containers
/
toolbox
mirror of https://github.com/containers/toolbox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: containers:main
Branches Tags
containers:main
containers:wip/jimmac/readme-gif-fixes
containers:show-run-error-info
containers:HarryMichal/issue373
containers:wip/rishi/cjao-185
containers:wip/rishi/remove-group-add
containers:0.2
containers:0.1.2
containers:0.1.1
containers:0.1.0
containers:0.0.99.6
containers:0.0.99.5
containers:0.0.99.4
containers:0.0.99.3
containers:0.0.99.2
containers:0.0.99.1
containers:0.0.99
containers:0.0.98.1
containers:0.0.98
containers:0.0.97
containers:0.0.96
containers:0.0.95
containers:0.0.94
containers:0.0.93
containers:0.0.92
containers:0.0.91
containers:0.0.90
containers:0.0.18
containers:0.0.17
containers:0.0.16
containers:0.0.15
containers:0.0.14
containers:0.0.13
containers:0.0.12
containers:0.0.11
containers:0.0.10
containers:0.0.9
containers:0.0.8
containers:0.0.7
containers:0.0.6
containers:0.0.5
containers:0.0.4
containers:0.0.3
containers:0.0.2
containers:0.0.1
..
compare: containers:0.0.2
Branches Tags
containers:main
containers:wip/jimmac/readme-gif-fixes
containers:show-run-error-info
containers:HarryMichal/issue373
containers:wip/rishi/cjao-185
containers:wip/rishi/remove-group-add
containers:0.2
containers:0.1.2
containers:0.1.1
containers:0.1.0
containers:0.0.99.6
containers:0.0.99.5
containers:0.0.99.4
containers:0.0.99.3
containers:0.0.99.2
containers:0.0.99.1
containers:0.0.99
containers:0.0.98.1
containers:0.0.98
containers:0.0.97
containers:0.0.96
containers:0.0.95
containers:0.0.94
containers:0.0.93
containers:0.0.92
containers:0.0.91
containers:0.0.90
containers:0.0.18
containers:0.0.17
containers:0.0.16
containers:0.0.15
containers:0.0.14
containers:0.0.13
containers:0.0.12
containers:0.0.11
containers:0.0.10
containers:0.0.9
containers:0.0.8
containers:0.0.7
containers:0.0.6
containers:0.0.5
containers:0.0.4
containers:0.0.3
containers:0.0.2
containers:0.0.1

No commits in common. "main" and "0.0.2" have entirely different histories.
main ... 0.0.2

259 changed files with 409 additions and 32221 deletions
Show Stats Expand all files Collapse all files

16
.codespellexcludefile
View File

@ -1,16 +0,0 @@
usr_mount_destination_flags="ro"
toolbox_profile_bind="--volume /etc/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
toolbox_profile_bind="--volume /usr/share/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
if echo "$usr_mount_source_flags" | grep --invert-match "ro" >/dev/null 2>&3; then
--volume "$TOOLBOX_PATH":/usr/bin/toolbox:ro \
if ! mount_bind /run/host/etc/machine-id /etc/machine-id ro; then
if ! mount_bind /run/host/var/lib/flatpak /var/lib/flatpak ro; then
if ! mount_bind /run/host/var/log/journal /var/log/journal ro; then
if strings.Contains(command.Name(), "complet") {
toolboxPathMountArg := toolboxPath + ":/usr/bin/toolbox:ro"
toolboxShMountArg := mount.source + ":" + mount.containerPath + ":ro"
{"/etc/machine-id", "/run/host/etc/machine-id", "ro"},
{"/var/lib/flatpak", "/run/host/var/lib/flatpak", "ro"},
{"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", "ro"},
{"/var/log/journal", "/run/host/var/log/journal", "ro"},
" \"ro\"," +

11
.github/CODEOWNERS vendored
View File

@ -1,11 +0,0 @@
* @HarryMichal @debarshiray
/.github/workflows/arch-images.yaml @Foxboron
/.github/workflows/arch-images-pr.yaml @Foxboron
/.github/workflows/ubuntu-images.yaml @Jmennius
/.github/workflows/ubuntu-tests.yaml @Jmennius
/data/gfx/*.gif @jimmac
/images/arch @Foxboron
/images/rhel @debarshiray @olivergs
/images/ubuntu @Jmennius
/src/pkg/utils/arch.go @Foxboron
/src/pkg/utils/ubuntu.go @Jmennius

54
.github/ISSUE_TEMPLATE/bug-report.md vendored
View File

@ -1,54 +0,0 @@
---
name: Bug report
about: Toolbx's bug report template
title: ''
labels: 1. Bug
assignees: ''
---
**Describe the bug**
A clear and concise description of *what the bug is*. If possible, re-run the command(s) with `--log-level debug` and put the output here.
**Steps how to reproduce the behaviour**
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behaviour**
A clear and concise description of what you *expected to happen*.
**Actual behaviour**
A clear and concise description of what *actually happened*.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Output of `toolbox --version` (v0.0.90+)**
e.g., `toolbox version 0.0.90`
**Toolbx package info (`rpm -q toolbox`)**
e.g., `toolbox-0.0.18-2.fc32.noarch`
**Output of `podman version`**
e.g.,
```
Version: 1.9.2
RemoteAPI Version: 1
Go Version: go1.14.2
OS/Arch: linux/amd64
```
**Podman package info (`rpm -q podman`)**
e.g., `podman-1.9.2-1.fc32.x86_64`
**Info about your OS**
e.g., Fedora Silverblue 32
**Additional context**
Add any other context about the problem here.
When did the issue start occurring? After an update (what packages were updated)?
If the issue is about operating with containers/images (creating, using, deleting,..), share here what image you used. If you're unsure, share here the output of `toolbox list -i` (shows all Toolbx images on your system).
If you see an error message saying: `Error: invalid entry point PID of container <name-of-container>`, add to the ticket output of command `podman start --attach <name-of-container>`.

20
.github/ISSUE_TEMPLATE/feature-request.md vendored
View File

@ -1,20 +0,0 @@
---
name: Feature request
about: Toolbx's feature request template
title: ''
labels: 1. Feature request
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here. If a different tool has the functionality you're requesting, share it here.

64
.github/workflows/arch-images.yaml vendored
View File

@ -1,64 +0,0 @@
name: "Arch Linux: Build and push arch-toolbox image"
permissions: read-all
on:
pull_request:
branches:
- main
paths:
- images/arch/**
- .github/workflows/arch-images.yaml
push:
branches:
- main
paths:
- images/arch/**
- .github/workflows/arch-images.yaml
schedule:
- cron: '0 0 * * MON'
env:
distro: 'arch'
platforms: 'linux/amd64'
registry: 'quay.io/toolbx'
username: 'toolbx+github'
# Prevent multiple workflow runs from racing to ensure that pushes are made
# sequentially for the main branch. Also cancel in progress workflow runs for
# pull requests only.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
build-push-images:
name: Build and push the arch-toolbox image
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build container image (latest tag)
uses: redhat-actions/buildah-build@v2
if: env.latest_release == matrix.release
with:
platforms: ${{ env.platforms }}
context: images/${{ env.distro }}
image: ${{ env.distro }}-toolbox
tags: latest
containerfiles: images/${{ env.distro }}/Containerfile
layers: false
oci: true
- name: Push to Container Registry (latest tag)
uses: redhat-actions/push-to-registry@v2
id: push-latest
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
with:
username: ${{ env.username }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: latest

97
.github/workflows/ubuntu-images.yaml vendored
View File

@ -1,97 +0,0 @@
name: "Ubuntu: Build and push ubuntu-toolbox images"
permissions: read-all
on:
pull_request:
branches:
- main
paths:
- images/ubuntu/**
- .github/workflows/ubuntu-images.yaml
push:
branches:
- main
paths:
- images/ubuntu/**
- .github/workflows/ubuntu-images.yaml
schedule:
- cron: '0 0 * * MON'
env:
distro: 'ubuntu'
latest_release: '24.04'
platforms: 'linux/amd64, linux/arm64'
registry: 'quay.io/toolbx'
username: 'toolbx+github'
# Prevent multiple workflow runs from racing to ensure that pushes are made
# sequentially for the main branch. Also cancel in progress workflow runs for
# pull requests only.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
build-push-images:
strategy:
matrix:
release: ['18.04', '20.04', '22.04', '24.04', '24.10', '25.04']
fail-fast: false
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU for multi-arch builds
shell: bash
run: |
sudo apt update
sudo apt install qemu-user-static
- name: Build container image
uses: redhat-actions/buildah-build@v2
if: env.latest_release != matrix.release
with:
platforms: ${{ env.platforms }}
context: images/${{ env.distro }}/${{ matrix.release }}
image: ${{ env.distro }}-toolbox
tags: ${{ matrix.release }}
containerfiles: images/${{ env.distro }}/${{ matrix.release }}/Containerfile
layers: false
oci: true
- name: Build container image (latest tag)
uses: redhat-actions/buildah-build@v2
if: env.latest_release == matrix.release
with:
platforms: ${{ env.platforms }}
context: images/${{ env.distro }}/${{ matrix.release }}
image: ${{ env.distro }}-toolbox
tags: ${{ matrix.release }} latest
containerfiles: images/${{ env.distro }}/${{ matrix.release }}/Containerfile
layers: false
oci: true
- name: Push to Container Registry
uses: redhat-actions/push-to-registry@v2
id: push
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
with:
username: ${{ env.username }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: ${{ matrix.release }}
- name: Push to Container Registry (latest tag)
uses: redhat-actions/push-to-registry@v2
id: push-latest
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
with:
username: ${{ env.username }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: ${{ matrix.release }} latest

175
.github/workflows/ubuntu-tests.yaml vendored
View File

@ -1,175 +0,0 @@
#
# Copyright © 2023 2025 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: ubuntu-tests
on:
pull_request:
branches:
- main
schedule:
- cron: '0 0 * * *'
jobs:
ubuntu-jammy-tests:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: containers/toolbox
submodules: true
- name: Install deb packages
run: |
sudo apt-get update
sudo apt-get install \
apache2-utils \
bash-completion \
codespell \
fish \
flatpak \
gcc \
go-md2man \
golang-1.22 \
meson \
ninja-build \
openssl \
podman \
shellcheck \
skopeo \
systemd \
udisks2
- name: Ensure that 'p11-kit server' is absent
run: sudo rm /usr/libexec/p11-kit/p11-kit-server
- name: Set up PATH for Go 1.22
run: |
echo "PATH=/usr/lib/go-1.22/bin:$PATH" >> "$GITHUB_ENV"
- name: Checkout Bats
uses: actions/checkout@v4
with:
path: bats-core/bats-core
ref: v1.10.0
repository: bats-core/bats-core.git
submodules: true
- name: Install deb packages for Bats
run: |
sudo apt-get update
sudo apt-get install \
bash \
parallel
- name: Install Bats
run: sudo ./install.sh /usr/local
working-directory: bats-core/bats-core
- name: Checkout shadow
uses: actions/checkout@v4
with:
path: shadow-maint/shadow
ref: 4.13
repository: shadow-maint/shadow.git
submodules: true
- name: Install deb packages for shadow
run: |
sudo apt-get update
sudo apt-get install \
autoconf \
autopoint \
gettext \
libaudit-dev \
libcrypt-dev \
libpam0g-dev \
libselinux1-dev \
libsemanage-dev
- name: Set up build directory for shadow
run: |
autoreconf --force --install --verbose
./configure \
--disable-account-tools-setuid \
--disable-silent-rules \
--with-audit \
--with-libpam \
--with-selinux \
--with-yescrypt \
--without-acl \
--without-attr \
--without-su \
--without-tcb \
SHELL=/bin/sh
working-directory: shadow-maint/shadow
- name: Build shadow
run: make
working-directory: shadow-maint/shadow
- name: Install shadow
run: sudo make install
working-directory: shadow-maint/shadow
- name: Download Go modules
run: go mod download -x
working-directory: containers/toolbox/src
- name: Set up build directory
run: meson setup builddir
working-directory: containers/toolbox
- name: Build
run: meson compile -C builddir --verbose
working-directory: containers/toolbox
- name: Install
run: sudo meson install -C builddir
working-directory: containers/toolbox
- name: Unit tests
run: meson test -C builddir --verbose
working-directory: containers/toolbox
- name: System tests
run: |
bats --timing \
test/system/001-version.bats \
test/system/002-help.bats \
test/system/101-create.bats \
test/system/102-list.bats \
test/system/103-container.bats \
test/system/105-enter.bats \
test/system/106-rm.bats \
test/system/107-rmi.bats \
test/system/108-completion.bats \
test/system/201-ipc.bats \
test/system/203-network.bats \
test/system/210-ulimit.bats \
test/system/220-environment-variables.bats \
test/system/230-cdi.bats \
test/system/250-kerberos.bats \
test/system/270-rpm.bats \
test/system/501-create.bats \
test/system/505-enter.bats
env:
SHELL: /bin/bash
TMPDIR: /var/tmp
TOOLBX: /usr/local/bin/toolbox
working-directory: containers/toolbox

1
.gitignore vendored
View File

@ -1 +0,0 @@
src/toolbox

6
.gitmodules vendored
View File

@ -1,6 +0,0 @@
[submodule "test/system/libs/bats-support"]
path = test/system/libs/bats-support
url = https://github.com/bats-core/bats-support.git
[submodule "test/system/libs/bats-assert"]
path = test/system/libs/bats-assert
url = https://github.com/bats-core/bats-assert.git

3
.mailmap
View File

@ -1,3 +0,0 @@
<rishi@fedoraproject.org> <debarshir@gnome.org>
Mario Sebastian Chacon <the.masch@gmail.com>
Ondřej Míchal <harrymichal@seznam.cz>

189
.zuul.yaml
View File

@ -1,189 +0,0 @@
#
# Copyright © 2020 2024 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
- job:
name: unit-test
description: Run Toolbx's unit tests declared in Meson
timeout: 1800
nodeset:
nodes:
- name: fedora-rawhide
label: cloud-fedora-rawhide
pre-run: playbooks/setup-env.yaml
run: playbooks/unit-test.yaml
- job:
name: unit-test-migration-path-for-coreos-toolbox
description: Run Toolbx's unit tests declared in Meson when built with -Dmigration_path_for_coreos_toolbox
timeout: 600
nodeset:
nodes:
- name: centos-9-stream
label: cloud-centos-9-stream
pre-run: playbooks/setup-env-migration-path-for-coreos-toolbox.yaml
run: playbooks/unit-test.yaml
- job:
name: unit-test-restricted
description: Run Toolbx's unit tests declared in Meson in a restricted build environment
timeout: 1800
nodeset:
nodes:
- name: fedora-rawhide
label: cloud-fedora-rawhide
pre-run: playbooks/setup-env-restricted.yaml
run: playbooks/unit-test.yaml
- job:
name: system-test-fedora-rawhide-commands-options
description: Run Toolbx's commands-options system tests in Fedora Rawhide
timeout: 7200
nodeset:
nodes:
- name: fedora-rawhide
label: cloud-fedora-rawhide
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-rawhide-runtime-environment-arch-fedora
description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora Rawhide
timeout: 7200
nodeset:
nodes:
- name: fedora-rawhide
label: cloud-fedora-rawhide
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-arch-fedora.yaml
- job:
name: system-test-fedora-rawhide-runtime-environment-ubuntu
description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora Rawhide
timeout: 7200
nodeset:
nodes:
- name: fedora-rawhide
label: cloud-fedora-rawhide
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-ubuntu.yaml
- job:
name: system-test-fedora-42-commands-options
description: Run Toolbx's commands-options system tests in Fedora 42
timeout: 6300
nodeset:
nodes:
- name: fedora-42
label: cloud-fedora-42
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-42-runtime-environment-arch-fedora
description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora 42
timeout: 6300
nodeset:
nodes:
- name: fedora-42
label: cloud-fedora-42
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-arch-fedora.yaml
- job:
name: system-test-fedora-42-runtime-environment-ubuntu
description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora 42
timeout: 6300
nodeset:
nodes:
- name: fedora-42
label: cloud-fedora-42
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-ubuntu.yaml
- job:
name: system-test-fedora-41-commands-options
description: Run Toolbx's commands-options system tests in Fedora 41
timeout: 6300
nodeset:
nodes:
- name: fedora-41
label: cloud-fedora-41
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-commands-options.yaml
- job:
name: system-test-fedora-41-runtime-environment-arch-fedora
description: Run Toolbx's (arch-fedora,runtime-environment) system tests in Fedora 41
timeout: 6300
nodeset:
nodes:
- name: fedora-41
label: cloud-fedora-41
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-arch-fedora.yaml
- job:
name: system-test-fedora-41-runtime-environment-ubuntu
description: Run Toolbx's (runtime-environment,ubuntu) system tests in Fedora 41
timeout: 6300
nodeset:
nodes:
- name: fedora-41
label: cloud-fedora-41
pre-run: playbooks/setup-env.yaml
run: playbooks/system-test-runtime-environment-ubuntu.yaml
- project:
periodic:
jobs:
- system-test-fedora-rawhide-commands-options
- system-test-fedora-rawhide-runtime-environment-arch-fedora
- system-test-fedora-rawhide-runtime-environment-ubuntu
- system-test-fedora-42-commands-options
- system-test-fedora-42-runtime-environment-arch-fedora
- system-test-fedora-42-runtime-environment-ubuntu
- system-test-fedora-41-commands-options
- system-test-fedora-41-runtime-environment-arch-fedora
- system-test-fedora-41-runtime-environment-ubuntu
check:
jobs:
- unit-test
- unit-test-migration-path-for-coreos-toolbox
- unit-test-restricted
- system-test-fedora-rawhide-commands-options
- system-test-fedora-rawhide-runtime-environment-arch-fedora
- system-test-fedora-rawhide-runtime-environment-ubuntu
- system-test-fedora-42-commands-options
- system-test-fedora-42-runtime-environment-arch-fedora
- system-test-fedora-42-runtime-environment-ubuntu
- system-test-fedora-41-commands-options
- system-test-fedora-41-runtime-environment-arch-fedora
- system-test-fedora-41-runtime-environment-ubuntu
gate:
jobs:
- unit-test
- unit-test-migration-path-for-coreos-toolbox
- unit-test-restricted
- system-test-fedora-rawhide-commands-options
- system-test-fedora-rawhide-runtime-environment-arch-fedora
- system-test-fedora-rawhide-runtime-environment-ubuntu
- system-test-fedora-42-commands-options
- system-test-fedora-42-runtime-environment-arch-fedora
- system-test-fedora-42-runtime-environment-ubuntu
- system-test-fedora-41-commands-options
- system-test-fedora-41-runtime-environment-arch-fedora
- system-test-fedora-41-runtime-environment-ubuntu

3
CODE-OF-CONDUCT.md
View File

@ -1,3 +0,0 @@
## The Toolbx Project Community Code of Conduct
The Toolbx project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md).

164
CONTRIBUTING.md
View File

@ -1,164 +0,0 @@
![Contributing](data/gfx/CONTRIBUTING.gif)
# Contributing to Toolbx
Thank you for wanting to contribute to Toolbx! We greatly appreciate your
interest!
# Reporting Bugs
## Before Submitting a Bug Report
- Check if your issue is already reported in our [bug tracker](https://github.com/containers/toolbox/issues)
- If the issue is already reported and is marked as **OPEN**, comment on it
and if possible and needed, share info about the issue just as if you were
submitting a new issue
- If the issue is marked as **CLOSED**, check if your version of Toolbx is
up-to-date or if there are some steps, described in the closed issue, that
you should follow. If you are still experiencing the issue, please file a
new issue
- See our [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/)
if there are some steps that could help you solve your issue
- Sometimes a bug is not reported in our bug tracker but instead people ask for
help somewhere else (e.g., chat channels). In such cases we'd like you to still report the bug and
share with us any info that could be gathered from those places
## Writing a Bug Report
Writing good bug reports is a nice way to make the job of the maintainers and
other contributors a bit easier.
When writing a bug report:
- **Use a clear and descriptive title**
- **Describe the problem** - Can you reproduce the bug reliably? What first
triggered the problem? Did it start happening after upgrading your system?
- **Provide steps how to reproduce** - It's easier for us to fix a bug if we can
reproduce it.
- **Describe the behavior you received and what you expected** - Sometimes it
may not be clear what the *right* behavior should look like.
- **Provide info about the version of used software** - What version of Toolbx
and Podman do you use?
- **Provide info about your system** - What distribution do you use? Which
desktop environment? Is it a VM or a real machine?
# Making Suggestions
Toolbx is not feature-complete and some of it's functionality is not-there-yet.
We are thankful for all suggestions and ideas but be ready that your suggestion
may be rejected.
## Before Submitting a Suggestion
- Check if your suggestion has not already been made in our [bug tracker](https://github.com/containers/toolbox/issues)
- If it has and is marked as **OPEN**, go ahead and share your own thoughts
about the topic!
- If it has and is marked as **CLOSED**, please read the ticket and depending
on whether the suggestion was accepted or not consider if it is worth
opening a new issue or not.
- Consider if the suggestion is not too out of scope of the project.
## Writing a Suggestion
When writing a suggestion:
- **Use a clear and descriptive title**
- **Describe the idea** - What parts of Toolbx does it affect? Is it a major
functionality or a minor tweak?
- **Provide step-by-step description of the suggested behavior** so that we
will understand.
- **Explain why would this idea be useful** - It sounds good to have a lot of
options but sometimes less is more. See this [article](https://ometer.com/preferences.html).
# First Contribution
Toolbx is written in [Go](https://golang.org) and uses [Meson](https://mesonbuild.com)
as it's buildsystem.
Instructions for building Toolbx from source are in our [README](https://github.com/containers/toolbox/blob/main/README.md).
> You may not need to build the project from source if your contribution is not
> related to the code of Toolbx itself (e.g., documentation, updating CI
> config, playing with image definitions,...).
Here are some ideas of what you could contribute with:
- Check our [bug tracker](https://github.com/containers/toolbox/issues)
and look for tickets marked with labels `good-first-issue` or `help-wanted`.
- Write tests - Go has [tools](https://golang.org/pkg/testing/) for writing tests.
There are also [some](https://github.com/stretchr/testify) [libraries](https://github.com/onsi/ginkgo)
used for creating even more sophisticated tests.
- Play with custom images - Toolbx currently officially works with Fedora-based
images. Ultimately there should be a wide variety of supported distro images.
You can help with testing other people's image definitions or creating your
own. **Beware**, maintainers still don't have a clear idea of how the image
infrastructure should look like.
- Write documentation - Some functions in Toolbx's code don't have comments and
it's not very clear what they do. Toolbx has it's [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/)
hosted by Fedora. It's not very large and could use some attention.
- Hack on the code and share the result - Seriously! Sometimes random ideas are
the best.
Toolbx currently does not have an infrastructure for translations. You can help
us to set it up!
# Pull Requests
All pull requests are welcome! Features, bug fixes, fixing of typos, tests,
documentation, code comments and much more.
## Creating a Pull Request
- Document well your changes - This applies to the description of your PR and to
your commit messages.
- If possible add additional test cases - If there are no tests for the part of
code you're contributing to, consider opening another PR if you want to
implement it yourself or file an issue so that somebody else can pick it up.
- Update documentation to reflect your changes - Manual pages can be found in
directory `doc`. If your changes affect Toolbx's [documentation](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/),
consider creating a PR there (but to save yourself time, you can do it
after your changes are accepted), too.
- After creating a PR add to the bottom of all your commits a link to the PR. This helps the future maintainers find discussions around the changes.
## After Creating a Pull Request
It may take the us some time to review your changes and sometimes even longer to
actually merge them. Please, don't interpret this as an act of not appreciating
your efforts! We really appreciate them! Sometimes we may be stuck in different
parts of our lives.
If it takes us a very long time to even respond to your Pull Request, you can
try to @ping us at our communication channels (see section #Communication).
##
Toolbx has a CI (Continuous Integration) setup for running tests. Their goal is to check if your
changes don't affect adversely Toolbx's functionality. Sometimes these tests
mail fail with a false-positive. If you are not sure about the outcome of the
tests, you can try to trigger a new test run by writing a comment with text `recheck` (really just that). If the issue persists, reach out to the maintainers!
Toolbx's CI system is [Zuul](https://zuul-ci.org/) hosted at [softwarefactory](https://softwarefactory-project.io/). The CI is defined using [Ansible](https://www.ansible.com) playbooks. For more information on writing Zuul jobs see their [documentation](https://zuul-ci.org/docs/zuul/reference/user.html).
# Little Style Guide
Toolbx is written in [Go](https://golang.org) and uses its default set of tools
including `gofmt` and `golint`.
Here are some good materials to learn from about the way how to write nice and
idiomatic code in Go:
- [A Tour of Go](https://tour.golang.org/welcome)
- [How To Write Go Code](https://golang.org/doc/code.html)
- [Effective Go](https://golang.org/doc/effective_go.html)
Overall, the [Go Blog](https://blog.golang.org/) is a good place to learn more
about Go.
If you are using Visual Studio Code, there are [plugins](https://marketplace.visualstudio.com/items?itemName=golang.Go)
that include all this functionality and throw a warning if you're doing
something wrong.
# Communication
The Toolbx team hangs-out at a dedicated Matrix channel: [#toolbx:matrix.org](https://matrix.to/#/#toolbx:matrix.org).
For Fedora-specific discussions you can visit their [wiki](https://docs.fedoraproject.org/en-US/project/join/) to learn about the means to contact the community.

66
GOALS.md
View File

@ -1,66 +0,0 @@
<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
## Goals
### High Level Goals
- Provide a convenient command line interface to run containers using
[Podman](https://podman.io/)
- Support for development, debugging and system management use cases
- Support for multiple distros
- `toolbox` package in multiple distros
- `toolbox` containers for multiple distros
### Non-goals
- Supporting multiple container runtimes. Toolbx will use Podman exclusively
- Adding significant features on top of Podman
- Significant feature requests should be driven into Podman upstream
- To run containers that aren't tightly integrated with the host
- Extremely sandboxed containers quickly become specific to the user
### Developer Use Cases
- Im a developer hacking on source code and building/testing code
- Most cases: user doesn't need root, rootless containers work fine
- Some cases: user needs root for testing
- Desktop Development:
- Developers need things like D-Bus, display, etc. to be forwarded into the
Toolbx container
- Headless Development:
- Toolbx works properly in headless environments (no display, etc)
- Need development tools like GDB, strace, etc. to work
### Debugging and System Management Use Cases
- Inspecting host processes and the kernel
- Typically need root access
- Need bpftrace, strace on host processes to work
- Ideally even do things like helping get kernel-debuginfo data for the
host kernel
- Managing system services
- `systemctl restart foo.service`
- journalctl
- Managing updates to the host
- rpm-ostree
- dnf/yum (classic systems)
### Specific environments
- Fedora Silverblue
- Silverblue comes with a subset of packages and discourages host software
changes
- Users need a Toolbx container as a working environment
- Future: use Toolbx container by default when a user opens a shell
- Fedora CoreOS
- Similar to Silverblue, but non-graphical and smaller package set
- RHEL CoreOS
- Similar to Fedora CoreOS. Based on RHEL content and the underlying
operating system for OpenShift
- Need to [use default authfile on pull](https://github.com/coreos/toolbox/pull/58/commits/413f83f7240d3c31121b557bfd55e489fad24489)
- Need to ensure compatibility with the rhel7/support-tools container
- Currently not a Toolbx image, opportunity for collaboration
- Alignment with `oc debug node/` (OpenShift)
- `oc debug node` opens a shell on a kubernetes node
- Value in having a consistent environment for both Toolbx's debugging
mode and `oc debug node`

104
NEWS
View File

@ -1,104 +1,22 @@
0.2
===
Overview of changes in 0.0.2
============================
### Security fixes
* Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for
GHSA-fv92-fjc5-jj9h or GO-2025-3787
* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.17.8 for CVE-2025-23266 and CVE-2025-23267
### Bug fixes
* Improved error handling when creating symbolic links inside the container
to initialize it
* Preserved environment variables set by a KDE session and Konsole
* Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2)
* Unbroke overriding the HOME variable (regression in 0.0.90)
### Dependencies
* Bumped the minimum Go version to 1.22
### Tests
* Enabled the runtime environment tests for the Container Device Interface
specification and resource limits on Ubuntu 22.04
* Isolated the host's HOME from the system tests
* Unbroke the missing subordinate ID ranges (regression in Fedora Rawhide)
* Unbroke the 'toolbox run /etc' tests with Bash >= 5.3 (regression in Fedora
Rawhide)
* Allow an 'F' or 'f' prefix when specifying the release
* Avoid a Bash-ism (ie. ==) and stick to POSIX (ie. =)
* Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
* Give access to the system D-Bus instance
* Make shm_open work
0.1.2
=====
Overview of changes in 0.0.1
============================
### Security fixes
* Bumped the minimum github.com/briandowns/spinner version to 1.23.2 for
CVE-2022-29526 or GHSA-p782-xgp4-8hr8, and other bug fixes
* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.17.4 for CVE-2024-0134 or GHSA-7jm9-xpwx-v999, CVE-2024-0135 or
GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA-vcfp-63cx-4h59, CVE-2024-0137 or
GHSA-frhw-w3wm-6cw4, and CVE-2025-23359 or GHSA-4hmh-pm5p-9j7j
### Enhancements
* Added ubuntu-toolbox image definitions for Ubuntu 25.04
* Gave access to the CA certificates from the host operating system — requires
new Toolbx images and 'p11-kit server' on the host. Note that the UBI-based
images for RHEL haven't yet been updated, and this feature is currently
disabled for those containers.
### Bug fixes
* Optimized getting the runtime directory
* Replaced links to the code repository with the website
* Updated fallback release to 42 for non-fedora hosts
### Dependencies
* Added a new weak dependency on 'p11-kit server'
* Bumped the minimum github.com/NVIDIA/go-nvlib version to 0.7.1
* Bumped the minimum github.com/spf13/viper version to 1.20.1 to reduce the
number of indirect dependencies
* Bumped the minimum github.com/stretchr/testify version to 1.10.0
* Bumped the minimum Go version to 1.21
### Tests
* Added runtime environment tests for the Kerberos and RPM configuration
* Added unit tests for utils.PathExists()
* Enabled the commands and options tests for 'list' on Arch and Ubuntu 22.04
* Enabled the system tests for 'create' and networking on Arch Linux
* Isolated the storage directory from the host's XDG_CACHE_HOME or HOME —
bumped the minimum Linux kernel version to 6.6
* Made the the commands and options tests for 'create' stricter
* Optimized the runtime environment tests by avoiding a lot of disk I/O
* Restored the generation and installation of the Bash completions on the CI
(regression from Fedora 41)
0.1.1
=====
### Security fixes
* Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.16.2 for CVE-2024-0132 or GHSA-mjjw-553x-87pq, and CVE-2024-0133 or
GHSA-f748-7hpg-88ch
### Bug fixes
* Unbroke 'enter' if the NVIDIA Persistence Daemon is used (regression in
0.0.99.6)
* Unbroke 'enter' if the proprietary NVIDIA driver is installed, but not used
(regression in 0.0.99.6)
* First preview release
----
Copyright © 2024 2025 Red Hat, Inc.
Copyright © 2018 Red Hat, Inc.
All rights reserved.
Copying and distribution of this file, with or without modification,

594
NEWS.old
View File

@ -1,594 +0,0 @@
Overview of changes in 0.1.0
============================
* Add ubuntu-toolbox image definitions for Ubuntu 24.10
* Optimize the CI on stable Fedora nodes
* Stop updating the ubuntu-toolbox images for Ubuntu 16.04 and 18.04
* Stop using slirp4netns(1) in the system tests
* Unbreak the downstream Fedora CI
* Unbreak the ubuntu-toolbox image build for Ubuntu 24.04
* Update fallback release to 40 for non-fedora hosts
Overview of changes in 0.0.99.6
===============================
* Add all the iconv converter modules for glibc to the fedora-toolbox images
* Add an extra space after the ⬢ in the PS1
* Add cracklib-dicts to the fedora-toolbox images
* Add logos to the Arch Linux and Fedora badges, and a badge for the Ubuntu
package
* Add manual pages and pacman progress bars to the arch-toolbox image
* Add toolbox image definitions for RHELs 8.8, 8.9, 9.2 and 9.3
* Add translations for gawk to the fedora-toolbox images
* Add ubuntu-toolbox image definitions for Ubuntu 24.04
* Avoid running out of storage space when running the system tests on the CI
* Bump the minimum github.com/briandowns/spinner version to 1.18.0
* Depend on github.com/go-logfmt/logfmt version 0.5.0
* Depend on github.com/NVIDIA/go-nvlib version 0.6.1
* Depend on github.com/NVIDIA/nvidia-container-toolkit version 1.16.1
* Don't unmarshal the 'podman ps' JSON twice
* Don't use use auto dependencies for shell completion scripts
* Drop one "o" and rename the project as "Toolbx"
* Enable more tests on Ubuntu 22.04 by setting the SHELL environment variable
* Enable the proprietary NVIDIA driver
* Exclude the meson.build files when installing the system tests
* Fix pacman cache removal in the arch-toolbox image
* Let 'create' use an image without a name
* Let the terminal know the active container on all host operating systems,
and not just Fedora Silverblue and Workstation
* Limit the scope of temporary files used by the system tests
* Optimize 'enter' and 'run' for both an already running container and a
container getting initialized
* Optimize the CI on Fedora nodes
* Optimize the resource limits tests
* Preserve the Konsole and xterm versions
* Require --assumeyes to pull an image when not connected to a terminal
* Retain errors from toolbox(1) without --verbose when forwarding to host
* Retain exit codes from toolbox(1) when forwarding to host
* Show the entry point's debug logs & errors in 'enter' and 'run'
* Support 64-bit LoongArch
* Synchronize the documentation with the website
* Unbreak Podman's downstream Fedora CI
* Use Buildah and Podman to build and test the arch-toolbox and ubuntu-toolbox
images
* Use the same linker flags as NVIDIA Container Toolkit, and '-z now' is
unsupported
* Work around bug in pasta(1) networks in the system tests
Overview of changes in 0.0.99.5
===============================
* Add psmisc to the fedora-toolbox images
* Add several new system and unit tests, and make the existing ones stricter
* Add workaround to support configuring the user's password on some Active
Directory set-ups
* Be aware of security hardened mount points marked with 'nosuid,nodev,noexec'
* Bump the minimum Bats version to 1.7.0 to simplify running a subset of the
system tests and fix various warnings
* Bump the minimum Go requirement to 1.20
* Bump the minimum github.com/docker/go-units version to 0.5.0
* Bump the minimum golang.org/x/sys version to 0.1.0 for CVE-2022-29526 or
GHSA-p782-xgp4-8hr8
* Bump the minimum golang.org/x/text version to 0.3.8 for CVE-2022-32149 or
GHSA-69ch-w2m2-3vjp
* Bump the minimum gopkg.in/yaml.v3 version to 3.0.0 for CVE-2022-28948 or
GHSA-hp87-p4gw-j4gq
* Deprecate the --monitor-host option of 'init-container'
* Don't leak the NAME and VERSION environment variables into containers made
from the fedora-toolbox images
* Drop golang.org/x/term as a dependency
* Ensure that Toolbx containers start even if there aren't sufficient resources
for inotify(7)
* Ensure that the fedora-toolbox images retain documentation and translations
* Ensure that toolbox(1) can be built without using podman(1) and validating
subordinate IDs
* Fix DNS queries in Toolbx containers made from images with systemd-resolved,
when running on hosts that don't use it
* Handle space-separated input when asking for confirmation
* Let the terminal know the active container also on Fedora Linux Asahi Remix
* Offer built-in support for Arch Linux
* Offer built-in support for Ubuntu
* Preserve the host's environment variables for Bash's history facility inside
Toolbx containers
* Rely on podman >= 1.6.4 always being present
* Report the size of the image that will be downloaded from a registry
* Show welcome message on Fedora Sericea
* Support 64-bit RISC-V
* Update fallback release to 38 for non-fedora hosts
* Unbreak the line count checks with Bats >= 1.10.0
* Unbreak the manual page checks with GNU roff >= 1.23
* Various updates to the documentation and manuals
Overview of changes in 0.0.99.4
===============================
* Add an --authfile option to 'create'
* Add a --preserve-fds option to 'run'
* Add a test that runs codespell
* Add fedora-toolbox image definition for Fedoras 37, 38 and 39
* Add several new system tests and make the existing ones stricter
* Avoid unexpected DNF behaviour with reinstalling or swapping RPMs when
building the fedora-toolbox images
* Be more strict when looking for a C compiler for building
* Call 'systemd-tmpfiles --create' when installing
* Check if subordinate ID ranges are present for also the UID, and not just
the username
* Document the toolbox.conf configuration file
* Don't create a nested pseudo-terminal device during 'run' if the standard
input and output streams are not connected to a terminal
* Don't leak ID and VARIANT_ID into the shell
* Don't unmarshal the 'podman images' JSON twice
* Enable OpenGL and Vulkan for hardware with free drivers on the
fedora-toolbox images
* Enable running non-nested display servers from a virtual terminal
* Enforce all the default 'go vet' checks on all Go sources
* Enforce gofmt on all Go sources
* Ensure that the 'distro' option is valid, instead of silently falling back
to Fedora
* Ensure that 'run' has the same container environment as 'enter'
* Ensure that the fedora-toolbox images has all the locales known to glibc,
and not just C, POSIX and C.UTF-8
* Exit 'run' with exit code of invoked command
* Fix the titles of the manuals
* Give precedence to /etc/os-release over /usr/lib/os-release in
/etc/profile.d/toolbox.sh
* Hide the Fedora-specific welcome banner on non-Fedora containers
* Improve the error messages if the 'distro' and 'release' options are invalid
* Improve the error messages for mutually exclusive options
* Improve the default image used for RHEL Toolbx containers to offer an
interactive command line experience similar to that on RHEL Workstation
* Make /etc/profile.d/toolbox.sh compatible with Z shell again
* Make sd_booted(3) work inside Toolbx containers
* Preserve the host's XDG_SESSION_CLASS environment variable inside Toolbx
containers
* Replace github.com/mattn/go-isatty and the deprecated
golang.org/x/crypto/ssh/terminal API with golang.org/x/term
* Replace jwhois with whois in the fedora-toolbox images for Fedora >= 37
* Replace the hand-written shell completion for Bash with ones generated by
Cobra that cover fish and Z shell too
* Restore more documentation removed from the base Fedora images
* Run unit tests with -Dmigration_path_for_coreos_toolbox on CentOS Stream 9 as
part of the CI
* Silence warning when running the system tests with Bats >= 1.7.0
* Support RHEL 9 Toolbx containers
* Support subordinate user and group ID ranges on enterprise set-ups
* Unbreak sorting and clearly identify copied images in 'list'
* Update fallback release to 37 for non-fedora hosts
* Update the Go dependencies with 'go get -u'
* Various updates to the documentation and manuals
* Work around Cobra 1.1.2's handling of usage functions
Overview of changes in 0.0.99.3
===============================
* Add bc and iproute to the fedora-toolbox images
* Add fedora-toolbox image definition for Fedoras 35 and 36
* Add support for configuration files
* Add optional migration paths for coreos/toolbox users
* Allow overriding the path to tmpfilesdir
* Avoid RPM failures due to unexpected file owners
* Bump minimum Meson version to 0.58.0
* Ensure that binaries are run against their build-time ABI
* Expose the host's entire / in the container at /run/host
* Fix the PS1 on Z shell
* Fix wrong use of regexp.MatchString
* Give access to PC/SC smart card daemon
* Make locate(1) opt-in by default
* Make the test suite non-destructive
* Mention that private images require 'podman login'
* Remove misleading and redundant CMD from the fedora-toolbox images
* Remove the deprecated com.github.debarshiray.toolbox label from the
fedora-toolbox images, and when creating a new container
* Replace outdated logos with pixels
* Show basic help when man(1) is not available
* Show welcome message on Fedora Kinoite
* Test ImageReferenceCanBeID and ParseRelease
* Unbreak 'enter' if the shell had exited with 127
* Various additions and improvements to the test suite
* Various updates to the documentation and manuals
Overview of changes in 0.0.99.2
===============================
* Add nano-default-editor to the fedora-toolbox images
* Add unit tests for pkg/shell
* Connect Go unit tests to Meson & rename CI job
* Decouple image caching from Zuul for the system tests
* Don't assume that the user's GID is the same as the UID
* Don't require /etc/machine-id in toolbox images
* Drop ShellCheck on Shell Toolbox
* Give access to systemd-resolved's Varlink socket
* Optimize 'enter' and 'run' in the non-fallback case
* Optimize the performance of 'list'
* Properly separate builddir setup & build in the Ansible playbooks
* Rename Dockerfile to Containerfile for the fedora-toolbox images
* Show test execution time for the system tests
* Support listing images without names
* Unbreak 'create' on an unlocked OSTree deployment
* Unbreak 'create' on CoreOS with read-only /boot
* Update default release to 33 for non-Fedora hosts
* Update the GitHub issue templates
* Use a regular file, not a symbolic link, for the README.md in the
fedora-toolbox images
* Fall back to $HOME when using a container if the current working directory
isn't present in it
* Various updates to the Bash completion
* Various updates to the manuals
Overview of changes in 0.0.99.1
===============================
* Add deprecation notices to the POSIX shell implementation
* Add test for the new --distro option
* Drop the FGC namespace from the fedora-toolbox images
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Handle hosts with /etc/localtime as absolute symlink
* Improve README.md
* Improve the Zuul configuration
* Mount /mnt only if it is available
* Refactor the system tests, and use bats-assert and bats-support
* Test that sudo doesn't require a password
* Update the manuals
Overview of changes in 0.0.99
=============================
* Add a --distro option to 'create', 'enter' and 'run'
* Prevent setting VTE-specific PROMPT_COMMAND without VTE
* Remove the --candidate-registry option from Bash completion and the manual
for 'create'
* Remove the deprecated reset command
* Support RHEL hosts by creating containers based on UBI
* Try to avoid 'latest' tags, when looking at RepoTags
* Update the labels used for filtering toolbox containers images
* Update the range of supported Fedora releases
Overview of changes in 0.0.98.1
===============================
* Pass the USER environment variable to the container
* Make /etc/profile.d/toolbox.sh compatible with Z shell again
* Update the manual to mention that the --image and --release options of
'create' can't be used together
Overview of changes in 0.0.98
=============================
* Add nss-mdns to the fedora-toolbox images
* Correctly check validity of container name
* Don't leak all the os-release fields into the shell
* Don't rely on XDG_RUNTIME_DIR when running as root
* Give access to Avahi to resolve the .local mDNS domain
* Make coredumpctl(1) 'dump' and 'debug' work inside toolbox containers
* Make options --image and --release for 'create' mutually exclusive
* Notify the terminal about the real UID of 'toolbox enter'
* Remove periods at the end of flag descriptions
* Set XDG_RUNTIME_DIR when creating the toolbox container
* Unbreak 'enter' on hosts without a /etc/localtime
* Unbreak the system tests on Fedora 33
* Use the host's user namespace when running as root
Overview of changes in 0.0.97
=============================
* Allow X11 clients to run as root
* Color the output only when displaying on a terminal
* Don't rely on user D-Bus to track time zone configuration
* Enable running minikube on Silverblue
* Expose the host's /boot inside the container at /run/host
* Fix missing terminfo warning for Ubuntu containers
* Make locate(1) work inside toolbox containers
* Make pseudo-terminal devices be owned by the 'tty' group
* Rework test to check if a toolbox container started successfully
* Run a login shell when falling back to Bash during 'enter'
Overview of changes in 0.0.96
=============================
* Don't break GNU Readline's ctrl-p shortcut
* Enable system tests on Fedora 33
* Fix containers with missing /media possibly due to a failed RPM transaction
* Give access to the udev database
* Unbreak X11 applications with GNOME 3.38
* Update default release to 31 for non-Fedora hosts
Overview of changes in 0.0.95
=============================
* Try to handle configuration files that're absolute symlinks when the entry
point sets up the container
* Unbreak 'enter' on Fedora CoreOS
* Unbreak 'sudo' inside toolbox containers with Podman 2.0.5
* Warn if $TERM has no terminfo entry in the container
Overview of changes in 0.0.94
=============================
* Add contribution guidelines
* Add fedora-toolbox image definition for Fedora 34
* Add more information to errors from creating symbolic links when setting up
the toolbox container in the entry point
* Ensure binaries built on Fedora 33 run on Fedoras 32 & 31
* Install the tests
* Make it more obvious when falling back to /bin/bash
* Document that sudo(8) should work without a password
* Mount a tmpfs at /tmp to match the host
* Update issue templates
Overview of changes in 0.0.93
=============================
* Ensure reproducible builds by using the -trimpath build flag
* Fix the test suite to work with the Go implementation
* Make listing of containers and images more robust against changes in the JSON
returned by Podman
* List out dependencies and installation instructions
* Re-enable highlighting of running containers
* Show the spinner only when connected to a terminal
* Speed things up by caching the Podman version at runtime
* Update hint after creating a container to use the new syntax
* Use the correct verb format for string
Overview of changes in 0.0.92
=============================
* Embed the version from Meson into the binary
* Make it build on aarch64
Overview of changes in 0.0.91
=============================
* Add gvfs-client to the fedora-toolbox images
* Adjust for changes in JSON output from 'podman ps' and 'podman images' in
Podman 2.0
* Lower the Go build requirements to make it easier to build on Fedora
* Show an error if $PWD is missing inside the container
Overview of changes in 0.0.90
=============================
* Rewrite Toolbox in Go
* Remove support for toolbox containers created by Toolbox 0.0.9 and older
* Add option --version to show current Toolbox version
* Add options --log-level and --log-podman as possible future replacements for
--verbose and --very-verbose
* Clean up the spinner when aborted by SIGINT (or ctrl+c) and such
* Fix duplication in the output of the list command
* Mark the reset command as deprecated (replaced by 'podman system reset')
* Support specifying the name of a toolbox container as an argument to the
create and enter commands, in addition to the --container option
Overview of changes in 0.0.18
=============================
* Check /usr/share/profile.d when bind mounting toolbox.sh
* Mount /media only if it is available
* Set up /media and /mnt to match the host
* Unbreak 'enter' when SELinux is disabled
Overview of changes in 0.0.17
=============================
* Add a --very-verbose or -vv option
* Deprecate all toolbox containers that don't use a reflexive entry point
* Ensure that 'run' has at least one argument for the command
* Give access to the host's systemd journal
* Wipe out the container's /sys/fs/selinux to not advertise SELinux
Overview of changes in 0.0.16
=============================
* Add a reset command
* Document requirements for distro support
* Don't use a toolbox container until after it has been configured
* Drop the coloured heading from 'list'
* Miscellaneous fixes to Bash completion
* Remove the hidden --sudo option and the /etc/sudoers.d snippet
* Try to migrate to a supported OCI runtime if 'podman start' suggests so
* Unbreak 'run' if container lacks files that are redirected to the host
Overview of changes in 0.0.15
=============================
* Be forgiving of a missing /etc/profile.d/toolbox.sh in 'run'
* Don't sanity check /etc/subgid and /etc/subuid when running as root
* Install only flatpak-spawn, not the rest of flatpak-xdg-utils, in the images
* Let the terminal know the active container only on some Fedora variants
* Rely on 'podman system migrate' always being present
* Simplify code by dropping compatibility with 'podman create' < 1.4.0
* Switch to using /usr/lib/os-release instead of /etc/os-release
* Unbreak 'create' on Silverblue
* Update default release to 30 when running on non-fedora hosts
Overview of changes in 0.0.14
=============================
* Adjust the grep match pattern to be more specific
* Don't exit with a non-zero code from 'toolbox list -i'
* Expose a few more host locations inside the container under /run/host
* Give access to the system Flatpak directory
* Give access to the system libvirt instance
* Mount /run/media only if it is available
* Preserve the host's ulimits when creating toolbox containers
* Work around 'podman exec' resetting the terminal size to 80x24
Overview of changes in 0.0.13
=============================
* Drop PackageKit-command-not-found from the images
* Improve the help or usage output
* Simplify code by taking advantage of 'podman create --userns=keep-id'
* Simplify code by taking advantage of 'podman exec --workdir ...'
* Tighten the Silverblue check for the welcome message
Overview of changes in 0.0.12
=============================
* Create /run/.toolboxenv inside the toolbox container's entry point too
* Don't use 'podman cp' to copy toolbox.sh to old containers
* Drop the "immutable" term
* Unbreak /etc/localtime & /etc/timezone if /run/host/monitor is absent
Overview of changes in 0.0.11
=============================
* Allow Qt applications to work without QT_X11_NO_MITSHM
* Check if /etc/subgid and /etc/subuid have entries for the user
* Give access to the entire /dev from the host operating system
* Keep /etc/host.conf, /etc/localtime and /etc/timezone synchronized with the
host
* Notify the terminal about the current toolbox container in use
* Prevent Podman from complaining about 'podman cp --pause=true ...'
* Unbreak rendering & wrapping of commands typed at an interactive prompt
* Unbreak setting up /home as a symbolic link
Overview of changes in 0.0.10
=============================
* Add a run command
* Create /run/.toolboxenv in 'toolbox enter' for identification
* Drop the Buildah dependency and the user-specific customized image
* Keep /etc/hosts and /etc/resolv.conf synchronized with the host
* Migrate existing containers when Podman is updated
* Retain the PS1 across su(1) and sudo(8)
* Set the Kerberos credential cache type only if Kerberos is available
* Support column(1) from bsdmainutils
* Support 'sudo' as default sudo(8) group
* Use a magenta hexagon instead of 🔹 in the PS1
Overview of changes in 0.0.9
============================
* Add Bash completion
* Allow connecting to Wayland displays other than "wayland-0"
* Ask for confirmation before downloading the base image
* Improve the onboarding experience
* Make it available inside the toolbox container
* Make 'toolbox enter' create or fall back to a container when possible
* Set TOOLBOX_CONTAINER in the environment to identify as a toolbox
* Set default release to 29 when running on non-fedora hosts
* Show welcome texts on interactive shells
Overview of changes in 0.0.8
============================
* Add label for tagging, not tied to the fedora-toolbox name
* Add short variants for various options in 'create' and 'enter'
* Ensure that names of toolbox containers don't have a colon
* Enable Travis
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Give access to Kerberos if KCM credential caches are being used
* Improve the onboarding experience
* Reduce the sizes of the images by removing temporary files created by DNF
* Use a lighter entry point than /bin/sh
Overview of changes in 0.0.7
============================
* Add fedora-toolbox image definition for Fedora 31
* Add flatpak-xdg-utils to Fedoras 29 and 30
* Add manuals
* Add rm and rmi commands
* Be more informative when creating the working container
* Clarify the error message if the toolbox container is not found
* Don't create volumes in the image for bind mounts from the host
* Fix miscellaneous issues pointed out by https://www.shellcheck.net/
* Give access to /dev/bus for control transfers from USB devices
* Give access to removable devices and other temporary mounts
* Lots of Bash-isms removed for POSIX correctness
* Make the --image flag override the base toolbox image, as documented
* Make the spinner more efficient
* Restore documentation removed from the base Fedora images
Overview of changes in 0.0.6
============================
* Add a list command
* Drop the "fedora" prefix and rename the project as just "toolbox"
* Fix typos pointed out by https://www.shellcheck.net/
* Lots of Bash-isms removed for POSIX correctness
* Make --container and --image command-specific options
* Make it work inside the toolbox container itself
* Shorten the prefix for debug and error messages
* Use the host's PID namespace for the toolbox container
* Use the standard error output for error messages
Overview of changes in 0.0.5
============================
* Give access to mounts under $HOME, and make autofs work
* Show a spinner when creating the toolbox
Overview of changes in 0.0.4
============================
* Avoid spooky root-like behaviour for non-root interactive shells
* Give access to the FUSE kernel module
* Improve the readability of the debug output
* Set up $HOME and /home to match the host
* Try to enter the same directory inside the toolbox
Overview of changes in 0.0.3
============================
* Clean up the Buildah working containers on error
* Unbreak creating the toolbox if the toolbox image already exists
Overview of changes in 0.0.2
============================
* Allow an 'F' or 'f' prefix when specifying the release
* Avoid a Bash-ism (ie. ==) and stick to POSIX (ie. =)
* Fallback to /bin/bash if $SHELL doesn't exist in the toolbox container
* Give access to the system D-Bus instance
* Make shm_open work
Overview of changes in 0.0.1
============================
* First preview release
----
Copyright © 2018 2024 Red Hat, Inc.
All rights reserved.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.

83
README.md
View File

@ -1,61 +1,34 @@
![README](data/gfx/README.gif)
# Fedora Toolbox — Hacking on OSTree-based Fedoras
[Toolbx](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for software development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
[Fedora Toolbox](https://github.com/debarshiray/fedora-toolbox) is a tool that
offers a familiar RPM based environment for developing and debugging software
on locked down [OSTree](https://ostree.readthedocs.io/en/latest/) based Fedora
systems like [Silverblue](https://silverblue.fedoraproject.org/). Such
operating systems are shipped as *immutable* OSTree images, where it's
difficult to setup a development environment with your favorite tools, editors
and SDKs. A toolbox container solves that problem by providing a RPM based
*mutable* container. You can tweak it to your heart's content and use DNF to
install your favorite packages, all without worrying about breaking your
operating system.
Toolbx environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
The toolbox environment is based on the `fedora-toolbox` image. This image is
then customized for the current user to create a toolbox container that
seamlessly integrates with the rest of the operating system.
This is particularly useful on
[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
[Fedora CoreOS](https://fedoraproject.org/coreos/) and
[Silverblue](https://fedoraproject.org/silverblue/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
## Usage
Toolbx solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
### Create your Fedora Toolbox container:
```
[user@hostname fedora-toolbox]$ ./fedora-toolbox create
[user@hostname fedora-toolbox]$
```
This will create a container, and an image, called
`fedora-toolbox-<your-username>:<version-id>` that's specifically customised
for your host user.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
### Enter the Toolbox:
```
[user@hostname fedora-toolbox]$ ./fedora-toolbox enter
🔹[user@toolbox ~]$
```
The Toolbx environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a Toolbx container that offers the interactive command line
environment.
Note that Toolbx makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbx and [Linux distro support](https://containertoolbx.org/distros/).
##
[![Star History Chart](https://api.star-history.com/svg?repos=containers/toolbox&type=Date)](https://star-history.com/#containers/toolbox&Date)
##
[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
[![Arch Linux package](https://img.shields.io/archlinux/v/extra/x86_64/toolbox?logo=archlinux)](https://www.archlinux.org/packages/extra/x86_64/toolbox/)
[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide?logo=fedora)](https://src.fedoraproject.org/rpms/toolbox/)
[![Ubuntu package](https://img.shields.io/badge/ubuntu-0.0.99.3%2Bgit20230118%2B446d7bfdef6a-orange?logo=ubuntu)](https://packages.ubuntu.com/noble/podman-toolbox)

5
SECURITY.md
View File

@ -1,5 +0,0 @@
## Security and Disclosure Information Policy for the Toolbx Project
The Toolbx Project follows the
[Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md)
for the Containers Projects.

4
data/config/meson.build
View File

@ -1,4 +0,0 @@
install_data(
'toolbox.conf',
install_dir: get_option('sysconfdir') / 'containers',
)

17
data/config/toolbox.conf
View File

@ -1,17 +0,0 @@
[general]
# Create a toolbox container for a different operating system distro than the
# host. Cannot be used with 'image'.
## distro = "fedora"
# Create a toolbox container for a different operating system release than the
# host. Cannot be used with 'image'.
## release = "33"
# Change the name of the image used to create the toolbox container. This is
# useful for creating containers from custom-built images. Cannot be used with
# 'distro' or 'release'.
#
# If the name does not contain a registry, the local image storage will be
# consulted, and if it's not present there then it will be pulled from a
# suitable remote registry.
## image = "registry.fedoraproject.org/fedora-toolbox:34"

BIN
data/gfx/CONTRIBUTING.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.6 KiB

BIN
data/gfx/README.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
data/gfx/powerup.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 89 KiB

2
data/meson.build
View File

@ -1,2 +0,0 @@
subdir('config')
subdir('tmpfiles.d')

4
data/tmpfiles.d/meson.build
View File

@ -1,4 +0,0 @@
install_data(
'toolbox.conf',
install_dir: tmpfilesdir,
)

2
data/tmpfiles.d/toolbox.conf
View File

@ -1,2 +0,0 @@
d /run/media 0755 root root - -
L /run/host - - - - ../

39
doc/meson.build
View File

@ -1,39 +0,0 @@
go_md2man_command = [
go_md2man,
'-in', '@INPUT@',
'-out', '@OUTPUT@',
]
manuals = {
'1': [
'toolbox',
'toolbox-create',
'toolbox-enter',
'toolbox-init-container',
'toolbox-help',
'toolbox-list',
'toolbox-rm',
'toolbox-rmi',
'toolbox-run',
],
'5': [
'toolbox.conf',
]
}
foreach section, pages: manuals
foreach page: pages
output = page + '.' + section
input = output + '.md'
sectiondir = 'man' + section
custom_target(
output,
command: go_md2man_command,
input: input,
install: true,
install_dir: get_option('mandir') / sectiondir,
output: output,
)
endforeach
endforeach

141
doc/toolbox-create.1.md
View File

@ -1,141 +0,0 @@
% toolbox-create 1
## NAME
toolbox\-create - Create a new Toolbx container
## SYNOPSIS
**toolbox create** [*--authfile FILE*]
[*--distro DISTRO* | *-d DISTRO*]
[*--image NAME* | *-i NAME*]
[*--release RELEASE* | *-r RELEASE*]
[*CONTAINER*]
## DESCRIPTION
Creates a new Toolbx container. You can then use the `toolbox enter` command
to interact with the container at any point.
A Toolbx container is an OCI container created from an OCI image. On Fedora,
the default image is known as `fedora-toolbox:N`, where N is the release of
the host. If the image is not present locally, then it is pulled from a
well-known registry like `registry.fedoraproject.org`. Other images may be
used on other host operating systems. If the host is not recognized, then the
Fedora image will be used.
The container is created with `podman create`, and its entry point is set to
`toolbox init-container`.
By default, a Toolbx container is named after its corresponding image. If the
image had a tag, then the tag is included in the name of the container, but
it's separated by a hyphen, not a colon. A different name can be assigned by
using the CONTAINER argument.
### Container Configuration
A Toolbx container seamlessly integrates with the rest of the operating
system by providing access to the user's home directory, the Wayland and X11
sockets, networking (including Avahi), removable devices (like USB sticks),
systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc..
The user ID and account details from the host is propagated into the Toolbx
container, SELinux label separation is disabled, and the host file system can
be accessed by the container at /run/host. The container has access to the
host's Kerberos credentials cache if it's configured to use KCM caches.
A Toolbx container can be identified by the `com.github.containers.toolbox`
label or the `/run/.toolboxenv` file.
The entry point of a Toolbx container is the `toolbox init-container` command
which plays a role in setting up the container, along with the options passed
to `podman create`.
### Entry Point
A key feature of Toolbx containers is their entry point, the `toolbox
init-container` command.
OCI containers are inherently immutable. Configuration options passed through
`podman create` are baked into the definition of the OCI container, and can't
be changed later. This means that changes and improvements made in newer
versions of Toolbx can't be applied to pre-existing Toolbx containers
created by older versions of Toolbx. This is avoided by using the entry point
to configure the container at runtime.
The entry point of a Toolbx container customizes the container to fit the
current user by ensuring that it has a user that matches the one on the host,
and grants it `sudo` and `root` access.
Crucial configuration files, such as `/etc/host.conf`, `/etc/hosts`,
`/etc/localtime`, `/etc/resolv.conf` and `/etc/timezone`, inside the container
are kept synchronized with the host. The entry point also bind mounts various
subsets of the host's file system hierarchy to their corresponding locations
inside the container to provide seamless integration with the host. This
includes `/run/libvirt`, `/run/systemd/journal`, `/run/udev/data`,
`/var/lib/libvirt`, `/var/lib/systemd/coredump`, `/var/log/journal` and others.
On some host operating systems, important paths like `/home`, `/media` or
`/mnt` are symbolic links to other locations. The entry point ensures that
paths inside the container match those on the host, to avoid needless
confusion.
## OPTIONS ##
**--authfile** FILE
Path to a FILE with credentials for authenticating to the registry for private
images. The FILE is usually set using `podman login`, and will be used by
`podman pull` to get the image.
The default location for FILE is `$XDG_RUNTIME_DIR/containers/auth.json` and
its format is specified in `containers-auth.json(5)`.
**--distro** DISTRO, **-d** DISTRO
Create a Toolbx container for a different operating system DISTRO than the
host. Cannot be used with `--image`. Has to be coupled with `--release` unless
the selected DISTRO matches the host.
**--image** NAME, **-i** NAME
Change the NAME of the image used to create the Toolbx container. This is
useful for creating containers from custom-built images. Cannot be used with
`--distro` and `--release`.
If NAME does not contain a registry, the local image storage will be
consulted, and if it's not present there then it will be pulled from a suitable
remote registry.
**--release** RELEASE, **-r** RELEASE
Create a Toolbx container for a different operating system RELEASE than the
host. Cannot be used with `--image`.
## EXAMPLES
### Create the default Toolbx container matching the host OS
```
$ toolbox create
```
### Create the default Toolbx container for Fedora 36
```
$ toolbox create --distro fedora --release f36
```
### Create a custom Toolbx container from a custom image
```
$ toolbox create --image bar foo
```
### Create a custom Toolbx container from a custom image that's private
```
$ toolbox create --authfile ~/auth.json --image registry.example.com/bar
```
## SEE ALSO
`toolbox(1)`, `toolbox-init-container(1)`, `podman(1)`, `podman-create(1)`, `podman-login(1)`, `podman-pull(1)`, `containers-auth.json(5)`

66
doc/toolbox-enter.1.md
View File

@ -1,66 +0,0 @@
% toolbox-enter 1
## NAME
toolbox\-enter - Enter a Toolbx container for interactive use
## SYNOPSIS
**toolbox enter** [*--distro DISTRO* | *-d DISTRO*]
[*--release RELEASE* | *-r RELEASE*]
[*CONTAINER*]
## DESCRIPTION
Spawns an interactive shell inside a Toolbx container that was created using
the `toolbox create` command. It tries to spawn the user's default shell, but
if it's not available inside the container then it falls back to `/bin/bash`.
When invoked without any options, `toolbox enter` will try to enter the default
Toolbx container for the host, or if there's only one container available then
it will use it. On Fedora, the default container is known as
`fedora-toolbox-N`, where N is the release of the host. If there aren't any
containers, `toolbox enter` will offer to create the default one for you.
A specific container can be selected using the CONTAINER argument.
A Toolbx container is an OCI container. Therefore, `toolbox enter` is
analogous to a `podman start` followed by a `podman exec`.
## OPTIONS ##
The following options are understood:
**--distro** DISTRO, **-d** DISTRO
Enter a Toolbx container for a different operating system DISTRO than the
host. Has to be coupled with `--release` unless the selected DISTRO matches the
host.
**--release** RELEASE, **-r** RELEASE
Enter a Toolbx container for a different operating system RELEASE than the
host.
## EXAMPLES
### Enter the default Toolbx container matching the host OS
```
$ toolbox enter
```
### Enter the default Toolbx container for Fedora 36
```
$ toolbox enter --distro fedora --release f36
```
### Enter a Toolbx container with a custom name
```
$ toolbox enter foo
```
## SEE ALSO
`toolbox(1)`, `toolbox-run(1)`, `podman(1)`, `podman-exec(1)`,
`podman-start(1)`

35
doc/toolbox-help.1.md
View File

@ -1,35 +0,0 @@
% toolbox-help 1
## NAME
toolbox\-help - Display help information about Toolbx
## SYNOPSIS
**toolbox help** [*COMMAND*]
## DESCRIPTION
When no COMMAND is specified, the `toolbox(1)` manual is shown. If a COMMAND
is specified, a manual page for that command is brought up.
Note that `toolbox --help ...` is identical to `toolbox help ...` because the
former is internally converted to the latter.
This page can be displayed with `toolbox help help` or `toolbox help --help`.
## EXAMPLES
### Show the toolbox manual
```
$ toolbox help
```
### Show the manual for the create command
```
$ toolbox help create
```
## SEE ALSO
`toolbox(1)`

102
doc/toolbox-init-container.1.md
View File

@ -1,102 +0,0 @@
% toolbox-init-container 1
## NAME
toolbox\-init\-container - Initialize a running container
## SYNOPSIS
**toolbox init-container** *--gid GID*
*--home HOME*
*--home-link*
*--media-link*
*--mnt-link*
*--shell SHELL*
*--uid UID*
*--user USER*
## DESCRIPTION
Initializes a newly created container that's running. It is primarily meant to
be used as the entry point for all Toolbx containers, and must be run inside
the container that's to be initialized. It is not expected to be directly
invoked by humans, and cannot be used on the host.
A key feature of Toolbx containers is their entry point, the `toolbox
init-container` command.
OCI containers are inherently immutable. Configuration options passed through
`podman create` are baked into the definition of the OCI container, and can't
be changed later. This means that changes and improvements made in newer
versions of Toolbx can't be applied to pre-existing Toolbx containers
created by older versions of Toolbx. This is avoided by using the entry point
to configure the container at runtime.
The entry point of a Toolbx container customizes the container to fit the
current user by ensuring that it has a user that matches the one on the host,
and grants it `sudo` and `root` access.
Crucial configuration files, such as `/etc/host.conf`, `/etc/hosts`,
`/etc/localtime`, `/etc/resolv.conf` and `/etc/timezone`, inside the container
are kept synchronized with the host. The entry point also bind mounts various
subsets of the host's file system hierarchy to their corresponding locations
inside the container to provide seamless integration with the host. This
includes `/run/libvirt`, `/run/systemd/journal`, `/run/udev/data`,
`/var/lib/libvirt`, `/var/lib/systemd/coredump`, `/var/log/journal` and others.
On some host operating systems, important paths like `/home`, `/media` or
`/mnt` are symbolic links to other locations. The entry point ensures that
paths inside the container match those on the host, to avoid needless
confusion.
## OPTIONS ##
The following options are understood:
**--gid** GID
Pass GID as the user's numerical group ID from the host to the Toolbx
container.
**--home** HOME
Create a user inside the Toolbx container whose login directory is HOME. This
option is required.
**--home-link**
Make `/home` a symbolic link to `/var/home`.
**--media-link**
Make `/media` a symbolic link to `/run/media`.
**--mnt-link**
Make `/mnt` a symbolic link to `/var/mnt`.
**--monitor-host**
Deprecated, does nothing.
Crucial configuration files inside the Toolbx container are always kept
synchronized with their counterparts on the host, and various subsets of the
host's file system hierarchy are always bind mounted to their corresponding
locations inside the Toolbx container.
**--shell** SHELL
Create a user inside the Toolbx container whose login shell is SHELL. This
option is required.
**--uid** UID
Create a user inside the Toolbx container whose numerical user ID is UID. This
option is required.
**--user** USER
Create a user inside the Toolbx container whose login name is LOGIN. This
option is required.
## SEE ALSO
`toolbox(1)`, `podman(1)`, `podman-create(1)`, `podman-start(1)`

48
doc/toolbox-list.1.md
View File

@ -1,48 +0,0 @@
% toolbox-list 1
## NAME
toolbox\-list - List existing Toolbx containers and images
## SYNOPSIS
**toolbox list** [*--containers* | *-c*] [*--images* | *-i*]
## DESCRIPTION
Lists existing Toolbx containers and images. These are OCI containers and
images, which can be managed directly with a tool like `podman`.
## OPTIONS ##
The following options are understood:
**--containers, -c**
List only Toolbx containers, not images.
**--images, -i**
List only Toolbx images, not containers.
## EXAMPLES
### List all existing Toolbx containers and images
```
$ toolbox list
```
### List existing Toolbx containers only
```
$ toolbox list --containers
```
### List existing Toolbx images only
```
$ toolbox list --images
```
## SEE ALSO
`toolbox(1)`, `podman(1)`, `podman-ps(1)`, `podman-images(1)`

52
doc/toolbox-rm.1.md
View File

@ -1,52 +0,0 @@
% toolbox-rm 1
## NAME
toolbox\-rm - Remove one or more Toolbx containers
## SYNOPSIS
**toolbox rm** [*--all* | *-a*] [*--force* | *-f*] [*CONTAINER*...]
## DESCRIPTION
Removes one or more Toolbx containers from the host. The container should
have been created using the `toolbox create` command.
A Toolbx container is an OCI container. Therefore, `toolbox rm` can be used
interchangeably with `podman rm`.
## OPTIONS ##
The following options are understood:
**--all, -a**
Remove all Toolbx containers. It can be used in conjunction with `--force` as
well.
**--force, -f**
Force the removal of running and paused Toolbx containers.
## EXAMPLES
### Remove a Toolbx container named `fedora-toolbox-gegl:36`
```
$ toolbox rm fedora-toolbox-gegl:36
```
### Remove all Toolbx containers, but not those that are running or paused
```
$ toolbox rm --all
```
### Remove all Toolbx containers, including ones that are running or paused
```
$ toolbox rm --all --force
```
## SEE ALSO
`toolbox(1)`, `podman(1)`, `podman-rm(1)`

52
doc/toolbox-rmi.1.md
View File

@ -1,52 +0,0 @@
% toolbox-rmi 1
## NAME
toolbox\-rmi - Remove one or more Toolbx images
## SYNOPSIS
**toolbox rmi** [*--all* | *-a*] [*--force* | *-f*] [*IMAGE*...]
## DESCRIPTION
Removes one or more Toolbx images from the host. The image should have been
created using the `toolbox create` command.
A Toolbx image is an OCI image. Therefore, `toolbox rmi` can be used
interchangeably with `podman rmi`.
## OPTIONS ##
The following options are understood:
**--all, -a**
Remove all Toolbx images. It can be used in conjunction with `--force` as well.
**--force, -f**
Force the removal of Toolbx images that are used by Toolbx containers. The
dependent containers will be removed as well.
## EXAMPLES
### Remove a Toolbx image named `localhost/fedora-toolbox-gegl:36`
```
$ toolbox rmi localhost/fedora-toolbox-gegl:36
```
### Remove all Toolbx images, but not those that are used by containers
```
$ toolbox rmi --all
```
### Remove all Toolbx images and their dependent containers
```
$ toolbox rmi --all --force
```
## SEE ALSO
`toolbox(1)`, `podman(1)`, `podman-rmi(1)`

108
doc/toolbox-run.1.md
View File

@ -1,108 +0,0 @@
% toolbox-run 1
## NAME
toolbox\-run - Run a command in an existing Toolbx container
## SYNOPSIS
**toolbox run** [*--container NAME* | *-c NAME*]
[*--distro DISTRO* | *-d DISTRO*]
[*--preserve-fds N*]
[*--release RELEASE* | *-r RELEASE*]
[*COMMAND*]
## DESCRIPTION
Runs a command inside an existing Toolbx container. The container should have
been created using the `toolbox create` command.
On Fedora, the default container is known as `fedora-toolbox-N`, where N is
the release of the host. A specific container can be selected using the
`--container` option.
A Toolbx container is an OCI container. Therefore, `toolbox run` is analogous
to a `podman start` followed by a `podman exec`.
## OPTIONS ##
The following options are understood:
**--container** NAME, **-c** NAME
Run command inside a Toolbx container with the given NAME. This is useful
when there are multiple Toolbx containers created from the same image, or
entirely customized containers created from custom-built images.
**--distro** DISTRO, **-d** DISTRO
Run command inside a Toolbx container for a different operating system DISTRO
than the host. Has to be coupled with `--release` unless the selected DISTRO
matches the host system.
**--preserve-fds** N
Pass down to command N additional file descriptors (in addition to 0, 1,
2). The total number of file descriptors will be 3+N.
**--release** RELEASE, **-r** RELEASE
Run command inside a Toolbx container for a different operating system
RELEASE than the host.
## EXIT STATUS
The exit code gives information about why the command within the container
failed to run or why it exited.
**1** There was an internal error in Toolbx
**125** There was an internal error in Podman
**126** The run command could not be invoked
```
$ toolbox run /etc; echo $?
/bin/sh: line 1: /etc: Is a directory
/bin/sh: line 1: exec: /etc: cannot execute: Is a directory
Error: failed to invoke command /etc in container fedora-toolbox-36
126
```
**127** The run command cannot be found or the working directory does not exist
```
$ toolbox run foo; echo $?
/bin/sh: line 1: exec: foo: not found
Error: command foo not found in container fedora-toolbox-36
127
```
**Exit code** The run command exit code
```
$ toolbox run false; echo $?
1
```
## EXAMPLES
### Run ls inside the default Toolbx container matching the host OS
```
$ toolbox run ls -la
```
### Run emacs inside the default Toolbx container for Fedora 36
```
$ toolbox run --distro fedora --release f36 emacs
```
### Run uptime inside a Toolbx container with a custom name
```
$ toolbox run --container foo uptime
```
## SEE ALSO
`toolbox(1)`, `podman(1)`, `podman-exec(1)`, `podman-start(1)`

171
doc/toolbox.1.md
View File

@ -1,171 +0,0 @@
% toolbox 1
## NAME
toolbox - Tool for interactive command line environments on Linux
## SYNOPSIS
**toolbox** [*--assumeyes* | *-y*]
[*--help* | *-h*]
[*--log-level LEVEL*]
[*--log-podman*]
[*--verbose* | *-v*]
*COMMAND* [*ARGS*...]
## DESCRIPTION
Toolbx is a tool for Linux, which allows the use of interactive command line
environments for software development and troubleshooting the host operating
system, without having to install software on the host. It is built on top of
Podman and other standard container technologies from OCI.
Toolbx environments have seamless access to the users home directory, the
Wayland and X11 sockets, networking (including Avahi), removable devices (like
USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..
This is particularly useful on OSTree based operating systems like Fedora
CoreOS and Silverblue. The intention of these systems is to discourage
installation of software on the host, and instead install software as (or in)
containers — they mostly don't even have package managers like DNF or YUM.
This makes it difficult to set up a development environment or troubleshoot
the operating system in the usual way.
Toolbx solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The Toolbx environment is based on an OCI image. On Fedora this is the
`fedora-toolbox` image. This image is used to create a Toolbx container that
offers the interactive command line environment.
Note that Toolbx makes no promise about security beyond whats already
available in the usual command line environment on the host that everybody is
familiar with.
## Supported operating system distributions
By default, Toolbx tries to use an image matching the host operating system
distribution for creating containers. If the host is not supported, then it
falls back to a Fedora image. Supported host operating systems are:
* Arch Linux
* Fedora
* Red Hat Enterprise Linux >= 8.5
* Ubuntu
However, it's possible to create containers for a different distribution
through the use of the `--distro` and `--release` options that are accepted by
the relevant commands, or their counterparts in the configuration file. The
`--distro` flag specifies the name of the distribution, and `--release`
specifies its version. Supported combinations are:
Distro |Release
-------|----------
arch |latest or rolling
fedora |\<release\> or f\<release\> eg., 36 or f36
rhel |\<major\>.\<minor\> eg., 8.5
ubuntu |\<YY\>.\<MM\> eg., 22.04
## USAGE
### Create a Toolbx container:
```
[user@hostname ~]$ toolbox create
Image required to create toolbox container.
Download registry.fedoraproject.org/fedora-toolbox:36 (294.1MB)? [y/N]: y
Created container: fedora-toolbox-36
Enter with: toolbox enter
[user@hostname ~]$
```
### Enter the Toolbx container:
```
[user@hostname ~]$ toolbox enter
⬢[user@toolbox ~]$
```
### Remove the Toolbx container:
```
[user@hostname ~]$ toolbox rm fedora-toolbox-36
[user@hostname ~]$
```
## GLOBAL OPTIONS ##
The following options are understood:
**--assumeyes, -y**
Automatically answer yes for all questions.
**--help, -h**
Print a synopsis of this manual and exit.
**--log-level**=*level*
Log messages above specified level: debug, info, warn, error, fatal or panic
(default: error)
**--log-podman**
Show log messages of invocations of Podman based on the logging level specified
by option **log-level**.
**--verbose, -v**
Same as `--log-level=debug`. Use `-vv` to include `--log-podman`.
## COMMANDS
Commands for working with Toolbx containers and images:
**toolbox-create(1)**
Create a new Toolbx container.
**toolbox-enter(1)**
Enter a Toolbx container for interactive use.
**toolbox-help(1)**
Display help information about Toolbx.
**toolbox-init-container(1)**
Initialize a running container.
**toolbox-list(1)**
List existing Toolbx containers and images.
**toolbox-rm(1)**
Remove one or more Toolbx containers.
**toolbox-rmi(1)**
Remove one or more Toolbx images.
**toolbox-run(1)**
Run a command in an existing Toolbx container.
## FILES ##
**toolbox.conf(5)**
Toolbx configuration file.
## SEE ALSO
`podman(1)`, https://github.com/containers/toolbox

67
doc/toolbox.conf.5.md
View File

@ -1,67 +0,0 @@
% toolbox.conf 5
## NAME
toolbox.conf - Toolbx configuration file
## DESCRIPTION
Persistently overrides the default behaviour of `toolbox(1)`. The syntax is
TOML and the names of the options match their command line counterparts.
Currently, the only supported section is *general*.
## OPTIONS
**distro** = "DISTRO"
Create a Toolbx container for a different operating system DISTRO than the
host. Cannot be used with `image`.
**image** = "NAME"
Change the NAME of the image used to create the Toolbx container. This is
useful for creating containers from custom-built images. Cannot be used with
`distro` and `release`.
If NAME does not contain a registry, the local image storage will be
consulted, and if it's not present there then it will be pulled from a suitable
remote registry.
**release** = "RELEASE"
Create a Toolbx container for a different operating system RELEASE than the
host. Cannot be used with `image`.
## FILES
The following locations are looked up in increasing order of priority:
**/etc/containers/toolbox.conf**
This is meant to be provided by the operating system distributor or the system
administrator, and affects all users on the host.
Fields specified here can be overridden by any of the files below.
**$XDG_CONFIG_HOME/containers/toolbox.conf**
This is meant for user-specific changes. Fields specified here override any of
the files above.
## EXAMPLES
### Override the default operating system distro:
```
[general]
distro = "fedora"
release = "36"
```
### Override the default image:
```
[general]
image = "registry.fedoraproject.org/fedora-toolbox:36"
```
## SEE ALSO
`toolbox(1)`, `toolbox-create(1)`

351
fedora-toolbox Executable file
View File

@ -0,0 +1,351 @@
#!/bin/sh
#
# Copyright © 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
source /etc/os-release
release=$VERSION_ID
prefix_sudo=""
registry="registry.fedoraproject.org"
registry_candidate="candidate-registry.fedoraproject.org"
toolbox_prompt="🔹[\u@\h \W]\\$ "
is_integer()
{
[ "$1" != "" ] && [ $1 -eq $1 2>&42 ]
return $?
}
create()
(
dbus_system_bus_address="unix:path=/var/run/dbus/system_bus_socket"
tmpfs_size=$((64 * 1024 * 1024)) # 64 MiB
working_container_name="fedora-toolbox-working-container-$(uuidgen --time)"
if ! $prefix_sudo buildah inspect --type image $toolbox_image >/dev/null 2>&42; then
if ! $prefix_sudo buildah from \
--name $working_container_name \
localhost/$base_toolbox_image >/dev/null 2>&42; then
if ! $prefix_sudo buildah from \
--name $working_container_name \
$registry/$fgc/$base_toolbox_image >/dev/null 2>&42; then
echo "$0: failed to create working container"
exit 1
fi
fi
if ! $prefix_sudo buildah run $working_container_name -- useradd \
--no-create-home \
--shell $SHELL \
--uid $UID \
--groups wheel \
$USER \
>/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to create user $USER with UID $UID"
exit 1
fi
if ! $prefix_sudo buildah run $working_container_name -- passwd -d $USER >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to remove password for user $USER"
exit 1
fi
if ! $prefix_sudo buildah run $working_container_name -- passwd -d root >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to remove password for user root"
exit 1
fi
if ! $prefix_sudo buildah config --volume $HOME $working_container_name >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to configure volume for $HOME"
exit 1
fi
if ! $prefix_sudo buildah config --volume $XDG_RUNTIME_DIR $working_container_name >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to configure volume for $XDG_RUNTIME_DIR"
exit 1
fi
if [ "$DBUS_SYSTEM_BUS_ADDRESS" != "" ]; then
dbus_system_bus_address=$DBUS_SYSTEM_BUS_ADDRESS
fi
dbus_system_bus_path=$(echo $dbus_system_bus_address | cut --delimiter = --fields 2 2>&42)
dbus_system_bus_path=$(readlink --canonicalize $dbus_system_bus_path 2>&42)
if ! $prefix_sudo buildah config \
--volume $dbus_system_bus_path \
$working_container_name >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to configure volume for $dbus_system_bus_path"
exit 1
fi
if ! $prefix_sudo buildah config --volume /dev/dri $working_container_name >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to configure volume for /dev/dri"
exit 1
fi
if ! $prefix_sudo buildah config --user $USER $working_container_name >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to configure the default user as $USER"
exit 1
fi
if ! $prefix_sudo buildah config --workingdir $HOME $working_container_name >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to configure the initial working directory to $HOME"
exit 1
fi
if ! $prefix_sudo buildah commit --rm $working_container_name $toolbox_image >/dev/null 2>&42; then
$prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42
echo "$0: failed to create image $toolbox_image"
exit 1
fi
fi
if $prefix_sudo podman inspect --type container $toolbox_container >/dev/null 2>&42; then
echo "$0: container $toolbox_container already exists"
exit 1
fi
total_ram=$(awk '( $1 == "MemTotal:" ) { print $2 }' /proc/meminfo 2>&42) # kibibytes
if is_integer $total_ram; then
tmpfs_size=$((total_ram*1024/2)) # bytes
fi
max_uid_count=65536
max_minus_uid=$((max_uid_count-UID))
uid_plus_one=$((UID+1))
if ! $prefix_sudo podman create \
--group-add wheel \
--hostname toolbox \
--interactive \
--name $toolbox_container \
--network host \
--privileged \
--security-opt label=disable \
--tmpfs /dev/shm:size=$tmpfs_size \
--tty \
--uidmap $UID:0:1 \
--uidmap 0:1:$UID \
--uidmap $uid_plus_one:$uid_plus_one:$max_minus_uid \
--volume $HOME:$HOME \
--volume $XDG_RUNTIME_DIR:$XDG_RUNTIME_DIR \
--volume $dbus_system_bus_path:$dbus_system_bus_path \
--volume /dev/dri:/dev/dri \
$toolbox_image \
/bin/sh >/dev/null 2>&42; then
echo "$0: failed to create container $toolbox_container"
exit 1
fi
)
enter()
(
shell_to_exec=/bin/bash
if ! $prefix_sudo podman start $toolbox_container >/dev/null 2>&42; then
echo "$0: failed to start container $toolbox_container"
exit 1
fi
if [ "$DBUS_SYSTEM_BUS_ADDRESS" != "" ]; then
set_dbus_system_bus_address="--env DBUS_SYSTEM_BUS_ADDRESS=$DBUS_SYSTEM_BUS_ADDRESS"
fi
if $prefix_sudo podman exec $toolbox_container test -f $SHELL 2>&42; then
shell_to_exec=$SHELL
else
echo "$SHELL not found in $toolbox_container; using $shell_to_exec instead" >&42
fi
$prefix_sudo podman exec \
--env COLORTERM=$COLORTERM \
--env DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \
$set_dbus_system_bus_address \
--env DESKTOP_SESSION=$DESKTOP_SESSION \
--env DISPLAY=$DISPLAY \
--env LANG=$LANG \
--env PS1="$toolbox_prompt" \
--env SHELL=$SHELL \
--env SSH_AUTH_SOCK=$SSH_AUTH_SOCK \
--env TERM=$TERM \
--env VTE_VERSION=$VTE_VERSION \
--env XDG_CURRENT_DESKTOP=$XDG_CURRENT_DESKTOP \
--env XDG_DATA_DIRS=$XDG_DATA_DIRS \
--env XDG_MENU_PREFIX=$XDG_MENU_PREFIX \
--env XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
--env XDG_SEAT=$XDG_SEAT \
--env XDG_SESSION_DESKTOP=$XDG_SESSION_DESKTOP \
--env XDG_SESSION_ID=$XDG_SESSION_ID \
--env XDG_SESSION_TYPE=$XDG_SESSION_TYPE \
--env XDG_VTNR=$XDG_VTNR \
--interactive \
--tty \
$toolbox_container \
$shell_to_exec -l 2>&42
)
exit_if_extra_operand()
{
if [ "$1" != "" ]; then
echo "$0: extra operand '$1'"
echo "Try '$0 --help' for more information."
exit 1
fi
}
exit_if_unrecognized_option()
{
echo "$0: unrecognized option '$1'"
echo "Try '$0 --help' for more information."
exit 1
}
usage()
{
echo "Usage: fedora-toolbox [--container <name>]"
echo " [--release <release>]"
echo " [-v | --verbose]"
echo " create [--candidate-registry]"
echo " [--image <name>]"
echo " or: fedora-toolbox [--container <name>]"
echo " [--release <release>]"
echo " [-v | --verbose]"
echo " enter"
echo " or: fedora-toolbox --help"
}
exec 42>/dev/null
while [[ "$1" = -* ]]; do
case $1 in
--container )
shift
if [ "$1" = "" ]; then
echo "$0: missing argument for '--container'"
echo "Try '$0 --help' for more information."
exit 1
fi
toolbox_container=$1
;;
-h | --help )
usage
exit
;;
--release )
shift
if [ "$1" = "" ]; then
echo "$0: missing argument for '--release'"
echo "Try '$0 --help' for more information."
exit 1
fi
arg=$(echo $1 | sed 's/^F\|^f//' 2>&42)
if ! is_integer $arg; then
echo "$0: invalid argument for '--release'"
echo "Try '$0 --help' for more information."
exit 1
fi
if [ $arg -le 0 2>&42 ]; then
echo "$0: invalid argument for '--release'"
echo "Try '$0 --help' for more information."
exit 1
fi
release=$arg
;;
--sudo )
prefix_sudo="sudo"
;;
-v | --verbose )
exec 42>&2
;;
* )
exit_if_unrecognized_option $1
esac
shift
done
fgc="f$release"
[ "$toolbox_container" = "" ] && toolbox_container="fedora-toolbox-$USER:$release"
base_toolbox_image="fedora-toolbox:$release"
toolbox_image="fedora-toolbox-$USER:$release"
if [ "$1" = "" ]; then
echo "$0: missing command"
echo "Try '$0 --help' for more information."
exit 1
fi
op=$1
shift
case $op in
create )
while [[ "$1" = -* ]]; do
case $1 in
--candidate-registry )
registry=$registry_candidate
;;
--image )
shift
if [ "$1" = "" ]; then
echo "$0: missing argument for '--image'"
echo "Try '$0 --help' for more information."
exit 1
fi
toolbox_image=$1
;;
* )
exit_if_unrecognized_option $1
esac
shift
done
exit_if_extra_operand $1
create
exit
;;
enter )
while [[ "$1" = -* ]]; do
case $1 in
* )
exit_if_unrecognized_option $1
esac
shift
done
exit_if_extra_operand $1
enter
exit
;;
* )
echo "$0: unrecognized command '$op'"
echo "Try '$0 --help' for more information."
exit 1
esac

2
fedora-toolbox-sudo Normal file
View File

@ -0,0 +1,2 @@
%wheel ALL=(root) NOPASSWD: /usr/bin/buildah
%wheel ALL=(root) NOPASSWD: /usr/bin/podman

80
gen-docs-list
View File

@ -1,80 +0,0 @@
#!/bin/sh
#
# Copyright © 2019 2024 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
collect()
(
if $1; then
postfix="_toolbox"
else
postfix=""
fi
manpages_list=""
for dir in /usr/share/man/man*/ ; do
for docs in $dir*; do
package=$(rpm -qf $docs --qf "%{NAME}\n")
if ! [[ $package = *"is not owned by any"* ]]; then
manpages_list="$manpages_list$package\n"
fi
done
done
mkdir -p tmp
echo -e "$manpages_list" | sort | uniq > tmp/docs_list$postfix
rpm -qa --qf "%{NAME}\n" | sort | uniq > tmp/rpm_list$postfix
)
generate()
(
diff -c tmp/rpm_list_toolbox tmp/rpm_list | grep -E "^\+" | tr -d '+ ' > tmp/missing_packages
diff -c tmp/docs_list_toolbox tmp/docs_list | grep -E "^\+" | tr -d '+ ' > tmp/missing_manpages
manpages_list=$(comm -1 -3 tmp/missing_packages tmp/missing_manpages)
manpages_final=""
while read -r line; do
if [ "$(man $line)" != "" ]; then
manpages_final="$manpages_final$line\n"
fi
done <<< "$manpages_list"
echo -e "$manpages_final" >> missing-docs
)
case $1 in
collect )
shift
toolbox=false
case $1 in
-t | --toolbox )
toolbox=true
;;
esac
collect "$toolbox"
exit
;;
generate )
generate
exit
;;
clean )
rm -rf tmp
exit
;;
* )
exit 1
esac

28
images/arch/Containerfile
View File

@ -1,28 +0,0 @@
FROM docker.io/library/archlinux:base-devel
LABEL com.github.containers.toolbox="true" \
name="arch-toolbox" \
version="base-devel" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Arch Linux Toolbx containers" \
maintainer="Morten Linderud <foxboron@archlinux.org>"
# Install extra packages
COPY extra-packages /
RUN pacman -Syu --needed --noconfirm - < extra-packages
RUN rm /extra-packages
# Enable man pages, enable progress bars
RUN sed -i -e 's/NoProgressBar/#NoProgressBar/' -e 's/NoExtract/#NoExtract/' /etc/pacman.conf
# Force reinstall of packages which have man pages (shouldn't redownload any that were just upgraded)
RUN mkdir -p /usr/share/man && pacman -Qo /usr/share/man | awk '{print $5}' | xargs pacman -S --noconfirm man-db
# Clean up cache
RUN yes | pacman -Scc
# Enable sudo permission for wheel users
RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/toolbox
# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules

27
images/arch/extra-packages
View File

@ -1,27 +0,0 @@
bash-completion
diffutils
flatpak-xdg-utils
git
gnupg
keyutils
libp11-kit
lsof
man-db
man-pages
mlocate
mtr
nss-mdns
openssh
pigz
procps-ng
rsync
tcpdump
time
traceroute
tree
unzip
vte-common
wget
words
xorg-xauth
zip

11
images/fedora/f28/Containerfile → images/fedora/f28/Dockerfile
View File

@ -1,11 +1,10 @@
FROM registry.fedoraproject.org/fedora:28
ENV NAME=fedora-toolbox VERSION=28
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
LABEL com.redhat.component="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
usage="This image is meant to be used with the fedora-toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
@ -14,14 +13,8 @@ COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

5
images/fedora/f28/extra-packages
View File

@ -2,8 +2,8 @@ bash-completion
bzip2
diffutils
dnf-plugins-core
findutils
fpaste
findutils
git
gnupg
gnupg2-smime
@ -11,21 +11,18 @@ hostname
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mlocate
mtr
nss-mdns
openssh-clients
PackageKit-command-not-found
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time

22
images/fedora/f28/missing-docs
View File

@ -1,22 +0,0 @@
acl
bash
chkconfig
curl
dbus
dnf
gawk
grep
gzip
info
libcap
nss
openssl
p11-kit
pam
pkgconf
python3
rpm
rpm-plugin-systemd-inhibit
sed
systemd
tar

11
images/fedora/f29/Containerfile → images/fedora/f29/Dockerfile
View File

@ -1,11 +1,10 @@
FROM registry.fedoraproject.org/fedora:29
ENV NAME=fedora-toolbox VERSION=29
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
LABEL com.redhat.component="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
usage="This image is meant to be used with the fedora-toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
@ -14,14 +13,8 @@ COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

7
images/fedora/f29/extra-packages
View File

@ -2,9 +2,8 @@ bash-completion
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-xdg-utils
fpaste
findutils
git
gnupg
gnupg2-smime
@ -12,20 +11,18 @@ hostname
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mlocate
mtr
nss-mdns
openssh-clients
PackageKit-command-not-found
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time

20
images/fedora/f29/missing-docs
View File

@ -1,20 +0,0 @@
acl
bash
chkconfig
curl
dbus-daemon
dnf
gawk
grep
gzip
info
libcap
openssl
p11-kit
pam
python3
rpm
rpm-plugin-systemd-inhibit
sed
systemd
tar

11
images/fedora/f30/Containerfile → images/fedora/f30/Dockerfile
View File

@ -1,11 +1,10 @@
FROM registry.fedoraproject.org/fedora:30
ENV NAME=fedora-toolbox VERSION=30
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
LABEL com.redhat.component="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
usage="This image is meant to be used with the fedora-toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
@ -14,14 +13,8 @@ COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

7
images/fedora/f30/extra-packages
View File

@ -2,9 +2,8 @@ bash-completion
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
findutils
git
gnupg
gnupg2-smime
@ -12,20 +11,18 @@ hostname
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mlocate
mtr
nss-mdns
openssh-clients
PackageKit-command-not-found
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time

18
images/fedora/f30/missing-docs
View File

@ -1,18 +0,0 @@
acl
bash
chkconfig
curl
dbus-daemon
gawk
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
rpm-plugin-systemd-inhibit
sed
systemd
tar

27
images/fedora/f31/Containerfile
View File

@ -1,27 +0,0 @@
FROM registry.fedoraproject.org/fedora:31
ENV NAME=fedora-toolbox VERSION=31
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

1
images/fedora/f31/README.md
View File

@ -1 +0,0 @@
../../../README.md

42
images/fedora/f31/extra-packages
View File

@ -1,42 +0,0 @@
bash-completion
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg
gnupg2-smime
gvfs-client
hostname
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mlocate
mtr
nss-mdns
openssh-clients
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
vte-profile
wget
which
words
xorg-x11-xauth
xz
zip

18
images/fedora/f31/missing-docs
View File

@ -1,18 +0,0 @@
acl
bash
chkconfig
curl
dbus-daemon
gawk
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
rpm-plugin-systemd-inhibit
sed
systemd
tar

26
images/fedora/f32/Containerfile
View File

@ -1,26 +0,0 @@
FROM registry.fedoraproject.org/fedora:32
ENV NAME=fedora-toolbox VERSION=32
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

163
images/fedora/f32/README.md
View File

@ -1,163 +0,0 @@
<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
systems, which allows the use of containerized command line environments. It is
built on top of [Podman](https://podman.io/) and other standard container
technologies from [OCI](https://opencontainers.org/).
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or install tools for debugging in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and debugging tools, editors
and SDKs. For example, it's possible to do `yum install ansible` without
affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that seamlessly integrates with the rest of the
operating system by providing access to the user's home directory, the Wayland
and X11 sockets, SSH agent, etc..
## Installation
Toolbox is installed by default on Fedora Silverblue. On other operating
systems it's just a matter of installing the `toolbox` package.
## Usage
### Create your toolbox container:
```console
[user@hostname ~]$ toolbox create
Created container: fedora-toolbox-33
Enter with: toolbox enter
[user@hostname ~]$
```
This will create a container called `fedora-toolbox-<version-id>`.
### Enter the toolbox:
```console
[user@hostname ~]$ toolbox enter
⬢[user@toolbox ~]$
```
### Remove a toolbox container:
```console
[user@hostname ~]$ toolbox rm fedora-toolbox-33
[user@hostname ~]$
```
## Dependencies and Building
Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
system.
The following dependencies are required to build it:
- meson
- go-md2man
- systemd
- go
- ninja
The following dependencies enable various optional features:
- bash-completion
It can be built and installed as any other typical Meson-based project:
```console
[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
[user@hostname toolbox]$ ninja -C builddir
[user@hostname toolbox]$ sudo ninja -C builddir install
```
Toolbox is written in Go. Consult the
[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
for a full list of all the Go dependencies.
By default, Toolbox uses Go modules and all the required Go packages are
automatically downloaded as part of the build. There's no need to worry about
the Go dependencies, unless the build environment doesn't have network access
or any such peculiarities.
## Distro support
By default, Toolbox creates the container using an
[OCI](https://www.opencontainers.org/) image called
`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
host would be `fedora-toolbox:33`.
This default can be overridden by the `--image` option in `toolbox create`,
but operating system distributors should provide an adequately configured
default image to ensure a smooth user experience.
## Image requirements
Toolbox customizes newly created containers in a certain way. This requires
certain tools and paths to be present and have certain characteristics inside
the OCI image.
Tools:
* `getent(1)`
* `id(1)`
* `ln(1)`
* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `passwd(1)`
* `readlink(1)`
* `rm(1)`
* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `sleep(1)`
* `test(1)`
* `touch(1)`
* `unlink(1)`
* `useradd(8)`
* `usermod(8)`
Paths:
* `/etc/host.conf`: optional, if present not a bind mount
* `/etc/hosts`: optional, if present not a bind mount
* `/etc/krb5.conf.d`: directory, not a bind mount
* `/etc/localtime`: optional, if present not a bind mount
* `/etc/resolv.conf`: optional, if present not a bind mount
* `/etc/timezone`: optional, if present not a bind mount
Toolbox enables `sudo(8)` access inside containers. The following is necessary
for that to work:
* The image should have `sudo(8)` enabled for users belonging to either the
`sudo` or `wheel` groups, and the group itself should exist. File an
[issue](https://github.com/containers/toolbox/issues/new) if you really need
support for a different group. However, it's preferable to keep this list as
short as possible.
* The image should allow empty passwords for `sudo(8)`. This can be achieved
by either adding the `nullok` option to the `PAM(8)` configuration, or by
add the `NOPASSWD` tag to the `sudoers(5)` configuration.
Since Toolbox only works with OCI images that fulfill certain requirements,
it will refuse images that aren't tagged with
`com.github.containers.toolbox="true"` and
`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
used by the maintainer of the image to indicate that they have read this
document and tested that the image works with Toolbox. You can use the
following snippet in a Dockerfile for this:
```Dockerfile
LABEL com.github.containers.toolbox="true"
```
The label `com.github.debarshiray.toolbox="true"` was used in previous versions
of toolbox but is currently deprecated.

42
images/fedora/f32/extra-packages
View File

@ -1,42 +0,0 @@
bash-completion
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg
gnupg2-smime
gvfs-client
hostname
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mlocate
mtr
nss-mdns
openssh-clients
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
vte-profile
wget
which
words
xorg-x11-xauth
xz
zip

18
images/fedora/f32/missing-docs
View File

@ -1,18 +0,0 @@
acl
bash
chkconfig
curl
dbus-daemon
gawk
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
rpm-plugin-systemd-inhibit
sed
systemd
tar

26
images/fedora/f33/Containerfile
View File

@ -1,26 +0,0 @@
FROM registry.fedoraproject.org/fedora:33
ENV NAME=fedora-toolbox VERSION=33
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

167
images/fedora/f33/README.md
View File

@ -1,167 +0,0 @@
<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
systems, which allows the use of containerized command line environments. It is
built on top of [Podman](https://podman.io/) and other standard container
technologies from [OCI](https://opencontainers.org/).
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or install tools for debugging in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and debugging tools, editors
and SDKs. For example, it's possible to do `yum install ansible` without
affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that seamlessly integrates with the rest of the
operating system by providing access to the user's home directory, the Wayland
and X11 sockets, networking (including Avahi), removable devices (like USB
sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..
## Installation
Toolbox is installed by default on Fedora Silverblue. On other operating
systems it's just a matter of installing the `toolbox` package.
## Usage
### Create your toolbox container:
```console
[user@hostname ~]$ toolbox create
Created container: fedora-toolbox-33
Enter with: toolbox enter
[user@hostname ~]$
```
This will create a container called `fedora-toolbox-<version-id>`.
### Enter the toolbox:
```console
[user@hostname ~]$ toolbox enter
⬢[user@toolbox ~]$
```
### Remove a toolbox container:
```console
[user@hostname ~]$ toolbox rm fedora-toolbox-33
[user@hostname ~]$
```
## Dependencies and Building
Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
system.
The following dependencies are required to build it:
- meson
- go-md2man
- systemd
- go
- ninja
The following dependencies enable various optional features:
- bash-completion
It can be built and installed as any other typical Meson-based project:
```console
[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
[user@hostname toolbox]$ ninja -C builddir
[user@hostname toolbox]$ sudo ninja -C builddir install
```
Toolbox is written in Go. Consult the
[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
for a full list of all the Go dependencies.
By default, Toolbox uses Go modules and all the required Go packages are
automatically downloaded as part of the build. There's no need to worry about
the Go dependencies, unless the build environment doesn't have network access
or any such peculiarities.
## Distro support
By default, Toolbox creates the container using an
[OCI](https://www.opencontainers.org/) image called
`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
host would be `fedora-toolbox:33`.
This default can be overridden by the `--image` option in `toolbox create`,
but operating system distributors should provide an adequately configured
default image to ensure a smooth user experience.
## Image requirements
Toolbox customizes newly created containers in a certain way. This requires
certain tools and paths to be present and have certain characteristics inside
the OCI image.
Tools:
* `getent(1)`
* `id(1)`
* `ln(1)`
* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `passwd(1)`
* `readlink(1)`
* `rm(1)`
* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `sleep(1)`
* `test(1)`
* `touch(1)`
* `unlink(1)`
* `useradd(8)`
* `usermod(8)`
Paths:
* `/etc/host.conf`: optional, if present not a bind mount
* `/etc/hosts`: optional, if present not a bind mount
* `/etc/krb5.conf.d`: directory, not a bind mount
* `/etc/localtime`: optional, if present not a bind mount
* `/etc/machine-id`: optional, not a bind mount
* `/etc/resolv.conf`: optional, if present not a bind mount
* `/etc/timezone`: optional, if present not a bind mount
Toolbox enables `sudo(8)` access inside containers. The following is necessary
for that to work:
* The image should have `sudo(8)` enabled for users belonging to either the
`sudo` or `wheel` groups, and the group itself should exist. File an
[issue](https://github.com/containers/toolbox/issues/new) if you really need
support for a different group. However, it's preferable to keep this list as
short as possible.
* The image should allow empty passwords for `sudo(8)`. This can be achieved
by either adding the `nullok` option to the `PAM(8)` configuration, or by
add the `NOPASSWD` tag to the `sudoers(5)` configuration.
Since Toolbox only works with OCI images that fulfill certain requirements,
it will refuse images that aren't tagged with
`com.github.containers.toolbox="true"` and
`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
used by the maintainer of the image to indicate that they have read this
document and tested that the image works with Toolbox. You can use the
following snippet in a Dockerfile for this:
```Dockerfile
LABEL com.github.containers.toolbox="true"
```
The label `com.github.debarshiray.toolbox="true"` was used in previous versions
of toolbox but is currently deprecated.

45
images/fedora/f33/extra-packages
View File

@ -1,45 +0,0 @@
bash-completion
bc
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg
gnupg2-smime
gvfs-client
hostname
iproute
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mlocate
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
vte-profile
wget
which
words
xorg-x11-xauth
xz
zip

15
images/fedora/f33/missing-docs
View File

@ -1,15 +0,0 @@
acl
bash
curl
gawk
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
sed
systemd
tar

25
images/fedora/f34/Containerfile
View File

@ -1,25 +0,0 @@
FROM registry.fedoraproject.org/fedora:34
ENV NAME=fedora-toolbox VERSION=34
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all

167
images/fedora/f34/README.md
View File

@ -1,167 +0,0 @@
<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
systems, which allows the use of containerized command line environments. It is
built on top of [Podman](https://podman.io/) and other standard container
technologies from [OCI](https://opencontainers.org/).
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or install tools for debugging in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and debugging tools, editors
and SDKs. For example, it's possible to do `yum install ansible` without
affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that seamlessly integrates with the rest of the
operating system by providing access to the user's home directory, the Wayland
and X11 sockets, networking (including Avahi), removable devices (like USB
sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..
## Installation
Toolbox is installed by default on Fedora Silverblue. On other operating
systems it's just a matter of installing the `toolbox` package.
## Usage
### Create your toolbox container:
```console
[user@hostname ~]$ toolbox create
Created container: fedora-toolbox-33
Enter with: toolbox enter
[user@hostname ~]$
```
This will create a container called `fedora-toolbox-<version-id>`.
### Enter the toolbox:
```console
[user@hostname ~]$ toolbox enter
⬢[user@toolbox ~]$
```
### Remove a toolbox container:
```console
[user@hostname ~]$ toolbox rm fedora-toolbox-33
[user@hostname ~]$
```
## Dependencies and Building
Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
system.
The following dependencies are required to build it:
- meson
- go-md2man
- systemd
- go
- ninja
The following dependencies enable various optional features:
- bash-completion
It can be built and installed as any other typical Meson-based project:
```console
[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
[user@hostname toolbox]$ ninja -C builddir
[user@hostname toolbox]$ sudo ninja -C builddir install
```
Toolbox is written in Go. Consult the
[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
for a full list of all the Go dependencies.
By default, Toolbox uses Go modules and all the required Go packages are
automatically downloaded as part of the build. There's no need to worry about
the Go dependencies, unless the build environment doesn't have network access
or any such peculiarities.
## Distro support
By default, Toolbox creates the container using an
[OCI](https://www.opencontainers.org/) image called
`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
host would be `fedora-toolbox:33`.
This default can be overridden by the `--image` option in `toolbox create`,
but operating system distributors should provide an adequately configured
default image to ensure a smooth user experience.
## Image requirements
Toolbox customizes newly created containers in a certain way. This requires
certain tools and paths to be present and have certain characteristics inside
the OCI image.
Tools:
* `getent(1)`
* `id(1)`
* `ln(1)`
* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `passwd(1)`
* `readlink(1)`
* `rm(1)`
* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `sleep(1)`
* `test(1)`
* `touch(1)`
* `unlink(1)`
* `useradd(8)`
* `usermod(8)`
Paths:
* `/etc/host.conf`: optional, if present not a bind mount
* `/etc/hosts`: optional, if present not a bind mount
* `/etc/krb5.conf.d`: directory, not a bind mount
* `/etc/localtime`: optional, if present not a bind mount
* `/etc/machine-id`: optional, not a bind mount
* `/etc/resolv.conf`: optional, if present not a bind mount
* `/etc/timezone`: optional, if present not a bind mount
Toolbox enables `sudo(8)` access inside containers. The following is necessary
for that to work:
* The image should have `sudo(8)` enabled for users belonging to either the
`sudo` or `wheel` groups, and the group itself should exist. File an
[issue](https://github.com/containers/toolbox/issues/new) if you really need
support for a different group. However, it's preferable to keep this list as
short as possible.
* The image should allow empty passwords for `sudo(8)`. This can be achieved
by either adding the `nullok` option to the `PAM(8)` configuration, or by
add the `NOPASSWD` tag to the `sudoers(5)` configuration.
Since Toolbox only works with OCI images that fulfill certain requirements,
it will refuse images that aren't tagged with
`com.github.containers.toolbox="true"` and
`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
used by the maintainer of the image to indicate that they have read this
document and tested that the image works with Toolbox. You can use the
following snippet in a Dockerfile for this:
```Dockerfile
LABEL com.github.containers.toolbox="true"
```
The label `com.github.debarshiray.toolbox="true"` was used in previous versions
of toolbox but is currently deprecated.

45
images/fedora/f34/extra-packages
View File

@ -1,45 +0,0 @@
bash-completion
bc
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg
gnupg2-smime
gvfs-client
hostname
iproute
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
util-linux
vte-profile
wget
which
words
xorg-x11-xauth
xz
zip

15
images/fedora/f34/missing-docs
View File

@ -1,15 +0,0 @@
acl
bash
curl
gawk
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
sed
systemd
tar

25
images/fedora/f35/Containerfile
View File

@ -1,25 +0,0 @@
FROM registry.fedoraproject.org/fedora:35
ENV NAME=fedora-toolbox VERSION=35
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all

167
images/fedora/f35/README.md
View File

@ -1,167 +0,0 @@
<img src="data/logo/toolbox-logo-landscape.svg" alt="Toolbox logo landscape" width="800"/>
[![Zuul](https://zuul-ci.org/gated.svg)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers/toolbox)
[![Daily Pipeline](https://softwarefactory-project.io/zuul/api/tenant/local/badge?project=containers/toolbox&pipeline=periodic)](https://softwarefactory-project.io/zuul/t/local/builds?project=containers%2Ftoolbox&pipeline=periodic)
[![Arch Linux package](https://img.shields.io/archlinux/v/community/x86_64/toolbox)](https://www.archlinux.org/packages/community/x86_64/toolbox/)
[![Fedora package](https://img.shields.io/fedora/v/toolbox/rawhide)](https://src.fedoraproject.org/rpms/toolbox/)
[Toolbox](https://github.com/containers/toolbox) is a tool for Linux operating
systems, which allows the use of containerized command line environments. It is
built on top of [Podman](https://podman.io/) and other standard container
technologies from [OCI](https://opencontainers.org/).
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or install tools for debugging in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and debugging tools, editors
and SDKs. For example, it's possible to do `yum install ansible` without
affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that seamlessly integrates with the rest of the
operating system by providing access to the user's home directory, the Wayland
and X11 sockets, networking (including Avahi), removable devices (like USB
sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..
## Installation
Toolbox is installed by default on Fedora Silverblue. On other operating
systems it's just a matter of installing the `toolbox` package.
## Usage
### Create your toolbox container:
```console
[user@hostname ~]$ toolbox create
Created container: fedora-toolbox-33
Enter with: toolbox enter
[user@hostname ~]$
```
This will create a container called `fedora-toolbox-<version-id>`.
### Enter the toolbox:
```console
[user@hostname ~]$ toolbox enter
⬢[user@toolbox ~]$
```
### Remove a toolbox container:
```console
[user@hostname ~]$ toolbox rm fedora-toolbox-33
[user@hostname ~]$
```
## Dependencies and Building
Toolbox requires at least Podman 1.4.0 to work, and uses the Meson build
system.
The following dependencies are required to build it:
- meson
- go-md2man
- systemd
- go
- ninja
The following dependencies enable various optional features:
- bash-completion
It can be built and installed as any other typical Meson-based project:
```console
[user@hostname toolbox]$ meson -Dprofile_dir=/etc/profile.d builddir
[user@hostname toolbox]$ ninja -C builddir
[user@hostname toolbox]$ sudo ninja -C builddir install
```
Toolbox is written in Go. Consult the
[src/go.mod](https://github.com/containers/toolbox/blob/main/src/go.mod) file
for a full list of all the Go dependencies.
By default, Toolbox uses Go modules and all the required Go packages are
automatically downloaded as part of the build. There's no need to worry about
the Go dependencies, unless the build environment doesn't have network access
or any such peculiarities.
## Distro support
By default, Toolbox creates the container using an
[OCI](https://www.opencontainers.org/) image called
`<ID>-toolbox:<VERSION-ID>`, where `<ID>` and `<VERSION-ID>` are taken from the
host's `/usr/lib/os-release`. For example, the default image on a Fedora 33
host would be `fedora-toolbox:33`.
This default can be overridden by the `--image` option in `toolbox create`,
but operating system distributors should provide an adequately configured
default image to ensure a smooth user experience.
## Image requirements
Toolbox customizes newly created containers in a certain way. This requires
certain tools and paths to be present and have certain characteristics inside
the OCI image.
Tools:
* `getent(1)`
* `id(1)`
* `ln(1)`
* `mkdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `passwd(1)`
* `readlink(1)`
* `rm(1)`
* `rmdir(1)`: for hosts where `/home` is a symbolic link to `/var/home`
* `sleep(1)`
* `test(1)`
* `touch(1)`
* `unlink(1)`
* `useradd(8)`
* `usermod(8)`
Paths:
* `/etc/host.conf`: optional, if present not a bind mount
* `/etc/hosts`: optional, if present not a bind mount
* `/etc/krb5.conf.d`: directory, not a bind mount
* `/etc/localtime`: optional, if present not a bind mount
* `/etc/machine-id`: optional, not a bind mount
* `/etc/resolv.conf`: optional, if present not a bind mount
* `/etc/timezone`: optional, if present not a bind mount
Toolbox enables `sudo(8)` access inside containers. The following is necessary
for that to work:
* The image should have `sudo(8)` enabled for users belonging to either the
`sudo` or `wheel` groups, and the group itself should exist. File an
[issue](https://github.com/containers/toolbox/issues/new) if you really need
support for a different group. However, it's preferable to keep this list as
short as possible.
* The image should allow empty passwords for `sudo(8)`. This can be achieved
by either adding the `nullok` option to the `PAM(8)` configuration, or by
add the `NOPASSWD` tag to the `sudoers(5)` configuration.
Since Toolbox only works with OCI images that fulfill certain requirements,
it will refuse images that aren't tagged with
`com.github.containers.toolbox="true"` and
`com.github.debarshiray.toolbox="true"` labels. These labels are meant to be
used by the maintainer of the image to indicate that they have read this
document and tested that the image works with Toolbox. You can use the
following snippet in a Dockerfile for this:
```Dockerfile
LABEL com.github.containers.toolbox="true"
```
The label `com.github.debarshiray.toolbox="true"` was used in previous versions
of toolbox but is currently deprecated.

48
images/fedora/f35/extra-packages
View File

@ -1,48 +0,0 @@
bash-completion
bc
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg
gnupg2-smime
gvfs-client
hostname
iproute
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mesa-dri-drivers
mesa-vulkan-drivers
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
util-linux
vte-profile
vulkan-loader
wget
which
words
xorg-x11-xauth
xz
zip

15
images/fedora/f35/missing-docs
View File

@ -1,15 +0,0 @@
acl
bash
curl
gawk
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
sed
systemd
tar

44
images/fedora/f36/Containerfile
View File

@ -1,44 +0,0 @@
FROM registry.fedoraproject.org/fedora:36
ARG NAME=fedora-toolbox
ARG VERSION=36
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN rm /etc/rpm/macros.image-language-conf
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y upgrade
RUN dnf -y swap coreutils-single coreutils-full
RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
COPY ensure-files /
RUN ret_val=0; \
while read file; do \
if ! compgen -G "$file" >/dev/null; then \
echo "$file: No such file or directory" >&2; \
ret_val=1; \
break; \
fi; \
done <ensure-files; \
if [ "$ret_val" -ne 0 ]; then \
false; \
fi
RUN rm /ensure-files
RUN dnf clean all

44
images/fedora/f36/README.md
View File

@ -1,44 +0,0 @@
[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
Toolbox environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that offers the interactive command line
environment.
Note that Toolbox makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbox and [Linux distro support](https://containertoolbx.org/distros/).

17
images/fedora/f36/ensure-files
View File

@ -1,17 +0,0 @@
/usr/share/man/man1/bash.1*
/usr/share/man/man1/cd.1*
/usr/share/man/man1/export.1*
/usr/share/man/man1/cat.1*
/usr/share/man/man1/cp.1*
/usr/share/man/man1/ls.1*
/usr/share/man/man1/gpg2.1*
/usr/share/man/man7/gnupg2.7*
/usr/share/man/fr/man8/rpm.8*
/usr/share/man/ja/man8/rpm.8*
/usr/share/man/man8/rpm.8*
/usr/share/man/man1/kill.1*
/usr/share/man/man8/mount.8*

48
images/fedora/f36/extra-packages
View File

@ -1,48 +0,0 @@
bash-completion
bc
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg2
gnupg2-smime
gvfs-client
hostname
iproute
iputils
jwhois
keyutils
krb5-libs
less
lsof
man-db
man-pages
mesa-dri-drivers
mesa-vulkan-drivers
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
util-linux
vte-profile
vulkan-loader
wget
which
words
xorg-x11-xauth
xz
zip

20
images/fedora/f36/missing-docs
View File

@ -1,20 +0,0 @@
acl
bash
coreutils-common
curl
findutils
gawk
gnupg2
grep
gzip
libcap
openssl
p11-kit
pam
python3
rpm
sed
sudo
systemd
tar
util-linux-core

54
images/fedora/f37/Containerfile
View File

@ -1,54 +0,0 @@
FROM registry.fedoraproject.org/fedora:37
ARG NAME=fedora-toolbox
ARG VERSION=37
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating Fedora toolbox containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN rm /etc/rpm/macros.image-language-conf
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y upgrade
RUN dnf -y swap coreutils-single coreutils-full
RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
COPY ensure-files /
RUN ret_val=0; \
while read file; do \
if ! compgen -G "$file" >/dev/null; then \
echo "$file: No such file or directory" >&2; \
ret_val=1; \
break; \
fi; \
done <ensure-files; \
if [ "$ret_val" -ne 0 ]; then \
false; \
fi
RUN rm /ensure-files
RUN broken_packages="$(rpm --all --query --state --queryformat "PACKAGE: %{NAME}\n" \
| sed --quiet --regexp-extended '/PACKAGE: /{s/PACKAGE: // ; h ; b }; /^not installed/ { g; p }' \
| uniq \
| sort)"; \
if [ "$broken_packages" != "" ]; then \
echo "Packages with missing files:" >&2; \
echo "$broken_packages" >&2; \
false; \
fi
RUN dnf clean all

44
images/fedora/f37/README.md
View File

@ -1,44 +0,0 @@
[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
Toolbox environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that offers the interactive command line
environment.
Note that Toolbox makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbox and [Linux distro support](https://containertoolbx.org/distros/).

46
images/fedora/f37/ensure-files
View File

@ -1,46 +0,0 @@
/usr/share/man/man1/bash.1*
/usr/share/man/man1/cd.1*
/usr/share/man/man1/export.1*
/usr/share/man/man1/cat.1*
/usr/share/man/man1/cp.1*
/usr/share/man/man1/ls.1*
/usr/share/man/man8/dnf.8*
/usr/share/man/man5/dnf.conf.5*
/usr/share/locale/de/LC_MESSAGES/elfutils.mo
/usr/share/locale/ja/LC_MESSAGES/elfutils.mo
/usr/share/man/man1/gpg2.1*
/usr/share/man/man7/gnupg2.7*
/usr/share/info/nettle.info*
/usr/share/locale/fr/LC_MESSAGES/popt.mo
/usr/share/locale/ja/LC_MESSAGES/popt.mo
/usr/share/man/fr/man1/pstree.1*
/usr/share/man/ru/man1/pstree.1*
/usr/share/man/man1/pstree.1*
/usr/share/info/history.info*
/usr/share/man/fr/man8/rpm.8*
/usr/share/man/ja/man8/rpm.8*
/usr/share/man/man8/rpm.8*
/usr/share/man/fr/man8/useradd.8*
/usr/share/man/ja/man8/useradd.8*
/usr/share/man/man8/useradd.8*
/usr/share/man/man1/cal.1.*
/usr/share/man/man1/getopt.1*
/usr/share/man/man1/hexdump.1*
/usr/share/man/man1/kill.1*
/usr/share/man/man8/mount.8*
/usr/share/man/fr/man1/xz.1*
/usr/share/man/ko/man1/xz.1*
/usr/share/man/man1/xz.1*

49
images/fedora/f37/extra-packages
View File

@ -1,49 +0,0 @@
bash-completion
bc
bzip2
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
git
gnupg2
gnupg2-smime
gvfs-client
hostname
iproute
iputils
keyutils
krb5-libs
less
lsof
man-db
man-pages
mesa-dri-drivers
mesa-vulkan-drivers
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
psmisc
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
util-linux
vte-profile
vulkan-loader
wget
which
whois
words
xorg-x11-xauth
xz
zip

91
images/fedora/f37/missing-docs
View File

@ -1,91 +0,0 @@
acl
alternatives
audit-libs
authselect
authselect-libs
bash
ca-certificates
coreutils-common
cracklib
crypto-policies
curl
cyrus-sasl-lib
dnf
dnf-data
elfutils-libelf
expat
file-libs
filesystem
findutils
gawk
glib2
gmp
gnupg2
gnutls
gpgme
grep
gzip
ima-evm-utils
keyutils-libs
krb5-libs
libarchive
libassuan
libblkid
libcap
libcap-ng
libdb
libdnf
libeconf
libevent
libffi
libgcrypt
libgomp
libgpg-error
libidn2
libksba
libmodulemd
libpwquality
librepo
libsemanage
libsigsegv
libsolv
libssh
libtasn1
libtirpc
libunistring
libverto
libxcrypt
libxml2
libyaml
lz4-libs
mpfr
ncurses-base
nettle
openldap
openssl
p11-kit
pam
pcre
pcre2-syntax
popt
python3
python3-gpg
python3-libs
python3-rpm
readline
rpm
sed
setup
shadow-utils
sqlite-libs
sudo
systemd
systemd-libs
tar
tpm2-tss
tzdata
util-linux-core
vim-minimal
yum
zchunk-libs
zlib

54
images/fedora/f38/Containerfile
View File

@ -1,54 +0,0 @@
FROM registry.fedoraproject.org/fedora:38
ARG NAME=fedora-toolbox
ARG VERSION=38
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox(1) command" \
summary="Image for creating Fedora Toolbx containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN rm /etc/rpm/macros.image-language-conf
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y upgrade
RUN dnf -y swap coreutils-single coreutils-full
RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
COPY ensure-files /
RUN ret_val=0; \
while read file; do \
if ! compgen -G "$file" >/dev/null; then \
echo "$file: No such file or directory" >&2; \
ret_val=1; \
break; \
fi; \
done <ensure-files; \
if [ "$ret_val" -ne 0 ]; then \
false; \
fi
RUN rm /ensure-files
RUN broken_packages="$(rpm --all --query --state --queryformat "PACKAGE: %{NAME}\n" \
| sed --quiet --regexp-extended '/PACKAGE: /{s/PACKAGE: // ; h ; b }; /^not installed/ { g; p }' \
| uniq \
| sort)"; \
if [ "$broken_packages" != "" ]; then \
echo "Packages with missing files:" >&2; \
echo "$broken_packages" >&2; \
false; \
fi
RUN dnf clean all

44
images/fedora/f38/README.md
View File

@ -1,44 +0,0 @@
[Toolbx](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
Toolbx environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
This is particularly useful on
[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
Toolbx solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The Toolbx environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a Toolbx container that offers the interactive command line
environment.
Note that Toolbx makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbx and [Linux distro support](https://containertoolbx.org/distros/).

52
images/fedora/f38/ensure-files
View File

@ -1,52 +0,0 @@
/usr/share/man/man1/bash.1*
/usr/share/man/man1/cd.1*
/usr/share/man/man1/export.1*
/usr/share/man/man1/cat.1*
/usr/share/man/man1/cp.1*
/usr/share/man/man1/ls.1*
/usr/share/cracklib/cracklib-small.pwd*
/usr/share/cracklib/pw_dict.pwd*
/usr/share/man/man8/dnf.8*
/usr/share/man/man5/dnf.conf.5*
/usr/share/locale/de/LC_MESSAGES/elfutils.mo
/usr/share/locale/ja/LC_MESSAGES/elfutils.mo
/usr/share/locale/fr/LC_MESSAGES/gawk.mo
/usr/share/locale/ko/LC_MESSAGES/gawk.mo
/usr/share/man/man1/gpg2.1*
/usr/share/man/man7/gnupg2.7*
/usr/share/info/nettle.info*
/usr/share/locale/fr/LC_MESSAGES/popt.mo
/usr/share/locale/ja/LC_MESSAGES/popt.mo
/usr/share/man/fr/man1/pstree.1*
/usr/share/man/ko/man1/pstree.1*
/usr/share/man/man1/pstree.1*
/usr/share/info/history.info*
/usr/share/man/fr/man8/rpm.8*
/usr/share/man/ja/man8/rpm.8*
/usr/share/man/man8/rpm.8*
/usr/share/man/fr/man8/useradd.8*
/usr/share/man/ja/man8/useradd.8*
/usr/share/man/man8/useradd.8*
/usr/share/man/man1/cal.1.*
/usr/share/man/man1/getopt.1*
/usr/share/man/man1/hexdump.1*
/usr/share/man/man1/kill.1*
/usr/share/man/man8/mount.8*
/usr/share/man/fr/man1/xz.1*
/usr/share/man/ko/man1/xz.1*
/usr/share/man/man1/xz.1*

52
images/fedora/f38/extra-packages
View File

@ -1,52 +0,0 @@
bash-completion
bc
bzip2
cracklib-dicts
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
gawk-all-langpacks
git
glibc-gconv-extra
gnupg2
gnupg2-smime
gvfs-client
hostname
iproute
iputils
keyutils
krb5-libs
less
lsof
man-db
man-pages
mesa-dri-drivers
mesa-vulkan-drivers
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
psmisc
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
util-linux
vte-profile
vulkan-loader
wget
which
whois
words
xorg-x11-xauth
xz
zip

92
images/fedora/f38/missing-docs
View File

@ -1,92 +0,0 @@
acl
alternatives
audit-libs
authselect
authselect-libs
bash
ca-certificates
coreutils-common
cracklib
crypto-policies
curl
cyrus-sasl-lib
dnf
dnf-data
elfutils-libelf
expat
file-libs
filesystem
findutils
gawk
glib2
gmp
gnupg2
gnutls
gpgme
grep
gzip
ima-evm-utils
keyutils-libs
krb5-libs
libarchive
libassuan
libblkid
libcap
libcap-ng
libcomps
libdb
libdnf
libeconf
libevent
libffi
libgcrypt
libgomp
libgpg-error
libidn2
libksba
libmodulemd
libpwquality
librepo
libsemanage
libsigsegv
libsolv
libssh
libtasn1
libtirpc
libunistring
libunistring1.0
libverto
libxcrypt
libxml2
libyaml
lz4-libs
mpfr
ncurses-base
nettle
openldap
openssl
p11-kit
pam
pcre2-syntax
popt
python3
python3-libs
python3-rpm
readline
rpm
rpm-sequoia
sed
setup
shadow-utils
sqlite-libs
sudo
systemd
systemd-libs
tar
tpm2-tss
tzdata
util-linux-core
vim-minimal
yum
zchunk-libs
zlib

54
images/fedora/f39/Containerfile
View File

@ -1,54 +0,0 @@
FROM registry.fedoraproject.org/fedora:39
ARG NAME=fedora-toolbox
ARG VERSION=39
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox(1) command" \
summary="Image for creating Fedora Toolbx containers" \
maintainer="Debarshi Ray <rishi@fedoraproject.org>"
COPY README.md /
RUN rm /etc/rpm/macros.image-language-conf
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y upgrade
RUN dnf -y swap coreutils-single coreutils-full
RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
COPY ensure-files /
RUN ret_val=0; \
while read file; do \
if ! compgen -G "$file" >/dev/null; then \
echo "$file: No such file or directory" >&2; \
ret_val=1; \
break; \
fi; \
done <ensure-files; \
if [ "$ret_val" -ne 0 ]; then \
false; \
fi
RUN rm /ensure-files
RUN broken_packages="$(rpm --all --query --state --queryformat "PACKAGE: %{NAME}\n" \
| sed --quiet --regexp-extended '/PACKAGE: /{s/PACKAGE: // ; h ; b }; /^not installed/ { g; p }' \
| uniq \
| sort)"; \
if [ "$broken_packages" != "" ]; then \
echo "Packages with missing files:" >&2; \
echo "$broken_packages" >&2; \
false; \
fi
RUN dnf clean all

44
images/fedora/f39/README.md
View File

@ -1,44 +0,0 @@
[Toolbx](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for software development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
Toolbx environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
This is particularly useful on
[OSTree](https://ostreedev.github.io/ostree/) based operating systems like
[Fedora CoreOS](https://fedoraproject.org/coreos/) and
[Silverblue](https://fedoraproject.org/silverblue/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
Toolbx solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The Toolbx environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a Toolbx container that offers the interactive command line
environment.
Note that Toolbx makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbx and [Linux distro support](https://containertoolbx.org/distros/).

51
images/fedora/f39/ensure-files
View File

@ -1,51 +0,0 @@
/usr/share/man/man1/bash.1*
/usr/share/man/man1/cd.1*
/usr/share/man/man1/export.1*
/usr/share/man/man1/cat.1*
/usr/share/man/man1/cp.1*
/usr/share/man/man1/ls.1*
/usr/share/cracklib/cracklib-small.pwd*
/usr/share/cracklib/pw_dict.pwd*
/usr/share/man/man8/dnf.8*
/usr/share/man/man5/dnf.conf.5*
/usr/share/locale/de/LC_MESSAGES/elfutils.mo
/usr/share/locale/ja/LC_MESSAGES/elfutils.mo
/usr/share/locale/fr/LC_MESSAGES/gawk.mo
/usr/share/locale/ko/LC_MESSAGES/gawk.mo
/usr/share/man/man1/gpg2.1*
/usr/share/man/man7/gnupg2.7*
/usr/share/info/nettle.info*
/usr/share/locale/fr/LC_MESSAGES/popt.mo
/usr/share/locale/ja/LC_MESSAGES/popt.mo
/usr/share/man/fr/man1/pstree.1*
/usr/share/man/ko/man1/pstree.1*
/usr/share/man/man1/pstree.1*
/usr/share/info/history.info*
/usr/share/man/man8/rpm.8*
/usr/share/man/man8/rpm2cpio.8*
/usr/share/man/fr/man8/useradd.8*
/usr/share/man/ja/man8/useradd.8*
/usr/share/man/man8/useradd.8*
/usr/share/man/man1/cal.1.*
/usr/share/man/man1/getopt.1*
/usr/share/man/man1/hexdump.1*
/usr/share/man/man1/kill.1*
/usr/share/man/man8/mount.8*
/usr/share/man/fr/man1/xz.1*
/usr/share/man/ko/man1/xz.1*
/usr/share/man/man1/xz.1*

52
images/fedora/f39/extra-packages
View File

@ -1,52 +0,0 @@
bash-completion
bc
bzip2
cracklib-dicts
diffutils
dnf-plugins-core
findutils
flatpak-spawn
fpaste
gawk-all-langpacks
git
glibc-gconv-extra
gnupg2
gnupg2-smime
gvfs-client
hostname
iproute
iputils
keyutils
krb5-libs
less
lsof
man-db
man-pages
mesa-dri-drivers
mesa-vulkan-drivers
mtr
nano-default-editor
nss-mdns
openssh-clients
passwd
pigz
procps-ng
psmisc
rsync
shadow-utils
sudo
tcpdump
time
traceroute
tree
unzip
util-linux
vte-profile
vulkan-loader
wget
which
whois
words
xorg-x11-xauth
xz
zip

90
images/fedora/f39/missing-docs
View File

@ -1,90 +0,0 @@
acl
alternatives
audit-libs
authselect
authselect-libs
bash
ca-certificates
coreutils-common
cracklib
crypto-policies
curl
cyrus-sasl-lib
dnf
dnf-data
elfutils-libelf
expat
file-libs
filesystem
findutils
gawk
glib2
gmp
gnupg2
gnutls
grep
gzip
ima-evm-utils
keyutils-libs
krb5-libs
libarchive
libassuan
libblkid
libcap
libcap-ng
libcomps
libdb
libdnf
libeconf
libevent
libffi
libgcrypt
libgomp
libgpg-error
libidn2
libksba
libmodulemd
libpwquality
librepo
libsemanage
libsigsegv
libsolv
libssh
libtasn1
libtirpc
libunistring
libverto
libxcrypt
libxml2
libyaml
lz4-libs
mpfr
ncurses-base
nettle
openldap
openssl
p11-kit
pam
pcre2-syntax
popt
python3
python3-libs
python3-rpm
readline
rpm
rpm-sequoia
sed
setup
shadow-utils
sqlite-libs
sudo
systemd
systemd-libs
tar
tpm2-tss
tzdata
util-linux-core
vim-minimal
yum
zchunk-libs
zlib

28
images/rhel/8.5/Containerfile
View File

@ -1,28 +0,0 @@
FROM registry.access.redhat.com/ubi8:8.5
ENV NAME=toolbox-container VERSION=8.5
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating UBI toolbox containers" \
maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

44
images/rhel/8.5/README.md
View File

@ -1,44 +0,0 @@
[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
Toolbox environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that offers the interactive command line
environment.
Note that Toolbox makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbox and [Linux distro support](https://containertoolbx.org/distros/).

45
images/rhel/8.5/extra-packages
View File

@ -1,45 +0,0 @@
alternatives
avahi-libs
bzip2
coreutils-common
dejavu-sans-fonts
diffutils
dnf-plugins-core
git
glibc-all-langpacks
gnupg2-smime
hostname
iputils
jansson
langpacks-en
less
libevent
libgomp
libICE
libpkgconf
libSM
libX11
libX11-common
libXau
libxcb
libXext
libXmu
libXt
lsof
man-db
openssh-clients
pigz
pkgconf
pkgconf-m4
pkgconf-pkg-config
procps-ng
qrencode-libs
rsync
sudo
systemd-rpm-macros
time
unzip
vte-profile
wget
xz
zip

14
images/rhel/8.5/missing-docs
View File

@ -1,14 +0,0 @@
acl
bash
curl
gawk
grep
gzip
libcap
p11-kit
pam
python3
rpm
sed
systemd
tar

28
images/rhel/8.6/Containerfile
View File

@ -1,28 +0,0 @@
FROM registry.access.redhat.com/ubi8:8.6
ENV NAME=toolbox-container VERSION=8.6
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating UBI toolbox containers" \
maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

44
images/rhel/8.6/README.md
View File

@ -1,44 +0,0 @@
[Toolbox](https://containertoolbx.org/) is a tool for Linux, which allows the
use of interactive command line environments for development and
troubleshooting the host operating system, without having to install software
on the host. It is built on top of [Podman](https://podman.io/) and other
standard container technologies from [OCI](https://opencontainers.org/).
Toolbox environments have seamless access to the user's home directory,
the Wayland and X11 sockets, networking (including Avahi), removable devices
(like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the
udev database, etc..
This is particularly useful on
[OSTree](https://ostree.readthedocs.io/en/latest/) based operating systems like
[Fedora CoreOS](https://coreos.fedoraproject.org/) and
[Silverblue](https://silverblue.fedoraproject.org/). The intention of these
systems is to discourage installation of software on the host, and instead
install software as (or in) containers — they mostly don't even have package
managers like DNF or YUM. This makes it difficult to set up a development
environment or troubleshoot the operating system in the usual way.
Toolbox solves this problem by providing a fully mutable container within
which one can install their favourite development and troubleshooting tools,
editors and SDKs. For example, it's possible to do `yum install ansible`
without affecting the base operating system.
However, this tool doesn't *require* using an OSTree based system. It works
equally well on Fedora Workstation and Server, and that's a useful way to
incrementally adopt containerization.
The toolbox environment is based on an [OCI](https://www.opencontainers.org/)
image. On Fedora this is the `fedora-toolbox` image. This image is used to
create a toolbox container that offers the interactive command line
environment.
Note that Toolbox makes no promise about security beyond what's already
available in the usual command line environment on the host that everybody is
familiar with.
## Installation & Use
See our guides on
[installing & getting started](https://containertoolbx.org/install/) with
Toolbox and [Linux distro support](https://containertoolbx.org/distros/).

50
images/rhel/8.6/extra-packages
View File

@ -1,50 +0,0 @@
alternatives
bzip2
dejavu-sans-fonts
diffutils
dnf-plugins-core
findutils
flatpak-spawn
git
glibc-all-langpacks
gnupg2-smime
hostname
iproute
iputils
jansson
krb5-libs
langpacks-en
less
libevent
libgomp
libICE
libpkgconf
libSM
libX11
libX11-common
libXau
libxcb
libXext
libXmu
libXt
lsof
man-db
openssh-clients
passwd
pigz
pkgconf
pkgconf-m4
pkgconf-pkg-config
procps-ng
qrencode-libs
rsync
shadow-utils
sudo
time
unzip
util-linux
vte-profile
wget
which
xz
zip

14
images/rhel/8.6/missing-docs
View File

@ -1,14 +0,0 @@
acl
bash
curl
gawk
grep
gzip
libcap
p11-kit
pam
python3
rpm
sed
systemd
tar

28
images/rhel/8.7/Containerfile
View File

@ -1,28 +0,0 @@
FROM registry.access.redhat.com/ubi8:8.7
ENV NAME=toolbox-container VERSION=8.7
LABEL com.github.containers.toolbox="true" \
com.redhat.component="$NAME" \
com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
name="$NAME" \
version="$VERSION" \
usage="This image is meant to be used with the toolbox command" \
summary="Base image for creating UBI toolbox containers" \
maintainer="Oliver Gutiérrez <ogutierrez@redhat.com>"
COPY README.md /
RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y swap coreutils-single coreutils-full
COPY missing-docs /
RUN dnf -y reinstall $(<missing-docs)
RUN rm /missing-docs
COPY extra-packages /
RUN dnf -y install $(<extra-packages)
RUN rm /extra-packages
RUN dnf clean all
CMD /bin/sh

Some files were not shown because too many files have changed in this diff Show More