| #!/bin/bash |
| # |
| # Copyright 2017 Bloomberg Finance LP |
| # |
| # This program is free software; you can redistribute it and/or |
| # modify it under the terms of the GNU Lesser General Public |
| # License as published by the Free Software Foundation; either |
| # version 2 of the License, or (at your option) any later version. |
| # |
| # This library is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| # Lesser General Public License for more details. |
| # |
| # You should have received a copy of the GNU Lesser General Public |
| # License along with this library. If not, see <http://www.gnu.org/licenses/>. |
| # |
| # Authors: |
| # Charles Bailey <cbailey32@bloomberg.net> |
| # Sam Thursfield <sam.thursfield@codethink.co.uk> |
| |
| # This is a helper script for using BuildStream via Docker. See |
| # docs/source/install.rst for documentation. |
| |
| usage() { |
| cat <<EOF |
| |
| USAGE: $(basename "$0") [-i BST_HERE_IMAGE] [-p] [-t] [-T] [-v VOLUME ...] [-h] [COMMAND [ARG..]] |
| |
| Run a bst command in a new BuildStream container. |
| |
| If no command is specified, an interactive shell is launched |
| using "/bin/bash -i". |
| |
| OPTIONS: |
| -i IMAGE Specify Docker image to use; can also be specified by setting |
| BST_HERE_IMAGE environment variable. |
| -p Pull the latest buildstream image before running. |
| -t Force pseudo-terminal allocation. |
| -T Disable pseudo-terminal allocation. |
| -v VOLUME Specify additional volumes to mount; should be in format |
| 'host-src:container-dest' same as 'docker run -v'. |
| -h Print this help text and exit. |
| |
| EOF |
| exit "$1" |
| } |
| |
| bst_here_image="${BST_HERE_IMAGE:-buildstream/buildstream-fedora:latest}" |
| |
| is_tty= |
| update=false |
| extra_volumes_opt= |
| |
| if test -t 0 |
| then |
| is_tty=y |
| fi |
| |
| while getopts i:ptTv:h arg |
| do |
| case $arg in |
| i) |
| bst_here_image="$OPTARG" |
| ;; |
| p) |
| update=true |
| ;; |
| T) |
| is_tty= |
| ;; |
| t) |
| is_tty=y |
| ;; |
| v) |
| extra_volumes_opt="$extra_volumes_opt --volume $OPTARG" |
| ;; |
| h) |
| usage 0 |
| ;; |
| \?) |
| usage 1 |
| esac |
| done |
| |
| test "$OPTIND" -gt 1 && |
| shift $(( OPTIND - 1 )) |
| |
| for vol in buildstream-cache buildstream-config |
| do |
| docker volume create "$vol" >/dev/null |
| done |
| |
| BST_HERE_PS1="\[\033[01;34m\]\w\[\033[00m\]> " |
| |
| if [ "$#" -eq 0 ]; then |
| command="/bin/bash -i" |
| else |
| command="/usr/local/bin/bst $@" |
| fi |
| |
| if "$update" == true |
| then |
| docker pull "$bst_here_image" |
| fi |
| |
| # FIXME: We run with --privileged to allow bwrap to mount system |
| # directories, but this is overkill. We should add the correct |
| # --cap-add calls, or seccomp settings, but we are not sure |
| # what those are yet. |
| # |
| # Old settings: |
| # --cap-add SYS_ADMIN |
| # --security-opt seccomp=unconfined |
| # |
| exec docker run --rm -i${is_tty:+ -t} \ |
| --privileged \ |
| --env PS1="$BST_HERE_PS1" \ |
| --device /dev/fuse \ |
| --volume buildstream-cache:/root/.cache/buildstream \ |
| --volume buildstream-config:/root/.config \ |
| --volume "$PWD":/src \ |
| $extra_volumes_opt \ |
| --workdir /src \ |
| "$bst_here_image" \ |
| $command |