feature: non-root user support

feature: GitHub actions test integration

Author: bkahlert

.dockerignore

@@ -2,6 +2,10 @@
 /.git
 /.github
 /.gitignore
+/data
+/disk.img
+/test
 /CHANGELOG.md
 /LICENSE
 /README.md
+.DS_Store

.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: test
+
+on:
+  push:
+    branches: ['master']
+    paths-ignore: ['**.md']
+  pull_request:
+    branches: ['master']
+    paths-ignore: ['**.md']
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Run tests
+        run: |
+          chmod +x test/test-container
+          ./test/test-container

.gitignore

@@ -1 +1,12 @@
 /.idea
+/*.iml
+
+/.git
+/.github
+/.gitignore
+/CHANGELOG.md
+/LICENSE
+/README.md
+
+/data
+/disk.img

CHANGELOG.md

@@ -1,4 +1,8 @@
 # Changelog
 
+## 1.1.0 (2021-09-21)
+* Support for working with non-root user
+* Automated testing of container using GitHub actions
+
 ## 1.0.0 (2021-09-06)
 * Initial version using semver

Dockerfile

@@ -1,15 +1,41 @@
 FROM ubuntu:20.04
 
+ENV TZ=UTC \
+    PUID=1000 \
+    PGID=1000 \
+    LIBGUESTFS_DEBUG=0 \
+    LIBGUESTFS_TRACE=0
+
 RUN apt-get update \
- && DEBIAN_FRONTEND=noninteractive apt-get install -qq --no-install-recommends \
-            libguestfs-tools \
-            qemu-utils \
-            linux-image-generic
+ && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
+    ca-certificates \
+    dumb-init \
+    curl \
+    libguestfs-tools \
+    linux-image-generic \
+    qemu-utils \
+    tzdata \
+ && groupadd \
+    --gid ${PGID} \
+    libguestfs \
+ && useradd \
+    --uid ${PUID} \
+    --gid libguestfs \
+    --shell /bin/bash \
+    libguestfs \
+ && rm -rf /tmp/* /var/lib/apt/list/*
 
-ENV LIBGUESTFS_DEBUG=0 \
-    LIBGUESTFS_TRACE=0 \
-    LIBGUESTFS_BACKEND=direct
+COPY --from=crazymax/yasu:latest / /
+COPY rootfs /
+RUN chmod +x \
+    /usr/local/bin/entrypoint.sh \
+    /usr/local/bin/entrypoint-user.sh
 
 WORKDIR /
+VOLUME ["/data"]
+
+ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/entrypoint.sh"]
+CMD ["echo", "Usage: COMMAND [ARG...]\nExample: guestfish --version"]
 
-CMD ["/usr/bin/guestfish", "-h"]
+HEALTHCHECK --interval=5s --timeout=5s --start-period=20s \
+  CMD pgrep qemu &>1 || exit 1

README.md

@@ -1,7 +1,9 @@
 # bkahlert/libguestfs [![Build Status](https://img.shields.io/github/workflow/status/bkahlert/libguestfs/build?label=Build&logo=github&logoColor=fff)](https://github.com/bkahlert/libguestfs/actions/workflows/build-and-publish.yml) [![Repository Size](https://img.shields.io/github/repo-size/bkahlert/libguestfs?color=01818F&label=Repo%20Size&logo=Git&logoColor=fff)](https://github.com/bkahlert/libguestfs) [![Repository Size](https://img.shields.io/github/license/bkahlert/libguestfs?color=29ABE2&label=License&logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA1OTAgNTkwIiAgeG1sbnM6dj0iaHR0cHM6Ly92ZWN0YS5pby9uYW5vIj48cGF0aCBkPSJNMzI4LjcgMzk1LjhjNDAuMy0xNSA2MS40LTQzLjggNjEuNC05My40UzM0OC4zIDIwOSAyOTYgMjA4LjljLTU1LjEtLjEtOTYuOCA0My42LTk2LjEgOTMuNXMyNC40IDgzIDYyLjQgOTQuOUwxOTUgNTYzQzEwNC44IDUzOS43IDEzLjIgNDMzLjMgMTMuMiAzMDIuNCAxMy4yIDE0Ny4zIDEzNy44IDIxLjUgMjk0IDIxLjVzMjgyLjggMTI1LjcgMjgyLjggMjgwLjhjMCAxMzMtOTAuOCAyMzcuOS0xODIuOSAyNjEuMWwtNjUuMi0xNjcuNnoiIGZpbGw9IiNmZmYiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIxOS4yMTIiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz48L3N2Zz4%3D)](https://github.com/bkahlert/libguestfs/blob/master/LICENSE)
 
 * Containerized libguestfs including virt-customize, guestfish, etc.
-* Scripts
+* Runs as non-root user
+* Multi-platform image
+* Helper scripts
   * `guestfish` — Opens the raw image disk file using guestfish.
   * `virt-customize` — Opens the raw image disk using libguestfs' virt-customize.
   * `pi` — Opens the raw image disk using a dockerized ARM emulator that emulates a Raspberry Pi.
@@ -30,23 +32,52 @@ Following platforms for this image are available:
 * linux/amd64
 * linux/arm/v7
 * linux/arm64/v8
-* linux/riscv64
 * linux/ppc64le
+* linux/riscv64
 * linux/s390x
 
+## Environment variables
+
+* `TZ`: The timezone assigned to the container (default `UTC`)
+* `PUID`: The user id to use (default `1000`)
+* `PGID`: The group id to use (default `1000`)
+* `LIBGUESTFS_DEBUG`: Set this to 1 in order to enable massive amounts of debug messages. If you think there is some problem inside the libguestfs appliance, then you should use this option. (default: `0`)
+* `LIBGUESTFS_TRACE`: Set this to 1 and libguestfs will print out each command / API call in a format which is similar to guestfish commands. (default: `0`)
 
 ## Usage
 
+### Interactively
+
+```shell
+docker run -it --rm \
+  -v "$(pwd)/data:/data" \
+  -v "$(pwd)/disk.img:/disk.img" \
+  bkahlert/libguestfs:edge \
+  guestfish
+
+><fs> add /disk.img
+><fs> launch
+><fs> mount /dev/sda /
+><fs> ls /
+><fs> copy-out /boot data
+><fs> umount-all
+><fs> exit
+```
+
+### Automatically
+
 ```shell
-docker run --rm -i \
-  -v "$(pwd)/data:/data" -v "$(pwd)/disk.img:/disk.img" \
-  bkahlert/libguestfs guestfish \
+docker run --rm \
+  -v "$(pwd)/data:/data" \
+  -v "$(pwd)/disk.img:/disk.img" \
+  bkahlert/libguestfs:edge \
+  guestfish \
   --ro \
   --add /disk.img \
-  --mount /dev/sda2:/ \
-  --mount /dev/sda1:/boot \
+  --mount /dev/sda:/ \
 <<COMMANDS
--copy-out "/boot" "data"
+ls /
+-copy-out /boot data
 umount-all
 exit
 COMMANDS
@@ -57,6 +88,26 @@ the `guestfish` tool and executes all guestfish commands enclosed by `COMMANDS`
 
 In this case the directory `/boot` and its contents is copied to data.
 
+> :bulb: Did you notice the leading dash in front of the `copy-out` command? Running guestfish non-interactively the first command that gives an error causes the whole shell to exit. By prefixing a command with `-` guestfish will not exit if an error is encountered.
+
+> :bulb: If you prefix a command with `!` (e.g. `!id`) the command will run on the host instead of the mounted guest. Since the libguestfs tools are containerized themselves, "host" signifies the containerized libguestfs hosting Ubuntu installation — and not you actual OS.
+
+
+## Troubleshooting
+
+If you run into problems, try running your intended  steps
+interactively with verbose logging turned on:
+
+```shell
+docker run -it --rm \
+  -e "LIBGUESTFS_DEBUG=1" \
+  -e "LIBGUESTFS_TRACE=1" \
+  -v "$(pwd)/data:/data" \
+  -v "$(pwd)/disk.img:/disk.img" \
+  bkahlert/libguestfs:edge \
+  guestfish
+```
+
 
 ## Contributing
 

docker-bake.hcl

@@ -29,10 +29,8 @@ target "image-all" {
     "linux/arm/v7",
 //    "linux/arm64",
     "linux/arm64/v8",
-    "linux/riscv64",
     "linux/ppc64le",
+    "linux/riscv64",
     "linux/s390x"
-//    "linux/mips64le",
-//    "linux/mips64",
   ]
 }

rootfs/usr/local/bin/entrypoint-user.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# see https://libguestfs.org/guestfs-faq.1.html
+if [ "$(id -u)" -eq 0 ]; then
+  export LIBGUESTFS_BACKEND=direct
+fi
+
+exec "$@"

rootfs/usr/local/bin/entrypoint.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Fix access rights to stdout and stderr
+chown "${PUID}:${PGID}" /proc/self/fd/1 /proc/self/fd/2 || true
+
+# Update UID and GID
+if [ -n "${PGID}" ] && [ "${PGID}" != "$(id -g libguestfs)" ]; then
+#  echo "Switching to PGID ${PGID}..."
+  sed -i -e "s/^libguestfs:\([^:]*\):[0-9]*/libguestfs:\1:${PGID}/" /etc/group
+  sed -i -e "s/^libguestfs:\([^:]*\):\([0-9]*\):[0-9]*/libguestfs:\1:\2:${PGID}/" /etc/passwd
+fi
+if [ -n "${PUID}" ] && [ "${PUID}" != "$(id -u libguestfs)" ]; then
+#  echo "Switching to PUID ${PUID}..."
+  sed -i -e "s/^libguestfs:\([^:]*\):[0-9]*:\([0-9]*\)/libguestfs:\1:${PUID}:\2/" /etc/passwd
+fi
+
+# Get ownership of home
+mkdir -p /home/libguestfs
+chown -R libguestfs /home/libguestfs
+chmod -R u+rw /home/libguestfs
+
+# Get ownership of data
+mkdir -p /data
+chown -R libguestfs /data
+chmod -R u+rw /data
+
+# Get ownershop of disk.img
+[ -e /disk.img ] || touch /disk.img
+chown -R libguestfs /disk.img
+chmod -R u+rw /disk.img
+
+# Timezone
+TZ=${TZ:-UTC}
+ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime
+echo "${TZ}" > /etc/timezone
+
+# see https://libguestfs.org/guestfs-faq.1.html#where-can-i-get-the-latest-binaries-for
+chmod 0644 /boot/vmlinuz*
+usermod -a -G kvm libguestfs
+
+# From here, step down to libguestfs user
+yasu libguestfs:libguestfs entrypoint-user.sh "$@"