From c661a3b63a6ec6a680338879dccbcb0b6285f6c6 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Wed, 10 Jun 2026 13:34:44 +0900 Subject: [PATCH] cmd/mbf: migrate shell to enter This reduces duplicate code. This change also adds resolv.conf to the container. Signed-off-by: Ophestra --- cmd/mbf/main.go | 159 +++++++++++++------------------------------ internal/pkg/exec.go | 4 ++ 2 files changed, 50 insertions(+), 113 deletions(-) diff --git a/cmd/mbf/main.go b/cmd/mbf/main.go index 4ca86cf2..df9c99b8 100644 --- a/cmd/mbf/main.go +++ b/cmd/mbf/main.go @@ -32,12 +32,11 @@ import ( "syscall" "time" "unique" + "unsafe" "hakurei.app/check" "hakurei.app/command" "hakurei.app/container" - "hakurei.app/container/seccomp" - "hakurei.app/container/std" "hakurei.app/ext" "hakurei.app/fhs" "hakurei.app/internal/pkg" @@ -731,7 +730,7 @@ func main() { return cache.EnterExec( ctx, a, - true, os.Stdin, os.Stdout, os.Stderr, + "", true, os.Stdin, os.Stdout, os.Stderr, rosa.AbsSystem.Append("bin", "mksh"), "sh", ) @@ -934,6 +933,17 @@ func main() { "shell", "Interactive shell in the specified Rosa OS environment", func(args []string) error { + resolvconf := "nameserver 1.1.1.1\nnameserver 1.0.0.1\n" + if p, err := os.ReadFile(fhs.AbsEtc.Append( + "resolv.conf", + ).String()); err != nil { + if !errors.Is(err, os.ErrNotExist) { + return err + } + } else { + resolvconf = unsafe.String(unsafe.SliceData(p), len(p)) + } + handles := make([]rosa.ArtifactH, len(args), len(args)+3) for i, arg := range args { handles[i] = rosa.ArtifactH(unique.Make(arg)) @@ -953,119 +963,42 @@ func main() { ) root := make(pkg.Collect, 0, 6+len(args)) + root = append(root, rosa.NewEtc(false)) root = rosa.Native().Std().Append(root, handles...) - if err := cm.Do(func(cache *pkg.Cache) error { - _, _, err := cache.Cure(&root) - return err - }); err == nil { - return errors.New("unreachable") - } else if !pkg.IsCollected(err) { - return err - } - - type cureRes struct { - pathname *check.Absolute - checksum unique.Handle[pkg.Checksum] - } - cured := make(map[pkg.Artifact]cureRes) - for _, a := range root { - if err := cm.Do(func(cache *pkg.Cache) error { - pathname, checksum, err := cache.Cure(a) - if err == nil { - cured[a] = cureRes{pathname, checksum} - } - return err - }); err != nil { - return err - } - } - - // explicitly open for direct error-free use from this point - if cm.c == nil { - if err := cm.open(); err != nil { - return err - } - } - - layers := pkg.PromoteLayers(root, func(a pkg.Artifact) ( - *check.Absolute, - unique.Handle[pkg.Checksum], - ) { - res := cured[a] - return res.pathname, res.checksum - }, func(i int, d pkg.Artifact) { - r := pkg.Encode(cm.c.Ident(d).Value()) - if s, ok := d.(fmt.Stringer); ok { - if name := s.String(); name != "" { - r += "-" + name - } - } - msg.Verbosef("promoted layer %d as %s", i, r) + return cm.Do(func(cache *pkg.Cache) error { + return cache.EnterExec( + ctx, + pkg.NewExec( + "", + rosa.Native().Arch(), + new(pkg.Checksum), + 1, + flagNet, + false, + fhs.AbsRoot, + []string{ + "SHELL=/system/bin/mksh", + "PATH=/system/bin", + "HOME=/", + }, + fhs.AbsProc.Append("nonexistent"), + nil, + pkg.Path(fhs.AbsRoot, true, root...), + pkg.Path( + fhs.AbsEtc.Append("resolv.conf"), false, + pkg.NewFile( + "resolv.conf", + unsafe.Slice(unsafe.StringData(resolvconf), len(resolvconf)), + ), + ), + ), + "localhost", + flagSession, os.Stdin, os.Stdout, os.Stderr, + rosa.AbsSystem.Append("bin", "mksh"), + "sh", + ) }) - - z := container.New(ctx, msg) - z.WaitDelay = 3 * time.Second - z.SeccompPresets = pkg.SeccompPresets - z.SeccompFlags |= seccomp.AllowMultiarch - z.ParentPerm = 0700 - z.HostNet = flagNet - z.RetainSession = flagSession - z.Hostname = "localhost" - z.Uid, z.Gid = (1<<10)-1, (1<<10)-1 - z.Stdin, z.Stdout, z.Stderr = os.Stdin, os.Stdout, os.Stderr - z.Quiet = !cm.verboseInit - if s, ok := os.LookupEnv("TERM"); ok { - z.Env = append(z.Env, "TERM="+s) - } - - var tempdir *check.Absolute - if s, err := filepath.Abs(os.TempDir()); err != nil { - return err - } else if tempdir, err = check.NewAbs(s); err != nil { - return err - } - - z.Dir = fhs.AbsRoot - z.Env = []string{ - "SHELL=/system/bin/mksh", - "PATH=/system/bin", - "HOME=/", - } - z.Path = rosa.AbsSystem.Append("bin", "mksh") - z.Args = []string{"mksh"} - z. - OverlayEphemeral(fhs.AbsRoot, layers...). - Place( - fhs.AbsEtc.Append("hosts"), - []byte("127.0.0.1 localhost\n"), - ). - Place( - fhs.AbsEtc.Append("passwd"), - []byte("media_rw:x:1023:1023::/:/system/bin/sh\n"+ - "nobody:x:65534:65534::/proc/nonexistent:/system/bin/false\n"), - ). - Place( - fhs.AbsEtc.Append("group"), - []byte("media_rw:x:1023:\nnobody:x:65534:\n"), - ). - Bind(tempdir, fhs.AbsTmp, std.BindWritable). - Proc(fhs.AbsProc).Dev(fhs.AbsDev, true) - - if flagArch != "" && flagArch != runtime.GOARCH { - if entry, ok := pkg.Arch()[flagArch]; ok { - z.InitAsRoot = true - z.Binfmt = []container.BinfmtEntry{entry} - } - } - - if err := z.Start(); err != nil { - return err - } - if err := z.Serve(); err != nil { - return err - } - return z.Wait() }, ).Flag( &flagNet, diff --git a/internal/pkg/exec.go b/internal/pkg/exec.go index 0fe20848..4dd9fc26 100644 --- a/internal/pkg/exec.go +++ b/internal/pkg/exec.go @@ -591,6 +591,7 @@ var ( func (c *Cache) EnterExec( ctx context.Context, a Artifact, + hostname string, retainSession bool, stdin io.Reader, stdout, stderr io.Writer, @@ -671,6 +672,9 @@ func (c *Cache) EnterExec( z.Env = append(z.Env, "TERM="+s) } } + if hostname != "" { + z.Hostname = hostname + } if err = z.Start(); err != nil { return