summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIvan Alejandro <ivanalejandro0@gmail.com>2015-08-31 17:48:53 -0300
committerKali Kaneko <kali@leap.se>2015-09-08 16:34:39 -0400
commit44fdb81e6e70a5db7989856562e4ff2429027016 (patch)
tree09d823def0f6612a654e5c2f28d79671a3994edb
parentf55ad5698d989bc8185cb7b5eb552e1adebb0b39 (diff)
[feat] run bitmask inside a docker container
-rw-r--r--docker/Dockerfile31
-rwxr-xr-xdocker/bitmask-docker.sh116
-rw-r--r--docker/bitmask-nightly.json11
-rwxr-xr-xdocker/leap_bootstrap.sh320
4 files changed, 478 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 00000000..857c3cd0
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,31 @@
+FROM ubuntu:trusty
+
+MAINTAINER Ivan Alejandro <ivanalejandro0@gmail.com>
+
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ g++ \
+ git \
+ libffi-dev \
+ libsqlite3-dev \
+ libssl-dev \
+ openvpn \
+ pyside-tools \
+ python-dev \
+ python-openssl \
+ python-pip \
+ python-pyside \
+ python-setuptools \
+ python-virtualenv \
+ make realpath lxpolkit policykit-1 iptables && \
+ apt-get clean && rm -rf /var/lib/apt/lists/*
+
+
+RUN mkdir -p /bitmask
+WORKDIR /bitmask
+
+COPY leap_bootstrap.sh /bitmask/
+
+VOLUME ["/data/"]
+
+EXPOSE 1984 2013
+ENTRYPOINT ["/bitmask/leap_bootstrap.sh"]
diff --git a/docker/bitmask-docker.sh b/docker/bitmask-docker.sh
new file mode 100755
index 00000000..af91145b
--- /dev/null
+++ b/docker/bitmask-docker.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+run(){
+ # NOTE: you may need this line if you get an error using ip6tables
+ # (host needs ip6 kernel modules to use it in the container)
+ # sudo modprobe ip6_tables
+
+ # NOTE: to get X11 socket forwarding to work we need this
+ xhost local:root
+
+ CREDS_OPTS=''
+ if [[ -n $BITMASK_CREDENTIALS ]]; then
+ BITMASK_CREDENTIALS=`realpath $BITMASK_CREDENTIALS`
+ CREDS_OPTS="-e BITMASK_CREDENTIALS=/data/credentials.ini -v $BITMASK_CREDENTIALS:/data/credentials.ini"
+ fi
+
+ docker run --rm -it \
+ --net host \
+ --privileged \
+ -v /tmp/.X11-unix:/tmp/.X11-unix \
+ -e DISPLAY=unix$DISPLAY \
+ $CREDS_OPTS \
+ -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \
+ -v `pwd`/data/config:/root/.config/leap \
+ -p 1984:1984 -p 2013:2013 \
+ --name bitmask \
+ test/bitmask run $@
+
+ # Services' related ports
+ # eip: ["80", "53", "443", "1194"]
+ # mail: ["1984", "2013"]
+
+ # logs when no ip6_tables module is not loaded on host:
+ # root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask
+ # modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/4.1.6-040106-generic/modules.dep.bin'
+ # ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
+ # Perhaps ip6tables or your kernel needs to be upgraded.
+
+ # logs when ip6_tables module is loaded on host:
+ # root@bitmask-container:/bitmask# sudo ip6tables --new-chain bitmask
+ # root@bitmask-container:/bitmask# # success!
+}
+
+shell(){
+ xhost local:root
+
+ docker run --rm -it \
+ --net host \
+ --privileged \
+ -v /tmp/.X11-unix:/tmp/.X11-unix \
+ -e DISPLAY=unix$DISPLAY \
+ -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \
+ -v `pwd`/data/config:/root/.config/leap \
+ -p 1984:1984 -p 2013:2013 \
+ --name bitmask \
+ --entrypoint=bash \
+ test/bitmask
+}
+
+init(){
+ JSON=`realpath $1`
+ docker run --rm -it \
+ -v `pwd`/data:/data \
+ -v $JSON:/shared/bitmask.json \
+ test/bitmask init ro /shared/bitmask.json
+}
+
+update(){
+ JSON=`realpath $1`
+ docker run --rm -it \
+ -v `pwd`/data:/data \
+ -v $JSON:/shared/bitmask.json \
+ test/bitmask update /shared/bitmask.json
+}
+
+build(){
+ docker build -t test/bitmask .
+}
+
+help() {
+ echo ">> Bitmask on docker"
+ echo "Run the bitmask app in a docker container."
+ echo
+ echo "Usage: $0 {init bitmask.json | update | run | help }"
+ echo
+ echo " init : Clone repositories, install dependencies, and get bitmask ready to be used."
+ echo " The bitmask.json file contains the version that will be used for each repo."
+ echo " build : Build the docker image for bitmask."
+ echo " shell : Run a shell inside a bitmask docker container (useful to debug)."
+ echo " update : Update the repositories and install new deps (if needed)."
+ echo " run : Run the client (any extra parameters will be sent to the app)."
+ echo " help : Show this help"
+ echo
+}
+
+
+case "$1" in
+ run)
+ run "$@"
+ ;;
+ init)
+ init $2
+ ;;
+ update)
+ update $2
+ ;;
+ build)
+ build
+ ;;
+ shell)
+ shell
+ ;;
+ *)
+ help
+ ;;
+esac
diff --git a/docker/bitmask-nightly.json b/docker/bitmask-nightly.json
new file mode 100644
index 00000000..5b1c3cf0
--- /dev/null
+++ b/docker/bitmask-nightly.json
@@ -0,0 +1,11 @@
+{
+ "version": "nightly",
+ "tuf_repo": "",
+ "bitmask_client": "develop",
+ "soledad": "develop",
+ "keymanager": "develop",
+ "leap_mail": "develop",
+ "leap_pycommon": "develop",
+ "bitmask_launcher": "develop",
+ "leap_assets": "master"
+}
diff --git a/docker/leap_bootstrap.sh b/docker/leap_bootstrap.sh
new file mode 100755
index 00000000..efff859d
--- /dev/null
+++ b/docker/leap_bootstrap.sh
@@ -0,0 +1,320 @@
+#!/bin/bash
+######################################################################
+# repo-versions.sh
+# Copyright (C) 2014, 2015 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+######################################################################
+set -e # Exit immediately if a command exits with a non-zero status.
+REPOSITORIES="bitmask_client leap_pycommon soledad keymanager leap_mail bitmask_launcher leap_assets"
+PACKAGES="leap_pycommon keymanager soledad/common soledad/client leap_mail bitmask_client"
+
+_is_docker() {
+ grep -q docker /proc/1/cgroup
+}
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+_is_docker && BASE_PATH="/data/" || BASE_PATH=$SCRIPT_DIR
+REPOS_ROOT="$BASE_PATH/repositories" # Root path for all the needed repositories
+VENV_DIR="$BASE_PATH/bitmask.venv" # Root path for all the needed repositories
+
+mkdir -p $REPOS_ROOT
+
+PS4=">> " # for debugging
+
+# Escape code
+esc=`echo -en "\033"`
+
+# Set colors
+cc_green="${esc}[0;32m"
+cc_yellow="${esc}[0;33m"
+cc_blue="${esc}[0;34m"
+cc_red="${esc}[0;31m"
+cc_normal=`echo -en "${esc}[m\017"`
+
+apt_install_dependencies() {
+ status="installing system dependencies"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x
+ sudo apt-get install -y git python-dev python-setuptools python-virtualenv python-pip libssl-dev python-openssl libsqlite3-dev g++ openvpn pyside-tools python-pyside libffi-dev
+ set +x
+}
+
+helpers() {
+ if [[ "$1" == "cleanup" ]]; then
+ status="removing helper files"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x
+ sudo rm -f /usr/sbin/bitmask-root
+ sudo rm -f /usr/share/polkit-1/actions/se.leap.bitmask.policy
+ set +x
+ else
+ status="installing helper files"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x
+ BASE=$REPOS_ROOT/bitmask_client/pkg/linux
+ sudo mkdir -p /usr/share/polkit-1/actions/
+ sudo cp $BASE/bitmask-root /usr/sbin/
+ sudo cp $BASE/polkit/se.leap.bitmask.policy /usr/share/polkit-1/actions/
+ set +x
+ fi
+}
+
+clone_repos() {
+ local status="clone repositories"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+
+ if [[ "$1" == "rw" ]]; then
+ # read-write remotes:
+ src="ssh://gitolite@leap.se"
+ else
+ # read-only remotes:
+ src="https://leap.se/git"
+ fi
+ cd $REPOS_ROOT
+
+ for repo in $REPOSITORIES; do
+ [ ! -d $repo ] && git clone $src/$repo
+ done
+
+ cd -
+
+ set +x
+ echo "${cc_green}Status: $status done!${cc_normal}"
+}
+
+checkout_repos(){
+ local status="checkout repositories"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+
+ for repo in $REPOSITORIES; do
+ version=$(cat $1 | python -c "import json,sys;obj=json.load(sys.stdin);print obj['$repo'];")
+ cd $REPOS_ROOT/$repo
+ git fetch origin && git fetch --tags origin
+
+ if [[ -n `git tag -l | grep $version` ]]; then
+ # if is a tag
+ git checkout -f $version
+ else
+ # if is a branch
+ git reset --hard origin/$version
+ fi
+ done
+
+ set +x
+ echo "${cc_green}Status: $status done!${cc_normal}"
+}
+
+create_venv() {
+ local status="creating virtualenv"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+
+ virtualenv $VENV_DIR && source $VENV_DIR/bin/activate
+ pip install --upgrade pip # get the latest pip
+
+ set +x
+ echo "${cc_green}Status: $status done.${cc_normal}"
+}
+
+setup_develop() {
+ local status="installing packages"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+ cd $REPOS_ROOT
+ source $VENV_DIR/bin/activate
+
+ # do a setup develop in every package
+ for package in $PACKAGES; do
+ cd $REPOS_ROOT/$package
+ python setup.py develop --always-unzip
+ done
+
+ set +x
+ echo "${cc_green}Status: $status done.${cc_normal}"
+}
+
+install_dependencies() {
+ local status="installing dependencies"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+ cd $REPOS_ROOT
+ source $VENV_DIR/bin/activate
+
+ # install defined 3rd party dependencies for every package
+ for package in $PACKAGES; do
+ cd $REPOS_ROOT/$package
+ pkg/pip_install_requirements.sh
+ done
+
+ # symlink system's PySide inside the venv
+ $REPOS_ROOT/bitmask_client/pkg/postmkvenv.sh
+
+ # hack to solve gnupg version problem
+ pip uninstall -y gnupg && pip install gnupg
+
+ set +x
+ echo "${cc_green}Status: $status done.${cc_normal}"
+}
+
+docker_stuff() {
+ local status="doing stuff needed to run bitmask on a docker container"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+
+ helpers
+ lxpolkit &
+ sleep 0.5
+
+ # this is needed for pkexec
+ mkdir -p /var/run/dbus
+ dbus-daemon --system | true
+
+ set +x
+ echo "${cc_green}Status: $status done.${cc_normal}"
+}
+
+run() {
+ echo "${cc_green}Status: running client...${cc_normal}"
+ set -x
+
+ shift # remove 'run' from arg list
+ passthrough_args=$@
+
+ _is_docker && docker_stuff
+
+ source $VENV_DIR/bin/activate
+ python $REPOS_ROOT/bitmask_client/src/leap/bitmask/app.py -d $passthrough_args
+
+ set +x
+}
+
+initialize() {
+ shift # remove 'init'
+ echo $@
+ if [[ "$1" == "ro" ]]; then
+ # echo "RO"
+ shift # remove 'ro'
+ clone_repos "ro"
+ else
+ # echo "RW"
+ clone_repos
+ fi
+
+ if [[ -z $1 ]]; then
+ echo "You need to specify a bitmask.json parameter."
+ echo "for example:"
+ cat << EOF
+{
+ "bitmask_client": "0.7.0",
+ "soledad": "0.6.3",
+ "leap_pycommon": "0.3.9",
+ "keymanager": "0.3.8",
+ "leap_mail": "0.3.10",
+ "bitmask_launcher": "0.3.3",
+ "leap_assets": "master"
+}
+EOF
+ exit 1
+ fi
+
+ JSON=`realpath $1`
+
+ checkout_repos $JSON
+ create_venv
+ install_dependencies
+ setup_develop
+
+ cd $REPOS_ROOT/bitmask_client/
+ make
+ cd -
+}
+update() {
+ local status="updating repositories"
+ echo "${cc_green}Status: $status...${cc_normal}"
+ set -x # show commands
+
+ if [[ -z $1 ]]; then
+ echo "You need to specify a bitmask.json parameter."
+ echo "for example:"
+ cat << EOF
+{
+ "bitmask_client": "0.7.0",
+ "soledad": "0.6.3",
+ "leap_pycommon": "0.3.9",
+ "keymanager": "0.3.8",
+ "leap_mail": "0.3.10",
+ "bitmask_launcher": "0.3.3",
+ "leap_assets": "master"
+}
+EOF
+ exit 1
+ fi
+
+ JSON=`realpath $1`
+
+ checkout_repos $JSON
+ install_dependencies
+ setup_develop
+
+ set +x
+ echo "${cc_green}Status: $status done!${cc_normal}"
+}
+
+
+help() {
+ echo ">> LEAP bootstrap - help"
+ echo "Bootstraps the environment to start developing the bitmask client"
+ echo "with all the needed repositories and dependencies."
+ echo
+ echo "Usage: $0 {init [ro] bitmask.json | update bitmask.json | run | help | deps | helpers}"
+ echo
+ echo " init : Initialize repositories, create virtualenv and \`python setup.py develop\` all."
+ echo " You can use \`init ro\` in order to use the https remotes if you don't have rw access."
+ echo " The bitmask.json file contains the version that will be used for each repo."
+ echo " update : Update the repositories and install new deps (if needed)."
+ echo " The bitmask.json file contains the version that will be used for each repo."
+ echo " run : Runs the client (any extra parameters will be sent to the app)."
+ echo " help : Show this help"
+ echo " -- system helpers --"
+ echo " deps : Install the system dependencies needed for bitmask dev (Debian based Linux ONLY)."
+ echo " helpers : Install the helper files needed to use bitmask (Linux only)."
+ echo " You can use \`helpers cleanup\` to remove those files."
+ echo
+}
+
+
+case "$1" in
+ init)
+ initialize "$@"
+ ;;
+ update)
+ update $2
+ ;;
+ helpers)
+ helpers $2
+ ;;
+ deps)
+ apt_install_dependencies
+ ;;
+ run)
+ run "$@"
+ ;;
+ *)
+ help
+ ;;
+esac