project-lakitu/app-admin/toolbox/files/0001-Added-containerd-support.patch - cos/overlays/board-overlays - Git at Google

 From 1e3d36e86b30ed217172a47c55c64e1d76e5b99d Mon Sep 17 00:00:00 2001
 From: Rayan Dasoriya <dasoriya@google.com>
 Date: Tue, 20 Jul 2021 02:32:45 +0000
 Subject: [PATCH] Added containerd support

 ---
  toolbox | 32 ++++++++++++++++++++++++++++----
  1 file changed, 28 insertions(+), 4 deletions(-)

 diff --git a/toolbox b/toolbox
 index f101cf1..ede3b31 100755
 --- a/toolbox
 +++ b/toolbox
 @@ -10,6 +10,8 @@ TOOLBOX_DIRECTORY="/var/lib/toolbox"
  TOOLBOX_BIND="--bind=/:/media/root --bind=/usr:/media/root/usr --bind=/run:/media/root/run"
  # Ex: "--setenv=KEY=VALUE"
  TOOLBOX_ENV=""
 +TOOLBOX_DOCKER_IMAGE_TARBALL=""
 +TOOLBOX_TEMP_DIR=$(mktemp -d)

  toolboxrc="${HOME}"/.toolboxrc

 @@ -28,18 +30,40 @@ machinepath="${TOOLBOX_DIRECTORY}/${machinename}"
  osrelease="${machinepath}/etc/os-release"
  if [ ! -f ${osrelease} ] || systemctl is-failed -q ${machinename} ; then
  	sudo mkdir -p "${machinepath}"
 +	sudo mkdir -p "${TOOLBOX_TEMP_DIR}"
  	sudo chown ${USER}: "${machinepath}"

 -	docker pull "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}"
 -	docker create --name=${machinename} "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" /bin/true
 -	docker export ${machinename} | sudo tar -x -C "${machinepath}" -f -
 -	docker rm ${machinename}
 +	if [ ! -z "${TOOLBOX_DOCKER_IMAGE_TARBALL}" ] ; then
 +		sudo ctr image import "${TOOLBOX_DOCKER_IMAGE_TARBALL}"
 +	else
 +		if [[ "${TOOLBOX_DOCKER_IMAGE}" =~ ^[a-z.]*gcr.io/ ]]; then
 +			# Get a host part of the container name
 +			registry_host="${TOOLBOX_DOCKER_IMAGE/gcr.io*/gcr.io}"
 +			# docker-credential-gcr can fail if it runs in a
 +			# non-GCP env, so let it fail and proceed without
 +			# --user flag in this case
 +			credentials=$(echo "${registry_host}" | \
 +				(/usr/bin/docker-credential-gcr get || true) 2>/dev/null | \
 +				jq -r '.Username + ":" + .Secret')
 +			if [[ -n "${credentials}" ]]; then
 +				user_flags=('--user' "${credentials}")
 +			fi
 +		fi
 +		sudo ctr image pull "${user_flags[@]}" "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}"
 +	fi
 +	sudo ctr containers create "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" ${machinename} /bin/true
 +	sudo ctr snapshot mounts "${TOOLBOX_TEMP_DIR}" ${machinename} | xargs sudo
 +	sudo rsync -a "${TOOLBOX_TEMP_DIR}/" "${machinepath}"
 +	sudo umount "${TOOLBOX_TEMP_DIR}"
 +	sudo ctr container rm ${machinename}
 +	sudo rm -rf "${TOOLBOX_TEMP_DIR}"
  	sudo touch ${osrelease}
  fi

  sudo systemd-nspawn \
  	--directory="${machinepath}" \
  	--capability=all \
 +	--resolv-conf="replace-host" \
  	--share-system \
          ${TOOLBOX_BIND} \
          ${TOOLBOX_ENV} \
 --
 2.34.1.448.ga2b2bfdf31-goog
	From 1e3d36e86b30ed217172a47c55c64e1d76e5b99d Mon Sep 17 00:00:00 2001
	From: Rayan Dasoriya <dasoriya@google.com>
	Date: Tue, 20 Jul 2021 02:32:45 +0000
	Subject: [PATCH] Added containerd support

	---
	toolbox \| 32 ++++++++++++++++++++++++++++----
	1 file changed, 28 insertions(+), 4 deletions(-)

	diff --git a/toolbox b/toolbox
	index f101cf1..ede3b31 100755
	--- a/toolbox
	+++ b/toolbox
	@@ -10,6 +10,8 @@ TOOLBOX_DIRECTORY="/var/lib/toolbox"
	TOOLBOX_BIND="--bind=/:/media/root --bind=/usr:/media/root/usr --bind=/run:/media/root/run"
	# Ex: "--setenv=KEY=VALUE"
	TOOLBOX_ENV=""
	+TOOLBOX_DOCKER_IMAGE_TARBALL=""
	+TOOLBOX_TEMP_DIR=$(mktemp -d)

	toolboxrc="${HOME}"/.toolboxrc

	@@ -28,18 +30,40 @@ machinepath="${TOOLBOX_DIRECTORY}/${machinename}"
	osrelease="${machinepath}/etc/os-release"
	if [ ! -f ${osrelease} ] \|\| systemctl is-failed -q ${machinename} ; then
	sudo mkdir -p "${machinepath}"
	+ sudo mkdir -p "${TOOLBOX_TEMP_DIR}"
	sudo chown ${USER}: "${machinepath}"

	- docker pull "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}"
	- docker create --name=${machinename} "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" /bin/true
	- docker export ${machinename} \| sudo tar -x -C "${machinepath}" -f -
	- docker rm ${machinename}
	+ if [ ! -z "${TOOLBOX_DOCKER_IMAGE_TARBALL}" ] ; then
	+ sudo ctr image import "${TOOLBOX_DOCKER_IMAGE_TARBALL}"
	+ else
	+ if [[ "${TOOLBOX_DOCKER_IMAGE}" =~ ^[a-z.]*gcr.io/ ]]; then
	+ # Get a host part of the container name
	+ registry_host="${TOOLBOX_DOCKER_IMAGE/gcr.io*/gcr.io}"
	+ # docker-credential-gcr can fail if it runs in a
	+ # non-GCP env, so let it fail and proceed without
	+ # --user flag in this case
	+ credentials=$(echo "${registry_host}" \| \
	+ (/usr/bin/docker-credential-gcr get \|\| true) 2>/dev/null \| \
	+ jq -r '.Username + ":" + .Secret')
	+ if [[ -n "${credentials}" ]]; then
	+ user_flags=('--user' "${credentials}")
	+ fi
	+ fi
	+ sudo ctr image pull "${user_flags[@]}" "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}"
	+ fi
	+ sudo ctr containers create "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" ${machinename} /bin/true
	+ sudo ctr snapshot mounts "${TOOLBOX_TEMP_DIR}" ${machinename} \| xargs sudo
	+ sudo rsync -a "${TOOLBOX_TEMP_DIR}/" "${machinepath}"
	+ sudo umount "${TOOLBOX_TEMP_DIR}"
	+ sudo ctr container rm ${machinename}
	+ sudo rm -rf "${TOOLBOX_TEMP_DIR}"
	sudo touch ${osrelease}
	fi

	sudo systemd-nspawn \
	--directory="${machinepath}" \
	--capability=all \
	+ --resolv-conf="replace-host" \
	--share-system \
	${TOOLBOX_BIND} \
	${TOOLBOX_ENV} \
	--
	2.34.1.448.ga2b2bfdf31-goog