| #!/bin/bash |
| |
| set -e |
| set -o pipefail |
| |
| TOOLBOX_DOCKER_IMAGE=fedora |
| TOOLBOX_DOCKER_TAG=latest |
| TOOLBOX_USER=root |
| TOOLBOX_DIRECTORY="/var/lib/toolbox" |
| TOOLBOX_BIND="--bind=/:/media/root --bind=/usr:/media/root/usr --bind=/run:/media/root/run" |
| # Ex: "--setenv=KEY=VALUE" |
| TOOLBOX_ENV="" |
| TOOLBOX_DOCKER_IMAGE_TARBALL="" |
| TOOLBOX_TEMP_DIR=$(mktemp -d) |
| |
| toolboxrc="${HOME}"/.toolboxrc |
| |
| # System defaults |
| if [ -f "/etc/default/toolbox" ]; then |
| source "/etc/default/toolbox" |
| fi |
| |
| # User overrides |
| if [ -f "${toolboxrc}" ]; then |
| source "${toolboxrc}" |
| fi |
| |
| machinename=$(echo "${USER}-${TOOLBOX_DOCKER_IMAGE}-${TOOLBOX_DOCKER_TAG}" | sed -r 's/[^a-zA-Z0-9_.-]/_/g') |
| machinepath="${TOOLBOX_DIRECTORY}/${machinename}" |
| osrelease="${machinepath}/etc/os-release" |
| if [ ! -f ${osrelease} ] ; then |
| sudo mkdir -p "${machinepath}" |
| sudo mkdir -p "${TOOLBOX_TEMP_DIR}" |
| sudo chown ${USER}: "${machinepath}" |
| |
| if [ ! -z "${TOOLBOX_DOCKER_IMAGE_TARBALL}" ] ; then |
| sudo ctr image import "${TOOLBOX_DOCKER_IMAGE_TARBALL}" |
| else |
| if [[ "${TOOLBOX_DOCKER_IMAGE}" =~ ^[a-z.]*gcr.io/ ]]; then |
| # Get a host part of the container name |
| registry_host="${TOOLBOX_DOCKER_IMAGE/gcr.io*/gcr.io}" |
| # docker-credential-gcr can fail if it runs in a |
| # non-GCP env, so let it fail and proceed without |
| # --user flag in this case |
| credentials=$(echo "${registry_host}" | \ |
| (/usr/bin/docker-credential-gcr get || true) 2>/dev/null | \ |
| jq -r '.Username + ":" + .Secret') |
| if [[ -n "${credentials}" ]]; then |
| user_flags=('--user' "${credentials}") |
| fi |
| fi |
| sudo ctr image pull "${user_flags[@]}" "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" |
| fi |
| # The below command is finding the short SHA256 prefix of the container |
| # image. |
| container256hash=$(sudo ctr image ls | grep "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" | awk '{ print $3 }' | cut -d':' -f2 | cut -c-12) |
| containername=$(echo "${USER}-${container256hash}" | sed -r 's/[^a-zA-Z0-9_.-]/_/g') |
| sudo ctr containers create "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" ${containername} /bin/true |
| sudo ctr snapshot mounts "${TOOLBOX_TEMP_DIR}" ${containername} | xargs sudo |
| sudo rsync -a "${TOOLBOX_TEMP_DIR}/" "${machinepath}" |
| sudo umount "${TOOLBOX_TEMP_DIR}" |
| sudo ctr container rm ${containername} |
| sudo rm -rf "${TOOLBOX_TEMP_DIR}" |
| sudo touch ${osrelease} |
| fi |
| |
| sudo SYSTEMD_NSPAWN_SHARE_SYSTEM=1 systemd-nspawn \ |
| --directory="${machinepath}" \ |
| --capability=all \ |
| --resolv-conf="replace-host" \ |
| ${TOOLBOX_BIND} \ |
| ${TOOLBOX_ENV} \ |
| --user="${TOOLBOX_USER}" "$@" |