfile.json"
assert_success
}
@ -225,13 +202,13 @@ function _setup_docker_registry() {
# Stop, removes and cleans after a locally hosted Docker registry
function _clean_docker_registry() {
# Stop Docker registry container
if "$PODMAN" --root "$DOCKER_REG_ROOT" container exists "$DOCKER_REG_NAME"; then
"$PODMAN" --root "${DOCKER_REG_ROOT}" stop --time 0 "${DOCKER_REG_NAME}"
if podman --root "$DOCKER_REG_ROOT" container exists "$DOCKER_REG_NAME"; then
podman --root "${DOCKER_REG_ROOT}" stop --time 0 "${DOCKER_REG_NAME}"
fi
# Clean up Podman's registry root state
"$PODMAN" --root "${DOCKER_REG_ROOT}" rm --all --force
"$PODMAN" --root "${DOCKER_REG_ROOT}" rmi --all --force
podman --root "${DOCKER_REG_ROOT}" rm --all --force
podman --root "${DOCKER_REG_ROOT}" rmi --all --force
# Remove Docker registry dir
rm --force --recursive "${DOCKER_REG_ROOT}"
# Remove dir with created registry certificates
@ -242,7 +219,7 @@ function _clean_docker_registry() {
function build_image_without_name() {
echo -e "FROM scratch\n\nLABEL com.github.containers.toolbox=\"true\"" > "$BATS_TEST_TMPDIR"/Containerfile
run "$PODMAN" build "$BATS_TEST_TMPDIR"
run podman build "$BATS_TEST_TMPDIR"
assert_success
assert_line --index 0 --partial "FROM scratch"
@ -332,12 +309,12 @@ function pull_distro_image() {
fi
# No need to copy if the image is already available in Podman
if "$PODMAN" image exists "${image}"; then
if podman image exists "${image}"; then
return 0
fi
# https://github.com/containers/skopeo/issues/547 for the options for containers-storage
run "$SKOPEO" copy "dir:${IMAGE_CACHE_DIR}/${image_archive}" "containers-storage:[overlay@$ROOTLESS_PODMAN_STORE_DIR+$ROOTLESS_PODMAN_STORE_DIR]${image}"
run skopeo copy "dir:${IMAGE_CACHE_DIR}/${image_archive}" "containers-storage:[overlay@$ROOTLESS_PODMAN_STORE_DIR+$ROOTLESS_PODMAN_STORE_DIR]${image}"
# shellcheck disable=SC2154
if [ "$status" -ne 0 ]; then
@ -369,7 +346,7 @@ function pull_default_image_and_copy() {
image="${IMAGES[$distro]}:$version"
# https://github.com/containers/skopeo/issues/547 for the options for containers-storage
run "$SKOPEO" copy \
run skopeo copy \
"containers-storage:[overlay@$ROOTLESS_PODMAN_STORE_DIR+$ROOTLESS_PODMAN_STORE_DIR]$image" \
"containers-storage:[overlay@$ROOTLESS_PODMAN_STORE_DIR+$ROOTLESS_PODMAN_STORE_DIR]$image-copy"
@ -432,7 +409,7 @@ function start_container() {
local container_name
container_name="$1"
"$PODMAN" start "$container_name" >/dev/null \
podman start "$container_name" >/dev/null \
|| fail "Podman couldn't start the container '$container_name'"
}
@ -459,11 +436,11 @@ function container_started() {
local num_of_retries=5
for ((j = 0; j < num_of_retries; j++)); do
run --separate-stderr "$PODMAN" logs "$container_name"
run --separate-stderr podman logs "$container_name"
# shellcheck disable=SC2154
if [ "$status" -ne 0 ]; then
fail "Failed to invoke '$PODMAN logs'"
fail "Failed to invoke 'podman logs'"
ret_val="$status"
break
fi
@ -496,26 +473,26 @@ function stop_container() {
container_name="$1"
# Make sure the container is running before trying to stop it
"$PODMAN" start "$container_name" >/dev/null \
podman start "$container_name" >/dev/null \
|| fail "Podman couldn't start the container '$container_name'"
"$PODMAN" stop "$container_name" >/dev/null \
podman stop "$container_name" >/dev/null \
|| fail "Podman couldn't stop the container '$container_name'"
}
# Returns the name of the latest created container
function get_latest_container_name() {
"$PODMAN" ps --latest --format "{{ .Names }}"
podman ps --latest --format "{{ .Names }}"
}
function list_images() {
"$PODMAN" images --all --format "{{.ID}}" | wc --lines
podman images --all --format "{{.ID}}" | wc --lines
}
function list_containers() {
"$PODMAN" ps --all --quiet | wc --lines
podman ps --all --quiet | wc --lines
}
@ -563,7 +540,10 @@ function get_system_version() (
# shellcheck disable=SC1090
. "$os_release"
echo "$VERSION_ID"
local system_version="$VERSION_ID"
[ "$ID" = "arch" ] && system_version="latest"
echo "$system_version"
)

View File

@ -16,6 +16,8 @@ test_system = files(
'211-dbus.bats',
'220-environment-variables.bats',
'230-cdi.bats',
'250-kerberos.bats',
'270-rpm.bats',
'501-create.bats',
'504-run.bats',
'505-enter.bats',

View File

@ -1,6 +1,6 @@
# shellcheck shell=bash
#
# Copyright © 2021 2024 Red Hat, Inc.
# Copyright © 2021 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -85,6 +85,5 @@ teardown_suite() {
_clean_docker_registry
fi
_clean_cached_images
_clean_temporary_storage
podman system reset --force >/dev/null
}