diff options
author | Ivan Alejandro <ivanalejandro0@gmail.com> | 2015-08-31 17:48:53 -0300 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2015-09-08 16:34:39 -0400 |
commit | 44fdb81e6e70a5db7989856562e4ff2429027016 (patch) | |
tree | 09d823def0f6612a654e5c2f28d79671a3994edb | |
parent | f55ad5698d989bc8185cb7b5eb552e1adebb0b39 (diff) |
[feat] run bitmask inside a docker container
-rw-r--r-- | docker/Dockerfile | 31 | ||||
-rwxr-xr-x | docker/bitmask-docker.sh | 116 | ||||
-rw-r--r-- | docker/bitmask-nightly.json | 11 | ||||
-rwxr-xr-x | docker/leap_bootstrap.sh | 320 |
4 files changed, 478 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..857c3cd0 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,31 @@ +FROM ubuntu:trusty + +MAINTAINER Ivan Alejandro <ivanalejandro0@gmail.com> + +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + g++ \ + git \ + libffi-dev \ + libsqlite3-dev \ + libssl-dev \ + openvpn \ + pyside-tools \ + python-dev \ + python-openssl \ + python-pip \ + python-pyside \ + python-setuptools \ + python-virtualenv \ + make realpath lxpolkit policykit-1 iptables && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + + +RUN mkdir -p /bitmask +WORKDIR /bitmask + +COPY leap_bootstrap.sh /bitmask/ + +VOLUME ["/data/"] + +EXPOSE 1984 2013 +ENTRYPOINT ["/bitmask/leap_bootstrap.sh"] diff --git a/docker/bitmask-docker.sh b/docker/bitmask-docker.sh new file mode 100755 index 00000000..af91145b --- /dev/null +++ b/docker/bitmask-docker.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +run(){ + # NOTE: you may need this line if you get an error using ip6tables + # (host needs ip6 kernel modules to use it in the container) + # sudo modprobe ip6_tables + + # NOTE: to get X11 socket forwarding to work we need this + xhost local:root + + CREDS_OPTS='' + if [[ -n $BITMASK_CREDENTIALS ]]; then + BITMASK_CREDENTIALS=`realpath $BITMASK_CREDENTIALS` + CREDS_OPTS="-e BITMASK_CREDENTIALS=/data/credentials.ini -v $BITMASK_CREDENTIALS:/data/credentials.ini" + fi + + docker run --rm -it \ + --net host \ + --privileged \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e DISPLAY=unix$DISPLAY \ + $CREDS_OPTS \ + -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \ + -v `pwd`/data/config:/root/.config/leap \ + -p 1984:1984 -p 2013:2013 \ + --name bitmask \ + test/bitmask run $@ + + # Services' related ports + # eip: ["80", "53", "443", "1194"] + # mail: ["1984", "2013"] + + # logs when no ip6_tables module is not loaded on host: + # root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask + # modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.1.6-040106-generic/modules.dep.bin' + # ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) + # Perhaps ip6tables or your kernel needs to be upgraded. + + # logs when ip6_tables module is loaded on host: + # root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask + # root@bitmask-container:/bitmask# # success! +} + +shell(){ + xhost local:root + + docker run --rm -it \ + --net host \ + --privileged \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e DISPLAY=unix$DISPLAY \ + -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \ + -v `pwd`/data/config:/root/.config/leap \ + -p 1984:1984 -p 2013:2013 \ + --name bitmask \ + --entrypoint=bash \ + test/bitmask +} + +init(){ + JSON=`realpath $1` + docker run --rm -it \ + -v `pwd`/data:/data \ + -v $JSON:/shared/bitmask.json \ + test/bitmask init ro /shared/bitmask.json +} + +update(){ + JSON=`realpath $1` + docker run --rm -it \ + -v `pwd`/data:/data \ + -v $JSON:/shared/bitmask.json \ + test/bitmask update /shared/bitmask.json +} + +build(){ + docker build -t test/bitmask . +} + +help() { + echo ">> Bitmask on docker" + echo "Run the bitmask app in a docker container." + echo + echo "Usage: $0 {init bitmask.json | update | run | help }" + echo + echo " init : Clone repositories, install dependencies, and get bitmask ready to be used." + echo " The bitmask.json file contains the version that will be used for each repo." + echo " build : Build the docker image for bitmask." + echo " shell : Run a shell inside a bitmask docker container (useful to debug)." + echo " update : Update the repositories and install new deps (if needed)." + echo " run : Run the client (any extra parameters will be sent to the app)." + echo " help : Show this help" + echo +} + + +case "$1" in + run) + run "$@" + ;; + init) + init $2 + ;; + update) + update $2 + ;; + build) + build + ;; + shell) + shell + ;; + *) + help + ;; +esac diff --git a/docker/bitmask-nightly.json b/docker/bitmask-nightly.json new file mode 100644 index 00000000..5b1c3cf0 --- /dev/null +++ b/docker/bitmask-nightly.json @@ -0,0 +1,11 @@ +{ + "version": "nightly", + "tuf_repo": "", + "bitmask_client": "develop", + "soledad": "develop", + "keymanager": "develop", + "leap_mail": "develop", + "leap_pycommon": "develop", + "bitmask_launcher": "develop", + "leap_assets": "master" +} diff --git a/docker/leap_bootstrap.sh b/docker/leap_bootstrap.sh new file mode 100755 index 00000000..efff859d --- /dev/null +++ b/docker/leap_bootstrap.sh @@ -0,0 +1,320 @@ +#!/bin/bash +###################################################################### +# repo-versions.sh +# Copyright (C) 2014, 2015 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +###################################################################### +set -e # Exit immediately if a command exits with a non-zero status. +REPOSITORIES="bitmask_client leap_pycommon soledad keymanager leap_mail bitmask_launcher leap_assets" +PACKAGES="leap_pycommon keymanager soledad/common soledad/client leap_mail bitmask_client" + +_is_docker() { + grep -q docker /proc/1/cgroup +} + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +_is_docker && BASE_PATH="/data/" || BASE_PATH=$SCRIPT_DIR +REPOS_ROOT="$BASE_PATH/repositories" # Root path for all the needed repositories +VENV_DIR="$BASE_PATH/bitmask.venv" # Root path for all the needed repositories + +mkdir -p $REPOS_ROOT + +PS4=">> " # for debugging + +# Escape code +esc=`echo -en "\033"` + +# Set colors +cc_green="${esc}[0;32m" +cc_yellow="${esc}[0;33m" +cc_blue="${esc}[0;34m" +cc_red="${esc}[0;31m" +cc_normal=`echo -en "${esc}[m\017"` + +apt_install_dependencies() { + status="installing system dependencies" + echo "${cc_green}Status: $status...${cc_normal}" + set -x + sudo apt-get install -y git python-dev python-setuptools python-virtualenv python-pip libssl-dev python-openssl libsqlite3-dev g++ openvpn pyside-tools python-pyside libffi-dev + set +x +} + +helpers() { + if [[ "$1" == "cleanup" ]]; then + status="removing helper files" + echo "${cc_green}Status: $status...${cc_normal}" + set -x + sudo rm -f /usr/sbin/bitmask-root + sudo rm -f /usr/share/polkit-1/actions/se.leap.bitmask.policy + set +x + else + status="installing helper files" + echo "${cc_green}Status: $status...${cc_normal}" + set -x + BASE=$REPOS_ROOT/bitmask_client/pkg/linux + sudo mkdir -p /usr/share/polkit-1/actions/ + sudo cp $BASE/bitmask-root /usr/sbin/ + sudo cp $BASE/polkit/se.leap.bitmask.policy /usr/share/polkit-1/actions/ + set +x + fi +} + +clone_repos() { + local status="clone repositories" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + if [[ "$1" == "rw" ]]; then + # read-write remotes: + src="ssh://gitolite@leap.se" + else + # read-only remotes: + src="https://leap.se/git" + fi + cd $REPOS_ROOT + + for repo in $REPOSITORIES; do + [ ! -d $repo ] && git clone $src/$repo + done + + cd - + + set +x + echo "${cc_green}Status: $status done!${cc_normal}" +} + +checkout_repos(){ + local status="checkout repositories" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + for repo in $REPOSITORIES; do + version=$(cat $1 | python -c "import json,sys;obj=json.load(sys.stdin);print obj['$repo'];") + cd $REPOS_ROOT/$repo + git fetch origin && git fetch --tags origin + + if [[ -n `git tag -l | grep $version` ]]; then + # if is a tag + git checkout -f $version + else + # if is a branch + git reset --hard origin/$version + fi + done + + set +x + echo "${cc_green}Status: $status done!${cc_normal}" +} + +create_venv() { + local status="creating virtualenv" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + virtualenv $VENV_DIR && source $VENV_DIR/bin/activate + pip install --upgrade pip # get the latest pip + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +setup_develop() { + local status="installing packages" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + cd $REPOS_ROOT + source $VENV_DIR/bin/activate + + # do a setup develop in every package + for package in $PACKAGES; do + cd $REPOS_ROOT/$package + python setup.py develop --always-unzip + done + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +install_dependencies() { + local status="installing dependencies" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + cd $REPOS_ROOT + source $VENV_DIR/bin/activate + + # install defined 3rd party dependencies for every package + for package in $PACKAGES; do + cd $REPOS_ROOT/$package + pkg/pip_install_requirements.sh + done + + # symlink system's PySide inside the venv + $REPOS_ROOT/bitmask_client/pkg/postmkvenv.sh + + # hack to solve gnupg version problem + pip uninstall -y gnupg && pip install gnupg + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +docker_stuff() { + local status="doing stuff needed to run bitmask on a docker container" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + helpers + lxpolkit & + sleep 0.5 + + # this is needed for pkexec + mkdir -p /var/run/dbus + dbus-daemon --system | true + + set +x + echo "${cc_green}Status: $status done.${cc_normal}" +} + +run() { + echo "${cc_green}Status: running client...${cc_normal}" + set -x + + shift # remove 'run' from arg list + passthrough_args=$@ + + _is_docker && docker_stuff + + source $VENV_DIR/bin/activate + python $REPOS_ROOT/bitmask_client/src/leap/bitmask/app.py -d $passthrough_args + + set +x +} + +initialize() { + shift # remove 'init' + echo $@ + if [[ "$1" == "ro" ]]; then + # echo "RO" + shift # remove 'ro' + clone_repos "ro" + else + # echo "RW" + clone_repos + fi + + if [[ -z $1 ]]; then + echo "You need to specify a bitmask.json parameter." + echo "for example:" + cat << EOF +{ + "bitmask_client": "0.7.0", + "soledad": "0.6.3", + "leap_pycommon": "0.3.9", + "keymanager": "0.3.8", + "leap_mail": "0.3.10", + "bitmask_launcher": "0.3.3", + "leap_assets": "master" +} +EOF + exit 1 + fi + + JSON=`realpath $1` + + checkout_repos $JSON + create_venv + install_dependencies + setup_develop + + cd $REPOS_ROOT/bitmask_client/ + make + cd - +} +update() { + local status="updating repositories" + echo "${cc_green}Status: $status...${cc_normal}" + set -x # show commands + + if [[ -z $1 ]]; then + echo "You need to specify a bitmask.json parameter." + echo "for example:" + cat << EOF +{ + "bitmask_client": "0.7.0", + "soledad": "0.6.3", + "leap_pycommon": "0.3.9", + "keymanager": "0.3.8", + "leap_mail": "0.3.10", + "bitmask_launcher": "0.3.3", + "leap_assets": "master" +} +EOF + exit 1 + fi + + JSON=`realpath $1` + + checkout_repos $JSON + install_dependencies + setup_develop + + set +x + echo "${cc_green}Status: $status done!${cc_normal}" +} + + +help() { + echo ">> LEAP bootstrap - help" + echo "Bootstraps the environment to start developing the bitmask client" + echo "with all the needed repositories and dependencies." + echo + echo "Usage: $0 {init [ro] bitmask.json | update bitmask.json | run | help | deps | helpers}" + echo + echo " init : Initialize repositories, create virtualenv and \`python setup.py develop\` all." + echo " You can use \`init ro\` in order to use the https remotes if you don't have rw access." + echo " The bitmask.json file contains the version that will be used for each repo." + echo " update : Update the repositories and install new deps (if needed)." + echo " The bitmask.json file contains the version that will be used for each repo." + echo " run : Runs the client (any extra parameters will be sent to the app)." + echo " help : Show this help" + echo " -- system helpers --" + echo " deps : Install the system dependencies needed for bitmask dev (Debian based Linux ONLY)." + echo " helpers : Install the helper files needed to use bitmask (Linux only)." + echo " You can use \`helpers cleanup\` to remove those files." + echo +} + + +case "$1" in + init) + initialize "$@" + ;; + update) + update $2 + ;; + helpers) + helpers $2 + ;; + deps) + apt_install_dependencies + ;; + run) + run "$@" + ;; + *) + help + ;; +esac |