mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-06 02:25:23 +00:00
1a2cfa90c3
Commit 95b80d1 made the dev container persistent between invocations,
but hard-coded `docker` again. This change fixes that and also adds
further improvements:
- Do not use `--privileged` with podman. If the rootless user has
permissions to access `/dev/kvm`, so will the container.
- Map `/dev/vhost-net` and `/dev/vhost-vsock` as well.
- Use `BASH_SOURCE` to find this script's directory. As we're using Bash
to start with, this is more robust than using plain `$0`.
BUG=None
TEST=Run `./tools/dev_container cargo build` with Podman and Docker
Change-Id: I05c699f327c8e1c4f3c4df9679ee92bf7e609e2e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3295372
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Christian Blichmann <cblichmann@google.com>
107 lines
2.5 KiB
Bash
Executable file
107 lines
2.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Copyright 2021 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
#
|
|
# Usage:
|
|
#
|
|
# To get an interactive shell for development:
|
|
# ./tools/dev_container
|
|
#
|
|
# To run a command in the container, e.g. to run presubmits:
|
|
# ./tools/dev_container ./tools/presubmit
|
|
#
|
|
# The state of the container (including build artifacts) are preserved between
|
|
# calls. To stop the container call:
|
|
# ./tools/dev_container --stop
|
|
#
|
|
# The dev container can also be called with a fresh container for each call that
|
|
# is cleaned up afterwards (e.g. when run by Kokoro):
|
|
#
|
|
# ./tools/dev_container --hermetic CMD
|
|
|
|
set -e
|
|
cd "$(dirname "${BASH_SOURCE[0]}")/.."
|
|
|
|
# Allow to override the container CLI tool, similar to the Makefile. Try
|
|
# "docker" first and fall back to "podman".
|
|
DOCKER=${DOCKER:-$(which docker || which podman)}
|
|
|
|
# Name to identify the running crosvm dev container
|
|
CONTAINER_NAME=crosvm_dev
|
|
|
|
IMAGE_VERSION=$(cat tools/impl/dev_container/version)
|
|
|
|
# Enable interactive mode when running in an interactive terminal.
|
|
TTY_ARGS=()
|
|
if [ -t 1 ]; then
|
|
TTY_ARGS+=(
|
|
--interactive
|
|
--tty
|
|
)
|
|
fi
|
|
|
|
# Podman will not share devices when `--privileged` is specified
|
|
PRIV_ARGS=()
|
|
if [ "${DOCKER}" != "${podman}" ]; then
|
|
PRIV_ARGS+=(
|
|
--privileged
|
|
)
|
|
fi
|
|
|
|
DOCKER_ARGS=(
|
|
"${TTY_ARGS[@]}"
|
|
--volume "$(pwd):/workspace:rw"
|
|
--device "/dev/kvm"
|
|
--volume "/dev/log:/dev/log"
|
|
--device "/dev/net/tun"
|
|
--device "/dev/vhost-net"
|
|
--device "/dev/vhost-vsock"
|
|
"${PRIV_ARGS[@]}"
|
|
"gcr.io/crosvm-packages/crosvm_dev:$IMAGE_VERSION"
|
|
)
|
|
|
|
docker_run_detached() {
|
|
"${DOCKER}" run \
|
|
--detach --name "${CONTAINER_NAME}" \
|
|
"${DOCKER_ARGS[@]}" >/dev/null
|
|
}
|
|
|
|
docker_run() {
|
|
"${DOCKER}" run --rm "${DOCKER_ARGS[@]}" "$@"
|
|
}
|
|
|
|
get_container_id() {
|
|
"${DOCKER}" ps -q -f name="${CONTAINER_NAME}"
|
|
}
|
|
|
|
docker_exec() {
|
|
if [[ $# -gt 0 ]]; then
|
|
cmd=("$@")
|
|
else
|
|
cmd=(/bin/bash)
|
|
fi
|
|
"${DOCKER}" exec "${TTY_ARGS[@]}" "$(get_container_id)" "${cmd[@]}"
|
|
}
|
|
|
|
main() {
|
|
if [[ "$1" == "--stop" ]]; then
|
|
if [ -n "$(get_container_id)" ]; then
|
|
"${DOCKER}" rm -f "$(get_container_id)" >/dev/null
|
|
fi
|
|
exit
|
|
fi
|
|
|
|
if [[ "$1" == "--hermetic" ]]; then
|
|
shift
|
|
docker_run "$@"
|
|
else
|
|
if [ -z "$(get_container_id)" ]; then
|
|
docker_run_detached
|
|
fi
|
|
docker_exec "$@"
|
|
fi
|
|
|
|
}
|
|
|
|
main "$@"
|