From 2e125a337ef013a7ec24a69c501dec89849c87f5 Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Fri, 26 May 2023 07:13:39 -0400 Subject: [PATCH 1/8] making it possible to have the tech files outside of your home directory --- Dockerfile | 2 +- bcli-develop.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 16b7a0e..2e9cfa9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -170,7 +170,7 @@ RUN cp -r pr/* /opt/cad/bin RUN mkdir "/host" WORKDIR "/host" RUN rm -rf /opt/cad/conf -RUN ln -s "/host/tech" "/opt/cad/conf" +RUN mkdir /opt/cad/conf ENV USER "bcli" ENV USER_ID "1000" diff --git a/bcli-develop.sh b/bcli-develop.sh index 67f42ac..aee35c9 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -1,7 +1,7 @@ bcli() { if [ "$1" = "up" ]; then - docker run --rm -d -v $HOME:/host --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null - #docker run --rm -d -v $HOME:/host --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null + docker run --rm -d -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null + #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null echo "bcli-develop started" elif [ "$1" = "down" ]; then docker stop bcli-develop > /dev/null From d91bdad62bde9dc71aac00f56e6d544f875bd658 Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Fri, 2 Jun 2023 04:15:49 +0000 Subject: [PATCH 2/8] setting up per-user bcli containers --- bcli-develop.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bcli-develop.sh b/bcli-develop.sh index aee35c9..9199a03 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -1,11 +1,11 @@ bcli() { if [ "$1" = "up" ]; then - docker run --rm -d -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null - #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null - echo "bcli-develop started" + docker run --rm -d -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null + #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null + echo "bcli-$USER started" elif [ "$1" = "down" ]; then - docker stop bcli-develop > /dev/null - echo "bcli-develop stopped" + docker stop "bcli-$USER" > /dev/null + echo "bcli-$USER stopped" #legacy, or if server files change faster than a new download elif [ "$1" = "mount" ]; then if [ -z "$BROCCOLI_USER" ]; then @@ -24,7 +24,7 @@ bcli() { fi rmdir $HOME/tech elif [ "$#" -eq 0 ]; then - docker exec -u $(id -u):$(id -g) -it bcli-develop /bin/bash + docker exec -u $(id -u):$(id -g) -it "bcli-$USER" /bin/bash else if [ "$1" != "--help" ]; then echo "error: unrecognized command '$1'" From bf90a7cfb8329655c7de01415ed3d684b31d7d6b Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Fri, 2 Jun 2023 20:45:18 +0000 Subject: [PATCH 3/8] fixing groups? --- Dockerfile | 7 +++++-- bcli-develop.sh | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2e9cfa9..3a5d2c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,7 @@ RUN cmake \ -D MPI_BASE_DIR="/usr" \ -C /toolsrc/Xyce/cmake/trilinos/trilinos-config-MPI.cmake \ /toolsrc/Trilinos -RUN cmake --build . -j 8 -t install +RUN cmake --build . -j 40 -t install # install Xyce WORKDIR /toolsrc @@ -175,9 +175,12 @@ RUN mkdir /opt/cad/conf ENV USER "bcli" ENV USER_ID "1000" ENV GROUP_ID "1000" +ENV MEMBERS "" -CMD exec /bin/bash -c "/usr/sbin/groupadd -g $GROUP_ID $USER; \ +RUN echo "HELLO!?!?" +CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ /usr/sbin/useradd -u $USER_ID -g $USER $USER; \ + echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ cp -r /template /home/$USER; \ chown -R $USER:$USER /home/$USER; \ trap : TERM INT; sleep infinity & wait" diff --git a/bcli-develop.sh b/bcli-develop.sh index 9199a03..594d646 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -1,6 +1,7 @@ bcli() { if [ "$1" = "up" ]; then - docker run --rm -d -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null + export MEMBERS="$(groups | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" + docker run --rm -d -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null echo "bcli-$USER started" elif [ "$1" = "down" ]; then From 6ccb1f0d0e30e8cc0ec0b7b384de20d55c7933be Mon Sep 17 00:00:00 2001 From: James Torre Date: Sat, 3 Jun 2023 00:36:20 +0000 Subject: [PATCH 4/8] Removed user string option in bcli that forced user's primary group to be their only group. --- Dockerfile | 2 +- bcli-develop.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3a5d2c6..cca4160 100644 --- a/Dockerfile +++ b/Dockerfile @@ -177,7 +177,7 @@ ENV USER_ID "1000" ENV GROUP_ID "1000" ENV MEMBERS "" -RUN echo "HELLO!?!?" +RUN echo "HELLO!?!?1" CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ /usr/sbin/useradd -u $USER_ID -g $USER $USER; \ echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ diff --git a/bcli-develop.sh b/bcli-develop.sh index 594d646..7bb9d5c 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -25,7 +25,7 @@ bcli() { fi rmdir $HOME/tech elif [ "$#" -eq 0 ]; then - docker exec -u $(id -u):$(id -g) -it "bcli-$USER" /bin/bash + docker exec -u $(id -u) -it "bcli-$USER" /bin/bash else if [ "$1" != "--help" ]; then echo "error: unrecognized command '$1'" From 19f92c51021b964ed5b6676825293686d5a57423 Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Sat, 3 Jun 2023 12:26:51 +0000 Subject: [PATCH 5/8] detecting current directory and passing it through --- bcli-develop.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bcli-develop.sh b/bcli-develop.sh index 7bb9d5c..d13eca3 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -24,8 +24,12 @@ bcli() { umount $HOME/tech fi rmdir $HOME/tech - elif [ "$#" -eq 0 ]; then - docker exec -u $(id -u) -it "bcli-$USER" /bin/bash + elif [ "$#" -eq 0 ]; then + WD="/host" + if [[ "$PWD" = "$HOME/"* ]]; then + WD="/host${PWD#$HOME}" + fi + docker exec -u $(id -u) -w $WD -it "bcli-$USER" /bin/bash else if [ "$1" != "--help" ]; then echo "error: unrecognized command '$1'" From 12d081b9fceb42c3c74a5551ae0633b837b2d47a Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Sat, 3 Jun 2023 15:44:43 +0000 Subject: [PATCH 6/8] x11 forwarding now works --- Dockerfile | 26 +++++++++++++++----------- bcli-develop.sh | 4 ++-- home/.Xauthority | 0 3 files changed, 17 insertions(+), 13 deletions(-) create mode 100644 home/.Xauthority diff --git a/Dockerfile b/Dockerfile index cca4160..1916376 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,16 +68,6 @@ RUN apt-get -y install wget RUN /usr/bin/wget https://go.dev/dl/go1.19.1.linux-amd64.tar.gz RUN tar -C /opt -xzf go1.19.1.linux-amd64.tar.gz -# install editors -WORKDIR "/" -ADD home template -RUN apt-get install -y vim -RUN mkdir -p /template/.vim/pack/plugins/start -RUN git clone https://www.github.com/fatih/vim-go.git /template/.vim/pack/plugins/start/vim-go -RUN git clone https://github.com/tpope/vim-fugitive /template/.vim/pack/plugins/start/fugitive -RUN git clone https://www.github.com/preservim/nerdtree.git /template/.vim/pack/plugins/start/nerdtree -RUN vim +GoInstallBinaries +qall - # install gaw RUN apt-get update --fix-missing; DEBIAN_FRONTEND=noninteractive apt-get install -y libgtk-3-dev libcanberra-gtk3-module WORKDIR /toolsrc @@ -163,6 +153,18 @@ WORKDIR /toolsrc RUN --mount=type=secret,id=user --mount=type=secret,id=token git clone https://$(cat /run/secrets/user):$(cat /run/secrets/token)@git.broccolimicro.io/Broccoli/pr.git RUN cp -r pr/* /opt/cad/bin +RUN apt-get -y install sudo + +# install editors +WORKDIR "/" +ADD home template +RUN apt-get install -y vim +RUN mkdir -p /template/.vim/pack/plugins/start +RUN git clone https://www.github.com/fatih/vim-go.git /template/.vim/pack/plugins/start/vim-go +RUN git clone https://github.com/tpope/vim-fugitive /template/.vim/pack/plugins/start/fugitive +RUN git clone https://www.github.com/preservim/nerdtree.git /template/.vim/pack/plugins/start/nerdtree +RUN vim +GoInstallBinaries +qall + # Clean up source code folder #RUN rm -rf /toolsrc @@ -176,11 +178,13 @@ ENV USER "bcli" ENV USER_ID "1000" ENV GROUP_ID "1000" ENV MEMBERS "" +ENV XAUTH_TOKEN "" -RUN echo "HELLO!?!?1" CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ /usr/sbin/useradd -u $USER_ID -g $USER $USER; \ echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ cp -r /template /home/$USER; \ + xauth -f /home/$USER/.Xauthority add $XAUTH_TOKEN; \ chown -R $USER:$USER /home/$USER; \ + /usr/sbin/usermod -p \$(openssl passwd -1 'bcli') $USER; \ trap : TERM INT; sleep infinity & wait" diff --git a/bcli-develop.sh b/bcli-develop.sh index d13eca3..c7646ad 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -1,7 +1,7 @@ bcli() { if [ "$1" = "up" ]; then export MEMBERS="$(groups | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" - docker run --rm -d -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null + docker run --rm -d --net=host -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g')" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null echo "bcli-$USER started" elif [ "$1" = "down" ]; then @@ -29,7 +29,7 @@ bcli() { if [[ "$PWD" = "$HOME/"* ]]; then WD="/host${PWD#$HOME}" fi - docker exec -u $(id -u) -w $WD -it "bcli-$USER" /bin/bash + docker exec -u $(id -u) -w $WD -e DISPLAY=$DISPLAY -it "bcli-$USER" /bin/bash else if [ "$1" != "--help" ]; then echo "error: unrecognized command '$1'" diff --git a/home/.Xauthority b/home/.Xauthority new file mode 100644 index 0000000..e69de29 From 245a054f82c10e84cce0b7d7f382e83f4228826b Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Sat, 3 Jun 2023 16:48:57 +0000 Subject: [PATCH 7/8] no need for full sudo access anymore --- Dockerfile | 10 +++++++++- bcli-develop.sh | 2 +- home/.bashrc | 16 ++++++++++++++++ home/.sudo_as_admin_successful | 0 4 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 home/.sudo_as_admin_successful diff --git a/Dockerfile b/Dockerfile index 1916376..bd1a01a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -180,11 +180,19 @@ ENV GROUP_ID "1000" ENV MEMBERS "" ENV XAUTH_TOKEN "" +RUN echo "version: 1" CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ /usr/sbin/useradd -u $USER_ID -g $USER $USER; \ echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ cp -r /template /home/$USER; \ xauth -f /home/$USER/.Xauthority add $XAUTH_TOKEN; \ chown -R $USER:$USER /home/$USER; \ - /usr/sbin/usermod -p \$(openssl passwd -1 'bcli') $USER; \ + echo \"$USER ALL=NOPASSWD: /usr/bin/apt-get install *\" > /etc/sudoers.d/apt-get; \ + echo \"$USER ALL=NOPASSWD: /usr/bin/apt install *\" > /etc/sudoers.d/apt; \ trap : TERM INT; sleep infinity & wait" + +# In case we need to add a password for sudo. +# However, its possible for someone to break out of the docker container and +# have root access on the host if they are given sudo access in the container. +# So, we really shouldn't give them sudo access +# /usr/sbin/usermod -p \$(openssl passwd -1 'bcli') $USER; \ diff --git a/bcli-develop.sh b/bcli-develop.sh index c7646ad..eb5bc37 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -1,6 +1,6 @@ bcli() { if [ "$1" = "up" ]; then - export MEMBERS="$(groups | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" + MEMBERS="$(groups | sed 's/adm \?\|cdrom \?\|sudo \?\|dip \?\|plugdev \?\|lxd \?\|docker \?//g' | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" docker run --rm -d --net=host -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g')" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null echo "bcli-$USER started" diff --git a/home/.bashrc b/home/.bashrc index 9d7f1f8..ef0774b 100644 --- a/home/.bashrc +++ b/home/.bashrc @@ -126,3 +126,19 @@ if ! shopt -oq posix; then fi fi +echo "Welcome to Broccoli's Command Line Interface" +echo "" +echo "The following tools are available:" +echo "go - architectural and behavioral simulation" +echo "haystack - formal synthesis of self-timed circuits" +echo "act - circuit design and digital simulation" +echo "prspice - configure digital/analog circuit co-simulation" +echo "Xyce - analog circuit simulation" +echo "gaw - analog waveform viewer" +echo "magic - circuit layout" +echo "" +echo "Semiconductor PDKs are in /opt/cad/conf" +echo "Packages may be installed with 'sudo apt install '" +echo "Other usages of sudo are disabled" +echo "" +echo "" diff --git a/home/.sudo_as_admin_successful b/home/.sudo_as_admin_successful new file mode 100644 index 0000000..e69de29 From e4a642094deead50c717e5a43b946b5a3e4d4ffd Mon Sep 17 00:00:00 2001 From: Ned Bingham Date: Sat, 3 Jun 2023 14:07:28 -0400 Subject: [PATCH 8/8] making the branch work for a local install --- Dockerfile | 9 +++++---- bcli-develop.sh | 5 +++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index bd1a01a..f785795 100644 --- a/Dockerfile +++ b/Dockerfile @@ -180,17 +180,18 @@ ENV GROUP_ID "1000" ENV MEMBERS "" ENV XAUTH_TOKEN "" -RUN echo "version: 1" -CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ +RUN echo "version: 12" +CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/[0-9]* \\(adm\|cdrom\|sudo\|dip\|plugdev\|lxd\|docker\|dialout\|sambashare\|lpadmin\\) \?//g' | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ /usr/sbin/useradd -u $USER_ID -g $USER $USER; \ - echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ + echo \"$MEMBERS\" | sed 's/[0-9]* \\(adm\|cdrom\|sudo\|dip\|plugdev\|lxd\|docker\|dialout\|sambashare\\) \?//g' | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ cp -r /template /home/$USER; \ - xauth -f /home/$USER/.Xauthority add $XAUTH_TOKEN; \ + echo \"$XAUTH_TOKEN\" | xargs -n 3 xauth -f /home/$USER/.Xauthority add; \ chown -R $USER:$USER /home/$USER; \ echo \"$USER ALL=NOPASSWD: /usr/bin/apt-get install *\" > /etc/sudoers.d/apt-get; \ echo \"$USER ALL=NOPASSWD: /usr/bin/apt install *\" > /etc/sudoers.d/apt; \ trap : TERM INT; sleep infinity & wait" + # In case we need to add a password for sudo. # However, its possible for someone to break out of the docker container and # have root access on the host if they are given sudo access in the container. diff --git a/bcli-develop.sh b/bcli-develop.sh index eb5bc37..32d6dd7 100644 --- a/bcli-develop.sh +++ b/bcli-develop.sh @@ -1,7 +1,8 @@ bcli() { if [ "$1" = "up" ]; then - MEMBERS="$(groups | sed 's/adm \?\|cdrom \?\|sudo \?\|dip \?\|plugdev \?\|lxd \?\|docker \?//g' | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" - docker run --rm -d --net=host -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g')" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null + XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g' | sed 's/localhost: /localhost:0 /g')" + MEMBERS="$(groups | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" + docker run --rm -d --net=host -v $HOME:/host -v "${BCLI_TECH:-/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$XAUTH_TOKEN" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null echo "bcli-$USER started" elif [ "$1" = "down" ]; then