-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathentrypoint.sh
executable file
·139 lines (128 loc) · 4.97 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/sh
set -e
export PATH="$APPDIR/usr/bin:$PATH"
conf_setup() {
configroot="${1:?}"
dataroot="${2:?}"
runtimeroot="${3:?}"
storagepath="$dataroot/containers/storage"
if [ ! -d "$storagepath" ]
then
mkdir -p "$storagepath" >&2
fi
storageconfpath="$configroot/containers/storage.conf"
if [ ! -f "$storageconfpath" ]
then
mkdir -p "$(dirname "$storageconfpath")" >&2
cp "$APPDIR/etc/containers/storage.conf" "$storageconfpath" >&2
sed -i 's|^\s*#\?\s*\(runroot\s*=\s*\).*$|\1"'"$runtimeroot/containers/storage"'"|' "$storageconfpath" >&2
sed -i 's|^\s*#\?\s*\(graphroot\s*=\s*\).*$|\1"'"$storagepath"'"|' "$storageconfpath" >&2
if [ "$(stat -f -c '%T' "$storagepath")" = 'btrfs' ]
then
sed -i 's/^\s*#\?\s*\(driver\s*=\s*\).*$/\1"btrfs"/' "$storageconfpath" >&2
fi
fi
sed -i 's|^\s*#\?\s*\(mount_program\s*=\s*\).*$|\1"'"$APPDIR/usr/bin/fuse-overlayfs"'"|' "$storageconfpath" >&2
containersconfpath="$configroot/containers/containers.conf"
if [ ! -f "$containersconfpath" ]
then
mkdir -p "$(dirname "$containersconfpath")" >&2
cp "$APPDIR/etc/containers/containers.conf" "$containersconfpath" >&2
sed -i 's|^\s*#\?\s*\(volume_path\s*=\s*\).*$|\1"'"$storagepath/volumes"'"|' "$containersconfpath" >&2
seccompconfpath="$configroot/containers/seccomp.json"
sed -i 's|^\s*#\?\s*\(seccomp_profile\s*=\s*\).*$|\1"'"$seccompconfpath"'"|' "$containersconfpath" >&2
fi
sed -i 's|^\s*#\?\s*\(init_path\s*=\s*\).*$|\1"'"$APPDIR/usr/libexec/podman/catatonit"'"|' "$containersconfpath" >&2
sed -i '/^\s*#\?\s*conmon_path\s*=/,/\]/{s|"/tmp/\.mount_[^"]*",\?||;Tx;s|^\s*#\?\s*$||;Tx;d;:x;s|^\s*#||;s|\[|[\n "'"$APPDIR/usr/bin/conmon"'",|}' "$containersconfpath" >&2
sed -i '/^\s*#\?\s*helper_binaries_dir\s*=/,/\]/{s|"/tmp/\.mount_[^"]*",\?||;Tx;s|^\s*#\?\s*$||;Tx;d;:x;s|^\s*#||;s|\[|[\n "'"$APPDIR/usr/libexec/podman"'",|}' "$containersconfpath" >&2
sed -i '/^\s*#\?\s*crun\s*=/,/\]/{s|"/tmp/\.mount_[^"]*",\?||;Tx;s|^\s*#\?\s*$||;Tx;d;:x;s|^\s*#||;s|\[|[\n "'"$APPDIR/usr/bin/crun.static"'",|}' "$containersconfpath" >&2
registriesconfpath="$configroot/containers/registries.conf"
if [ ! -f "$registriesconfpath" ]
then
mkdir -p "$(dirname "$registriesconfpath")" >&2
cp "$APPDIR/etc/containers/registries.conf" "$registriesconfpath" >&2
sed -i 's/^\s*#\?\s*\(unqualified-search-registries\s*=\s*\).*$/\1["docker.io"]/' "$registriesconfpath" >&2
fi
tar -cf - -C "$APPDIR/etc/containers" . | tar -xf - --skip-old-files -C "$configroot/containers"
}
root_setup() {
conf_setup '/etc' '/var/lib' '/run'
}
rootless_setup() {
asroot=''
if [ "$(sysctl -e -n kernel.unprivileged_userns_clone)" = "0" ]
then
echo "WARNING: kernel.unprivileged_userns_clone not set to 1." >&2
asroot="${asroot}sysctl kernel.unprivileged_userns_clone=1\n"
fi
for f in /etc/subuid /etc/subgid
do
if [ ! -f "$f" ]
then
echo "WARNING: '$f' missing for rootless mode." >&2
asroot="${asroot}touch '$f'\n"
asroot="${asroot}chmod 644 '$f'\n"
asroot="${asroot}echo '$(id -u -n):100000:65536' >> '$f'\n"
elif ! grep -q "^$(id -u -n):" "$f"
then
echo "WARNING: '$f' not set up for '$(id -u -n)'." >&2
maxid=0
while read -r line
do
s="${line#*:}"
s="${s%%:*}"
e="${line##*:}"
cmaxid=$((s+e))
if [ "$cmaxid" -gt "$maxid" ]
then
maxid="$cmaxid"
fi
done <"$f"
l="$(printf '%s:%s%0*d:65536' "$(id -u -n)" "$(($(printf '%.1s' "$maxid")+1))" "$((${#maxid}-1))" 0)"
asroot="${asroot}echo '$l' >> '$f'\n"
fi
done
if [ "${#asroot}" -gt 0 ]
then
printf 'Do you want to fix these issues as root ? (Y/n): ' >&2
read -r resp
if [ -z "$resp" ] || [ "$resp" = 'Y' ] || [ "$resp" = 'y' ] || [ "$resp" = '1' ]
then
# shellcheck disable=SC2059
printf "$asroot" | while read -r line
do
printf "echo '=> %s' >&2\n" "$line"
printf '%s\n' "$line"
done | { sudo sh || exit "$?"; }
fi
fi
conf_setup \
"${XDG_CONFIG_HOME:-${HOME:?}/.config}" \
"${XDG_DATA_HOME:-${HOME:?}/.local/share}" \
"${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"
}
if [ "$(id -u)" -ne 0 ]
then
lockfile="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/podman-appimage.lock"
else
lockfile='/run/podman-appimage.lock'
fi
exec 4<>"$lockfile"
if flock -n 4
then
echo "$APPDIR" > "$lockfile"
if [ "$(id -u)" -ne 0 ]
then
rootless_setup
else
root_setup
fi
fi
exe="$(basename "$ARGV0")"
if PATH="$APPDIR/usr/bin" command -v "$exe" >/dev/null >&2
then
"$exe" "$@"
else
podman-shell "$@"
fi
exit "$?"