Merge pull request #69 from AkihiroSuda/dev-refactor

cidata: more refactor + add shellcheck

Author: AkihiroSuda

Diff for: .github/workflows/test.yml

@@ -21,6 +21,35 @@ jobs:
           version: v1.35
           args: --verbose
 
+  shellcheck:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+      - name: Install shellcheck
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y shellcheck
+      - name: Run shellcheck
+        run: find . -name '*.sh' | xargs shellcheck
+
+  shfmt:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 20
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.16.x
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+      - name: Install shfmt
+        run: GO111MODULE=on go get mvdan.cc/sh/v3/cmd/shfmt
+      - name: Run shfmt
+        run: find . -name '*.sh' | xargs shfmt -s -d
+
   basic:
     name: Basic tests
     runs-on: ${{ matrix.os }}

Diff for: README.md

@@ -25,7 +25,7 @@ It may work on NetBSD and Windows hosts as well.
 
 ✅ Intel on ARM
 
-✅ Various guest Linux distributions: Ubuntu, Debian, Fedora, ...
+✅ Various guest Linux distributions: [Ubuntu](./examples/ubuntu.yaml), [Debian](./examples/debian.yaml), [Fedora](./examples/fedora.yaml), [Alpine](./examples/alpine.yaml), ...
 
 Related project: [sshocker (ssh with file sharing and port forwarding)](https://github.com/AkihiroSuda/sshocker)
 
@@ -209,18 +209,18 @@ Alternatively, you may also directly ssh into the guest: `ssh -p 60022 -o NoHost
 Yes, it should work, but not regularly tested on ARM.
 
 #### "Can I run non-Ubuntu guests?"
-Fedora is also known to work, see [`./examples/fedora.yaml`](./examples/fedora.yaml).
-This file can be loaded with `limactl start ./examples/fedora.yaml`.
+Debian, Fedora, and Alpine are also known to work.
+See [`./examples/`](./examples/).
 
 An image has to satisfy the following requirements:
-- systemd
+- systemd or OpenRC
 - cloud-init
 - The following binaries to be preinstalled:
   - `sudo`
 - The following binaries to be preinstalled, or installable via the package manager:
   - `sshfs`
   - `newuidmap` and `newgidmap`
-- `apt-get` or `dnf` (if you want to contribute support for another package manager, run `git grep apt-get` to find out where to modify)
+- `apt-get`, `dnf`, or `apk` (if you want to contribute support for another package manager, run `git grep apt-get` to find out where to modify)
 
 #### "Can I run other container engines such as Podman?"
 Yes, if you install it.

Diff for: docs/internal.md

@@ -17,7 +17,7 @@ Metadata:
 - `lima.yaml`: the YAML
 
 cloud-init:
-- `cidata.iso`: cloud-init ISO9660 image. See [`cidata.iso`](#cidata-iso).
+- `cidata.iso`: cloud-init ISO9660 image. See [`cidata.iso`](#cidataiso).
 
 disk:
 - `basedisk`: the base image

Diff for: hack/test-example.sh

@@ -13,7 +13,7 @@ function ERROR() {
 	echo >&2 "TEST| [ERROR] $*"
 }
 
-if [[ "${BASH_VERSINFO:-0}" -lt 4 ]]; then
+if [[ ${BASH_VERSINFO:-0} -lt 4 ]]; then
 	ERROR "Bash version is too old: ${BASH_VERSION}"
 	exit 1
 fi
@@ -74,21 +74,21 @@ limactl shell "$NAME" uname -a
 limactl shell "$NAME" cat /etc/os-release
 set +x
 
-if [[ -n "${CHECKS["systemd"]}" ]]; then
+if [[ -n ${CHECKS["systemd"]} ]]; then
 	set -x
 	if ! limactl shell "$NAME" systemctl is-system-running --wait; then
-		ERROR "\"systemctl is-system-running\" failed"
+		ERROR '"systemctl is-system-running" failed'
 		limactl shell "$NAME" systemctl
-		if [[ -z "${CHECKS["systemd-strict"]}" ]]; then
-			INFO "Ignoring \"systemctl is-system-running\" failure"
+		if [[ -z ${CHECKS["systemd-strict"]} ]]; then
+			INFO 'Ignoring "systemctl is-system-running" failure'
 		else
 			exit 1
 		fi
 	fi
 	set +x
 fi
 
-if [[ -n "${CHECKS["mount-home"]}" ]]; then
+if [[ -n ${CHECKS["mount-home"]} ]]; then
 	hometmp="$HOME/lima-test-tmp"
 	INFO "Testing home access (\"$hometmp\")"
 	rm -rf "$hometmp"
@@ -104,7 +104,7 @@ if [[ -n "${CHECKS["mount-home"]}" ]]; then
 	fi
 fi
 
-if [[ -n "${CHECKS["containerd-user"]}" ]]; then
+if [[ -n ${CHECKS["containerd-user"]} ]]; then
 	INFO "Run a nginx container with port forwarding 127.0.0.1:8080"
 	set -x
 	limactl shell "$NAME" nerdctl info
@@ -119,8 +119,9 @@ if [[ -n "${CHECKS["containerd-user"]}" ]]; then
 	set +x
 fi
 
-if [[ -n "${CHECKS["restart"]}" ]]; then
+if [[ -n ${CHECKS["restart"]} ]]; then
 	INFO "Create file in the guest home directory and verify that it still exists after a restart"
+	# shellcheck disable=SC2016
 	limactl shell "$NAME" sh -c 'touch $HOME/sweet-home'
 
 	INFO "Stopping \"$NAME\""
@@ -129,6 +130,7 @@ if [[ -n "${CHECKS["restart"]}" ]]; then
 	INFO "Restarting \"$NAME\""
 	limactl start "$NAME"
 
+	# shellcheck disable=SC2016
 	if ! limactl shell "$NAME" sh -c 'test -f $HOME/sweet-home'; then
 		ERROR "Guest home directory does not persist across restarts"
 		exit 1

Diff for: pkg/cidata/cidata.TEMPLATE.d/boot.sh

@@ -1,12 +1,12 @@
 #!/bin/sh
 set -eu
 
-INFO(){
-  echo "LIMA| $*"
+INFO() {
+	echo "LIMA| $*"
 }
 
-WARNING(){
-  echo "LIMA| WARNING: $*"
+WARNING() {
+	echo "LIMA| WARNING: $*"
 }
 
 # shellcheck disable=SC2163

Diff for: pkg/cidata/cidata.TEMPLATE.d/boot/05-persistent-data-volume.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+# bash is used for enabling `set -o pipefail`.
+# NOTE: On Alpine, /bin/bash is ash with ASH_BASH_COMPAT, not GNU bash
 set -eux -o pipefail
 
 # Restrict the rest of this script to Alpine until it has been tested with other distros
@@ -10,39 +12,40 @@ DATADIRS="/home /usr/local /etc/containerd /var/lib/containerd"
 # When running from RAM try to move persistent data to data-volume
 # FIXME: the test for tmpfs mounts is probably Alpine-specific
 if [ "$(awk '$2 == "/" {print $3}' /proc/mounts)" == "tmpfs" ]; then
-  mkdir -p /mnt/data
-  if [ -e /dev/disk/by-label/data-volume ]; then
-    mount -t ext4 /dev/disk/by-label/data-volume /mnt/data
-  else
-    # Find an unpartitioned disk and create data-volume
-    DISKS=$(lsblk --list --noheadings --output name,type | awk '$2 == "disk" {print $1}')
-    for DISK in ${DISKS}; do
-      IN_USE=false
-      # Looking for a disk that is not mounted or partitioned
-      for PART in $(awk '/^\/dev\// {gsub("/dev/", ""); print $1}' /proc/mounts); do
-        if [ "${DISK}" == "${PART}" -o -e /sys/block/${DISK}/${PART} ]; then
-          IN_USE=true
-          break
-        fi
-      done
-      if [ "${IN_USE}" == "false" ]; then
-        echo 'type=83' | sfdisk --label dos /dev/${DISK}
-        PART=$(lsblk --list /dev/${DISK} --noheadings --output name,type | awk '$2 == "part" {print $1}')
-        mkfs.ext4 -L data-volume /dev/${PART}
-        mount -t ext4 /dev/disk/by-label/data-volume /mnt/data
-        for DIR in ${DATADIRS}; do
-          DEST="/mnt/data$(dirname ${DIR})"
-          mkdir -p ${DIR} ${DEST}
-          mv ${DIR} ${DEST}
-        done
-        break
-      fi
-    done
-  fi
-  for DIR in ${DATADIRS}; do
-    if [ -d /mnt/data${DIR} ]; then
-      [ -e ${DIR} ] && rm -rf ${DIR}
-      ln -s /mnt/data${DIR} ${DIR}
-    fi
-  done
+	mkdir -p /mnt/data
+	if [ -e /dev/disk/by-label/data-volume ]; then
+		mount -t ext4 /dev/disk/by-label/data-volume /mnt/data
+	else
+		# Find an unpartitioned disk and create data-volume
+		DISKS=$(lsblk --list --noheadings --output name,type | awk '$2 == "disk" {print $1}')
+		for DISK in ${DISKS}; do
+			IN_USE=false
+			# Looking for a disk that is not mounted or partitioned
+			# shellcheck disable=SC2013
+			for PART in $(awk '/^\/dev\// {gsub("/dev/", ""); print $1}' /proc/mounts); do
+				if [ "${DISK}" == "${PART}" ] || [ -e /sys/block/"${DISK}"/"${PART}" ]; then
+					IN_USE=true
+					break
+				fi
+			done
+			if [ "${IN_USE}" == "false" ]; then
+				echo 'type=83' | sfdisk --label dos /dev/"${DISK}"
+				PART=$(lsblk --list /dev/"${DISK}" --noheadings --output name,type | awk '$2 == "part" {print $1}')
+				mkfs.ext4 -L data-volume /dev/"${PART}"
+				mount -t ext4 /dev/disk/by-label/data-volume /mnt/data
+				for DIR in ${DATADIRS}; do
+					DEST="/mnt/data$(dirname "${DIR}")"
+					mkdir -p "${DIR}" "${DEST}"
+					mv "${DIR}" "${DEST}"
+				done
+				break
+			fi
+		done
+	fi
+	for DIR in ${DATADIRS}; do
+		if [ -d /mnt/data"${DIR}" ]; then
+			[ -e "${DIR}" ] && rm -rf "${DIR}"
+			ln -s /mnt/data"${DIR}" "${DIR}"
+		fi
+	done
 fi

Diff for: pkg/cidata/cidata.TEMPLATE.d/boot/10-alpine-prep.sh

@@ -1,5 +1,5 @@
-#!/bin/bash
-set -eux -o pipefail
+#!/bin/sh
+set -eux
 
 # This script prepares Alpine for lima; there is nothing in here for other distros
 test -f /etc/alpine-release || exit 0
@@ -8,15 +8,15 @@ test -f /etc/alpine-release || exit 0
 BRANCH=edge
 VERSION_ID=$(awk -F= '$1=="VERSION_ID" {print $2}' /etc/os-release)
 case ${VERSION_ID} in
-*_alpha*|*_beta*) BRANCH=edge;;
-*.*.*) BRANCH=v${VERSION_ID%.*};;
+*_alpha* | *_beta*) BRANCH=edge ;;
+*.*.*) BRANCH=v${VERSION_ID%.*} ;;
 esac
 
 for REPO in main community; do
-  URL="https://dl-cdn.alpinelinux.org/alpine/${BRANCH}/${REPO}"
-  if ! grep -q "^${URL}$" /etc/apk/repositories; then
-    echo "${URL}" >> /etc/apk/repositories
-  fi
+	URL="https://dl-cdn.alpinelinux.org/alpine/${BRANCH}/${REPO}"
+	if ! grep -q "^${URL}$" /etc/apk/repositories; then
+		echo "${URL}" >>/etc/apk/repositories
+	fi
 done
 
 # Alpine doesn't use PAM so we need to explicitly allow public key auth
@@ -26,28 +26,6 @@ usermod -p '*' "${LIMA_CIDATA_USER}"
 sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
 rc-service sshd reload
 
-# Create directory for the lima-guestagent socket (normally done by systemd)
-mkdir -p /run/user/${LIMA_CIDATA_UID}
-chown "${LIMA_CIDATA_USER}" /run/user/${LIMA_CIDATA_UID}
-chmod 700 /run/user/${LIMA_CIDATA_UID}
-
-# Install the openrc lima-guestagent service script
-cat >/etc/init.d/lima-guestagent <<'EOF'
-#!/sbin/openrc-run
-supervisor=supervise-daemon
-
-name="lima-guestagent"
-description="Forward ports to the lima-hostagent"
-
-export XDG_RUNTIME_DIR="/run/user/${LIMA_CIDATA_UID}"
-command=/usr/local/bin/lima-guestagent
-command_args="daemon"
-command_background=true
-command_user="${LIMA_CIDATA_USER}:${LIMA_CIDATA_USER}"
-pidfile="${XDG_RUNTIME_DIR}/lima-guestagent.pid"
-EOF
-chmod 755 /etc/init.d/lima-guestagent
-
 # mount /sys/fs/cgroup
 rc-service cgroups start
 

Diff for: pkg/cidata/cidata.TEMPLATE.d/boot/20-rootless-base.sh

@@ -1,13 +1,13 @@
-#!/bin/bash
-set -eux -o pipefail
+#!/bin/sh
+set -eux
 
 # This script does not work unless systemd is available
-command -v systemctl 2>&1 >/dev/null || exit 0
+command -v systemctl >/dev/null 2>&1 || exit 0
 
 # Set up env
 for f in .profile .bashrc; do
-  if ! grep -q "# Lima BEGIN" "/home/${LIMA_CIDATA_USER}.linux/$f"; then
-    cat >>"/home/${LIMA_CIDATA_USER}.linux/$f" <<EOF
+	if ! grep -q "# Lima BEGIN" "/home/${LIMA_CIDATA_USER}.linux/$f"; then
+		cat >>"/home/${LIMA_CIDATA_USER}.linux/$f" <<EOF
 # Lima BEGIN
 # Make sure iptables and mount.fuse3 are available
 PATH="$PATH:/usr/sbin:/sbin"
@@ -16,13 +16,13 @@ CONTAINERD_SNAPSHOTTER="fuse-overlayfs"
 export PATH CONTAINERD_SNAPSHOTTER
 # Lima END
 EOF
-    chown "${LIMA_CIDATA_USER}" "/home/${LIMA_CIDATA_USER}.linux/$f"
-  fi
+		chown "${LIMA_CIDATA_USER}" "/home/${LIMA_CIDATA_USER}.linux/$f"
+	fi
 done
 # Enable cgroup delegation (only meaningful on cgroup v2)
 if [ ! -e "/etc/systemd/system/[email protected]/lima.conf" ]; then
-  mkdir -p "/etc/systemd/system/[email protected]"
-  cat >"/etc/systemd/system/[email protected]/lima.conf"  <<EOF
+	mkdir -p "/etc/systemd/system/[email protected]"
+	cat >"/etc/systemd/system/[email protected]/lima.conf" <<EOF
 [Service]
 Delegate=yes
 EOF
@@ -32,17 +32,17 @@ systemctl daemon-reload
 # Set up sysctl
 sysctl_conf="/etc/sysctl.d/99-lima.conf"
 if [ ! -e "${sysctl_conf}" ]; then
-  if [ -e "/proc/sys/kernel/unprivileged_userns_clone" ]; then
-    echo "kernel.unprivileged_userns_clone=1" >> "${sysctl_conf}"
-  fi
-  echo "net.ipv4.ping_group_range = 0 2147483647" >> "${sysctl_conf}"
-  echo "net.ipv4.ip_unprivileged_port_start=0" >> "${sysctl_conf}"
-  sysctl --system
+	if [ -e "/proc/sys/kernel/unprivileged_userns_clone" ]; then
+		echo "kernel.unprivileged_userns_clone=1" >>"${sysctl_conf}"
+	fi
+	echo "net.ipv4.ping_group_range = 0 2147483647" >>"${sysctl_conf}"
+	echo "net.ipv4.ip_unprivileged_port_start=0" >>"${sysctl_conf}"
+	sysctl --system
 fi
 
 # Set up subuid
 for f in /etc/subuid /etc/subgid; do
-  grep -qw "${LIMA_CIDATA_USER}" $f || echo "${LIMA_CIDATA_USER}:100000:65536" >> $f
+	grep -qw "${LIMA_CIDATA_USER}" $f || echo "${LIMA_CIDATA_USER}:100000:65536" >>$f
 done
 
 # Start systemd session