diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 93f3780..6b0be57 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1 @@ -# These are supported funding model platforms - -custom: https://www.paypal.me/hectormf +custom: https://hector.molinero.dev/donate diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72185c1..f413eb1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,137 +1,137 @@ -image: docker:stable +image: "docker.io/docker:stable" services: - - docker:dind + - "docker:dind" stages: - - build:images - - push:images - - push:manifests + - "build:images" + - "push:images" + - "push:manifests" variables: - DOCKER_HOST: tcp://docker:2375 - DOCKER_DRIVER: overlay2 + DOCKER_HOST: "tcp://docker:2375" + DOCKER_DRIVER: "overlay2" build:native-image: - stage: build:images + stage: "build:images" before_script: - - docker info - - apk add --no-cache coreutils git m4 make xz + - "docker info" + - "apk add --no-cache coreutils git m4 make xz" script: - - make build-native-image save-native-image + - "make build-native-image save-native-image" except: - - tags + - "tags" artifacts: - expire_in: 1 day + expire_in: "1 day" paths: - - dist/ + - "dist/" build:amd64-image: - stage: build:images + stage: "build:images" before_script: - - docker info - - apk add --no-cache coreutils git m4 make xz - - make binfmt-register + - "docker info" + - "apk add --no-cache coreutils git m4 make xz" + - "make binfmt-register" script: - - make build-amd64-image save-amd64-image + - "make build-amd64-image save-amd64-image" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" artifacts: - expire_in: 1 week + expire_in: "1 week" paths: - - dist/ + - "dist/" build:arm32v7-image: - stage: build:images + stage: "build:images" before_script: - - docker info - - apk add --no-cache coreutils git m4 make xz - - make binfmt-register + - "docker info" + - "apk add --no-cache coreutils git m4 make xz" + - "make binfmt-register" script: - - make build-arm32v7-image save-arm32v7-image + - "make build-arm32v7-image save-arm32v7-image" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" artifacts: - expire_in: 1 week + expire_in: "1 week" paths: - - dist/ + - "dist/" build:arm64v8-image: - stage: build:images + stage: "build:images" before_script: - - docker info - - apk add --no-cache coreutils git m4 make xz - - make binfmt-register + - "docker info" + - "apk add --no-cache coreutils git m4 make xz" + - "make binfmt-register" script: - - make build-arm64v8-image save-arm64v8-image + - "make build-arm64v8-image save-arm64v8-image" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" artifacts: - expire_in: 1 week + expire_in: "1 week" paths: - - dist/ + - "dist/" push:amd64-image: - stage: push:images + stage: "push:images" before_script: - - apk add --no-cache coreutils git make xz - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" >/dev/null 2>&1 + - "apk add --no-cache coreutils git make xz" + - "docker login -u \"${CI_REGISTRY_USER:?}\" -p \"${CI_REGISTRY_PASSWORD:?}\" \"${CI_REGISTRY:?}\" >/dev/null 2>&1" script: - - make load-amd64-image push-amd64-image + - "make load-amd64-image push-amd64-image" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" dependencies: - - build:amd64-image + - "build:amd64-image" push:arm32v7-image: - stage: push:images + stage: "push:images" before_script: - - apk add --no-cache coreutils git make xz - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" >/dev/null 2>&1 + - "apk add --no-cache coreutils git make xz" + - "docker login -u \"${CI_REGISTRY_USER:?}\" -p \"${CI_REGISTRY_PASSWORD:?}\" \"${CI_REGISTRY:?}\" >/dev/null 2>&1" script: - - make load-arm32v7-image push-arm32v7-image + - "make load-arm32v7-image push-arm32v7-image" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" dependencies: - - build:arm32v7-image + - "build:arm32v7-image" push:arm64v8-image: - stage: push:images + stage: "push:images" before_script: - - apk add --no-cache coreutils git make xz - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" >/dev/null 2>&1 + - "apk add --no-cache coreutils git make xz" + - "docker login -u \"${CI_REGISTRY_USER:?}\" -p \"${CI_REGISTRY_PASSWORD:?}\" \"${CI_REGISTRY:?}\" >/dev/null 2>&1" script: - - make load-arm64v8-image push-arm64v8-image + - "make load-arm64v8-image push-arm64v8-image" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" dependencies: - - build:arm64v8-image + - "build:arm64v8-image" push:cross-manifest: - stage: push:manifests + stage: "push:manifests" before_script: - - apk add --no-cache coreutils git make xz + - "apk add --no-cache coreutils git make" - "mkdir -p ~/.docker/ && printf '%s\n' '{\"experimental\": \"enabled\"}' > ~/.docker/config.json" - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" >/dev/null 2>&1 + - "docker login -u \"${CI_REGISTRY_USER:?}\" -p \"${CI_REGISTRY_PASSWORD:?}\" \"${CI_REGISTRY:?}\" >/dev/null 2>&1" script: - - make push-cross-manifest + - "make push-cross-manifest" only: - - /^v([0-9.]+)(-.+)?$/ + - "/^v([0-9.]+)(-.+)?$/" except: - - branches + - "branches" dependencies: - - push:amd64-image - - push:arm32v7-image - - push:arm64v8-image + - "push:amd64-image" + - "push:arm32v7-image" + - "push:arm64v8-image" diff --git a/Dockerfile.m4 b/Dockerfile.m4 index 5bdae8f..3055ac5 100644 --- a/Dockerfile.m4 +++ b/Dockerfile.m4 @@ -71,8 +71,8 @@ m4_ifelse(ENABLE_32BIT, 1, [[m4_dnl ARG LIBJPEG_TURBO_TREEISH=2.0.2 ARG LIBJPEG_TURBO_REMOTE=https://github.com/libjpeg-turbo/libjpeg-turbo.git WORKDIR /tmp/libjpeg-turbo/ -RUN git clone "${LIBJPEG_TURBO_REMOTE}" ./ -RUN git checkout "${LIBJPEG_TURBO_TREEISH}" +RUN git clone "${LIBJPEG_TURBO_REMOTE:?}" ./ +RUN git checkout "${LIBJPEG_TURBO_TREEISH:?}" RUN git submodule update --init --recursive WORKDIR ./build/ RUN cmake ./ \ @@ -102,8 +102,8 @@ RUN dpkg -i --force-architecture ./libjpeg-turbo32_*.deb ARG VIRTUALGL_TREEISH=2.6.2 ARG VIRTUALGL_REMOTE=https://github.com/VirtualGL/virtualgl.git WORKDIR /tmp/virtualgl/ -RUN git clone "${VIRTUALGL_REMOTE}" ./ -RUN git checkout "${VIRTUALGL_TREEISH}" +RUN git clone "${VIRTUALGL_REMOTE:?}" ./ +RUN git checkout "${VIRTUALGL_TREEISH:?}" RUN git submodule update --init --recursive WORKDIR ./build/ RUN cmake ./ \ @@ -133,8 +133,8 @@ RUN dpkg -i --force-architecture ./virtualgl32_*.deb ARG TURBOVNC_TREEISH=2.2.2 ARG TURBOVNC_REMOTE=https://github.com/TurboVNC/turbovnc.git WORKDIR /tmp/turbovnc/ -RUN git clone "${TURBOVNC_REMOTE}" ./ -RUN git checkout "${TURBOVNC_TREEISH}" +RUN git clone "${TURBOVNC_REMOTE:?}" ./ +RUN git checkout "${TURBOVNC_TREEISH:?}" RUN git submodule update --init --recursive WORKDIR ./build/ RUN cmake ./ \ @@ -152,8 +152,8 @@ RUN dpkg -i --force-architecture ./turbovnc_*.deb ARG XRDP_TREEISH=v0.9.11 ARG XRDP_REMOTE=https://github.com/neutrinolabs/xrdp.git WORKDIR /tmp/xrdp/ -RUN git clone "${XRDP_REMOTE}" ./ -RUN git checkout "${XRDP_TREEISH}" +RUN git clone "${XRDP_REMOTE:?}" ./ +RUN git checkout "${XRDP_TREEISH:?}" RUN git submodule update --init --recursive RUN ./bootstrap RUN ./configure \ @@ -172,8 +172,8 @@ RUN checkinstall --default --pkgname=xrdp --pkgversion=0 --pkgrelease=0 ARG XORGXRDP_TREEISH=v0.2.11 ARG XORGXRDP_REMOTE=https://github.com/neutrinolabs/xorgxrdp.git WORKDIR /tmp/xorgxrdp/ -RUN git clone "${XORGXRDP_REMOTE}" ./ -RUN git checkout "${XORGXRDP_TREEISH}" +RUN git clone "${XORGXRDP_REMOTE:?}" ./ +RUN git checkout "${XORGXRDP_TREEISH:?}" RUN git submodule update --init --recursive RUN ./bootstrap RUN ./configure @@ -190,8 +190,8 @@ RUN apt-get source pulseaudio && mv ./pulseaudio-*/ ./pulseaudio/ WORKDIR /tmp/pulseaudio/ RUN ./configure WORKDIR /tmp/xrdp-pulseaudio/ -RUN git clone "${XRDP_PULSEAUDIO_REMOTE}" ./ -RUN git checkout "${XRDP_PULSEAUDIO_TREEISH}" +RUN git clone "${XRDP_PULSEAUDIO_REMOTE:?}" ./ +RUN git checkout "${XRDP_PULSEAUDIO_TREEISH:?}" RUN git submodule update --init --recursive RUN ./bootstrap RUN ./configure PULSE_DIR=/tmp/pulseaudio/ @@ -397,7 +397,7 @@ ENV UNPRIVILEGED_USER_SHELL=/bin/bash ENV DISABLE_GPU=false ENV RDP_TLS_KEY_PATH=/etc/xrdp/key.pem ENV RDP_TLS_CERT_PATH=/etc/xrdp/cert.pem -ENV PATH=/opt/VirtualGL/bin:/opt/TurboVNC/bin:"${PATH}" +ENV PATH=/opt/VirtualGL/bin:/opt/TurboVNC/bin:${PATH} ENV VGL_DISPLAY=:0 ## Workaround for AMDGPU X_GLXCreatePbuffer issue: ## https://github.com/VirtualGL/virtualgl/issues/85#issuecomment-480291529 @@ -406,12 +406,14 @@ ENV VGL_FORCEALPHA=1 ENV QT_STYLE_OVERRIDE=Adwaita # Setup locale -RUN sed -i 's|^# \(en_US\.UTF-8 UTF-8\)$|\1|' /etc/locale.gen && locale-gen +RUN printf '%s\n' 'en_US.UTF-8 UTF-8' > /etc/locale.gen +RUN localedef -c -i en_US -f UTF-8 en_US.UTF-8 ||: ENV LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 # Setup timezone -ENV TZ=Etc/UTC -RUN ln -sf /usr/share/zoneinfo/"${TZ}" /etc/localtime +ENV TZ=UTC +RUN ln -snf "/usr/share/zoneinfo/${TZ:?}" /etc/localtime +RUN printf '%s\n' "${TZ:?}" > /etc/timezone # Setup D-Bus RUN mkdir /run/dbus/ && chown messagebus:messagebus /run/dbus/ @@ -427,12 +429,12 @@ RUN printf '%s\n' 'exec xfce4-session' > /etc/skel/.xsession # Create /etc/skel/.xsessionrc file RUN printf '%s\n' \ - 'export XDG_CACHE_HOME=${HOME}/.cache' \ + 'export XDG_CACHE_HOME=${HOME:?}/.cache' \ 'export XDG_CONFIG_DIRS=/etc/xdg/xdg-xubuntu:/etc/xdg' \ - 'export XDG_CONFIG_HOME=${HOME}/.config' \ + 'export XDG_CONFIG_HOME=${HOME:?}/.config' \ 'export XDG_CURRENT_DESKTOP=XFCE' \ 'export XDG_DATA_DIRS=/usr/share/xubuntu:/usr/share/xfce4:/usr/local/share:/usr/share' \ - 'export XDG_DATA_HOME=${HOME}/.local/share' \ + 'export XDG_DATA_HOME=${HOME:?}/.local/share' \ 'export XDG_MENU_PREFIX=xfce-' \ 'export XDG_RUNTIME_DIR=/run/user/$(id -u)' \ 'export XDG_SESSION_DESKTOP=xubuntu' \ @@ -471,4 +473,4 @@ EXPOSE 3389/tcp WORKDIR / ENTRYPOINT ["/usr/bin/tini", "--"] -CMD ["/usr/local/bin/docker-foreground-cmd"] +CMD ["/usr/local/bin/container-foreground-cmd"] diff --git a/Makefile b/Makefile index 0a29ef2..8fabfb0 100755 --- a/Makefile +++ b/Makefile @@ -239,9 +239,9 @@ binfmt-reset: version: @if printf -- '%s' '$(IMAGE_VERSION)' | grep -q '^v[0-9]\{1,\}$$'; then \ NEW_IMAGE_VERSION=$$(awk -v 'v=$(IMAGE_VERSION)' 'BEGIN {printf "v%.0f", substr(v,2)+1}'); \ - printf -- '%s\n' "$${NEW_IMAGE_VERSION}" > '$(VERSION_FILE)'; \ - '$(GIT)' add '$(VERSION_FILE)'; '$(GIT)' commit -m "$${NEW_IMAGE_VERSION}"; \ - '$(GIT)' tag -a "$${NEW_IMAGE_VERSION}" -m "$${NEW_IMAGE_VERSION}"; \ + printf -- '%s\n' "$${NEW_IMAGE_VERSION:?}" > '$(VERSION_FILE)'; \ + '$(GIT)' add '$(VERSION_FILE)'; '$(GIT)' commit -m "$${NEW_IMAGE_VERSION:?}"; \ + '$(GIT)' tag -a "$${NEW_IMAGE_VERSION:?}" -m "$${NEW_IMAGE_VERSION:?}"; \ else \ >&2 printf -- 'Malformed version string: %s\n' '$(IMAGE_VERSION)'; \ exit 1; \ diff --git a/run.sh b/run.sh index 3dc1675..4aa836f 100755 --- a/run.sh +++ b/run.sh @@ -3,42 +3,45 @@ set -eu export LC_ALL=C +DOCKER=$(command -v docker 2>/dev/null) + +IMAGE_REGISTRY=docker.io IMAGE_NAMESPACE=hectormolinero IMAGE_PROJECT=xubuntu IMAGE_TAG=latest -IMAGE_NAME=${IMAGE_NAMESPACE}/${IMAGE_PROJECT}:${IMAGE_TAG} -CONTAINER_NAME=${IMAGE_PROJECT} +IMAGE_NAME=${IMAGE_REGISTRY:?}/${IMAGE_NAMESPACE:?}/${IMAGE_PROJECT:?}:${IMAGE_TAG:?} +CONTAINER_NAME=${IMAGE_PROJECT:?} -imageExists() { [ -n "$(docker images -q "$1")" ]; } -containerExists() { docker ps -aqf name="$1" --format '{{.Names}}' | grep -Fxq "$1"; } -containerIsRunning() { docker ps -qf name="$1" --format '{{.Names}}' | grep -Fxq "$1"; } +imageExists() { [ -n "$("${DOCKER:?}" images -q "${1:?}")" ]; } +containerExists() { "${DOCKER:?}" ps -af name="${1:?}" --format '{{.Names}}' | grep -Fxq "${1:?}"; } +containerIsRunning() { "${DOCKER:?}" ps -f name="${1:?}" --format '{{.Names}}' | grep -Fxq "${1:?}"; } -if ! imageExists "${IMAGE_NAME}"; then - >&2 printf -- '%s\n' "\"${IMAGE_NAME}\" image doesn't exist!" +if ! imageExists "${IMAGE_NAME:?}" && ! imageExists "${IMAGE_NAME#docker.io/}"; then + >&2 printf -- '%s\n' "\"${IMAGE_NAME:?}\" image doesn't exist!" exit 1 fi -if containerIsRunning "${CONTAINER_NAME}"; then - printf -- '%s\n' "Stopping \"${CONTAINER_NAME}\" container..." - docker stop "${CONTAINER_NAME}" >/dev/null +if containerIsRunning "${CONTAINER_NAME:?}"; then + printf -- '%s\n' "Stopping \"${CONTAINER_NAME:?}\" container..." + "${DOCKER:?}" stop "${CONTAINER_NAME:?}" >/dev/null fi -if containerExists "${CONTAINER_NAME}"; then - printf -- '%s\n' "Removing \"${CONTAINER_NAME}\" container..." - docker rm "${CONTAINER_NAME}" >/dev/null +if containerExists "${CONTAINER_NAME:?}"; then + printf -- '%s\n' "Removing \"${CONTAINER_NAME:?}\" container..." + "${DOCKER:?}" rm "${CONTAINER_NAME:?}" >/dev/null fi -printf -- '%s\n' "Creating \"${CONTAINER_NAME}\" container..." -docker run --detach \ - --name "${CONTAINER_NAME}" \ - --hostname "${CONTAINER_NAME}" \ +printf -- '%s\n' "Creating \"${CONTAINER_NAME:?}\" container..." +"${DOCKER:?}" run --detach \ + --name "${CONTAINER_NAME:?}" \ + --hostname "${CONTAINER_NAME:?}" \ --restart on-failure:3 \ --log-opt max-size=32m \ --publish 0.0.0.0:3322:3322/tcp \ --publish 0.0.0.0:3389:3389/tcp \ --privileged \ --shm-size 2g \ - "${IMAGE_NAME}" "$@" >/dev/null + "${IMAGE_NAME:?}" "$@" >/dev/null printf -- '%s\n\n' 'Done!' -exec docker logs -f "${CONTAINER_NAME}" +exec "${DOCKER:?}" logs -f "${CONTAINER_NAME:?}" diff --git a/scripts/bin/docker-foreground-cmd b/scripts/bin/container-foreground-cmd similarity index 96% rename from scripts/bin/docker-foreground-cmd rename to scripts/bin/container-foreground-cmd index 3ddac3c..b6fbc65 100755 --- a/scripts/bin/docker-foreground-cmd +++ b/scripts/bin/container-foreground-cmd @@ -31,7 +31,7 @@ printf '%s' "${UNPRIVILEGED_USER_NAME:?}:${UNPRIVILEGED_USER_PASSWORD:?}" | chpa unset UNPRIVILEGED_USER_PASSWORD # Dump environment variables -export-env >> /etc/profile.d/env.sh +export-env > /etc/profile.d/env.sh # Disable xdummy if there is no graphics card if [ "${DISABLE_GPU:?}" = 'true' ] || [ ! -d /dev/dri/ ]; then @@ -39,7 +39,7 @@ if [ "${DISABLE_GPU:?}" = 'true' ] || [ ! -d /dev/dri/ ]; then fi # Create RANDFILE if it does not exist -RANDFILE=${RANDFILE-${HOME}/.rnd} +RANDFILE=${RANDFILE-${HOME:?}/.rnd} if [ ! -f "${RANDFILE:?}" ]; then dd if=/dev/urandom of="${RANDFILE:?}" bs=256 count=1 >/dev/null 2>&1 fi diff --git a/scripts/bin/export-env b/scripts/bin/export-env index c33faec..e201de4 100755 --- a/scripts/bin/export-env +++ b/scripts/bin/export-env @@ -1,12 +1,9 @@ #!/usr/bin/awk -f -BEGIN { - print("\n") - for (v in ENVIRON) { - if (v !~ /^(PWD|HOME|SHELL|HOSTNAME|UID|USER|GID|GROUP)$/) { - gsub(/[^0-9A-Za-z_]/, "_", v); - gsub(/'/, "'\\''", ENVIRON[v]) - print("export "v"='"ENVIRON[v]"'") - } +BEGIN {for (v in ENVIRON) { + if (v !~ /^(_|AWKPATH|AWKLIBPATH|TERM|SHLVL|PWD|HOME|SHELL|HOSTNAME|UID|USER|GID|GROUP)$/) { + gsub(/[^0-9A-Za-z_]/, "_", v); + gsub(/'/, "'\\''", ENVIRON[v]) + print("export "v"='"ENVIRON[v]"'") } -} +}}