blob: c451beeb3511849bb6d8104298a0f5adc3e39117 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#!/bin/bash
#
# Copyright 2017 Bloomberg Finance LP
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <http://www.gnu.org/licenses/>.
#
# Authors:
# Charles Bailey <cbailey32@bloomberg.net>
# Sam Thursfield <sam.thursfield@codethink.co.uk>
# This is a helper script for using BuildStream via Docker. See
# docs/source/install.rst for documentation.
usage() {
cat <<EOF
USAGE: $(basename "$0") [-i BST_HERE_IMAGE] [-p] [-t] [-T] [-h] [COMMAND] [ARG..]
Run a bst command in a new BuildStream container.
If no command is specified, an interactive shell is launched
using "/bin/bash -i".
OPTIONS:
-i IMAGE Specify Docker image to use; can also be specified by setting
BST_HERE_IMAGE environment variable.
-p Pull the latest buildstream image before running.
-t Force pseudo-terminal allocation.
-T Disable pseudo-terminal allocation.
-h Print this help text and exit.
EOF
exit "$1"
}
bst_here_image="${BST_HERE_IMAGE:-buildstream/buildstream-fedora:latest}"
is_tty=
update=false
if test -t 0
then
is_tty=y
fi
while getopts i:ptTh arg
do
case $arg in
i)
bst_here_image="$OPTARG"
;;
p)
update=true
;;
T)
is_tty=
;;
t)
is_tty=y
;;
h)
usage 0
;;
\?)
usage 1
esac
done
test "$OPTIND" -gt 1 &&
shift $(( OPTIND - 1 ))
create_volume_if_not_exists () {
if ! docker volume inspect "$1" >/dev/null 2>&1
then
docker volume create --name "$1"
fi
}
for vol in buildstream-cache buildstream-config
do
create_volume_if_not_exists "$vol"
done
BST_HERE_PS1="\[\033[01;34m\]\w\[\033[00m\]> "
if [ "$#" -eq 0 ]; then
command="/bin/bash -i"
else
command="/usr/local/bin/bst $@"
fi
if "$update" == true
then
docker pull "$bst_here_image"
fi
# FIXME: We run with --privileged to allow bwrap to mount system
# directories, but this is overkill. We should add the correct
# --cap-add calls, or seccomp settings, but we are not sure
# what those are yet.
#
# Old settings:
# --cap-add SYS_ADMIN
# --security-opt seccomp=unconfined
#
exec docker run --rm -i${is_tty:+ -t} \
--privileged \
--env PS1="$BST_HERE_PS1" \
--device /dev/fuse \
--volume buildstream-cache:/root/.cache/buildstream \
--volume buildstream-config:/root/.config \
--volume "$PWD":/src \
--workdir /src \
"$bst_here_image" \
$command
|