sandbox_s243a_debug3.sh

#!/bin/bash
# James Budiono 2011, 2013, 2015
# puppy test/compilation sandbox
# this version uses tmpfs instead of an rw image,
# and you can also choose which SFS to use
# run this from terminal.
# version 4 - replace sed with awk - more powerful and more correct, will handle all oddball cases
#             where loop-N and pup_ro-N numbers don't match
# version 5 - add compatibility when running with pup_rw=tmpfs (step 2.a)
# version 6 - (2012) adapted to be more flexible - for Fatdog64 600
# version 7 - (2012) cleanup mounts if if we are killed
# version 8 - (2013) re-launch in terminal if we aren't in terminal
# version 9 - (2013) enable running multiple sandboxes
# version 10 - (2015) use pid/mount namespaces if available

# 0. directory locations
#. $BOOTSTATE_PATH # AUFS_ROOT_ID
#XTERM="defaultterm"
# -o, --output-file
#    Just write layer paths to an output file but don't mount the sandbox.
# --no-exit
#   if an output file is specified (i.e. -o or --output-file) layer paths are just written to a file and the program exits unless the no-exit flag is specified.
# f, --input-file
#   read layer paths from a file rather than reading existing layers
# m,--pmedia
#   determines pupmodes. Refer to puppy boot parmaters
# d, --pdrv
#   this is the particiaion where the puppy files are located. The default is /mnt/home
# s, psubdir
#   this is the sub directory where the puppy files are located
# c, --clear-env
#   deletes enviornental variabls
# --env-prefix
#   enviornental variable prefix
# b --boot-config
#   path to boot config (e.g. /etc/rc.d/BOOTCONFIG
# --disto-specs
#   path to distro specs (e.g. /etc/DISTRO_SPECS; e.g. /initrd/distro-specs)
# L, --layer
#   a subgke kater
#  e, --extra-sfs
#   a list of extra sfs files (space seperated)
#  u, --union-record
# --xterm
# --sandbox
# -initrd
declare -A KEYs_by_MNT_PT
declare -A KEYs_by_FILE_PATH
declare -A KEYs_by_trimmed_MNT_PT
declare -A KEYs_by_trimmed_FILE_PATH
declare -A MNT_PTs
declare -A FILE_PATHs
declare -A ON_status
MAX_STR_LEN=50


XTERM=${XTERM:-urxvt}
SANDBOX_ROOT=${SANDBOX_ROOT:-/mnt/sb}
declare -a options="$(getopt -o f:,o:,m:,d:,s:,b:,e: --long input-file:output-file:,pmedia:,pdrv:,psubdir:,boot-config:,distro-specs:,extra-sfs:,maybe-aufs,maybe-psubdir:,no-exit:: -- "$@")"
declare -a options2
declare -a LAYER_SOURCES
LAYER_SOURCE=none
eval set --"$options"
while [ $# -gt 0 ]; do
  case "$1" in
  -f|--input-file) INPUT_FILE=$2;
    LAYER_SOURCE=INPUT_FILE
    LAYER_SOURCES+=( input-file )
    shift 2; ;;
  -o|--output-file) OUTPUT_FILE=$2; shift 2; ;;
  --no-exit)
    if [ $# -gt 1 ] && [[ ! "$2" = --* ]] && [ ! -z "$2" ]; then
      NO_EXIT="$2"
      shift 2
    else
      NO_EXIT=true
      shift 1
    fi; ;;
  -p|--env-prefix) ENV_PREFIX=$2; shift 2; ;;
  -m|--pmedia) PMEDIA=$2; shift 2; ;;
  -d| --pdrv) PDRV=$2; shift 2; ;;
  -s|--psubdir) PSUBDIR=$2;
    LAYER_SOURCE=psubdir
    LAYER_SOURCES+=( psubdir )
    shift 2; ;;
    --maybe-psubdir) PSUBDIR=$2;
    LAYER_SOURCE=maybe-psubdir
    LAYER_SOURCES+=( maybe-psubdir )
    shift 2; ;;
  --distro-specs)
     DISTRO_SPECS=$2;
     . "$DISTRO_SPECS"
     shift 2
     ;;
   --boot-config)
       DISTRO_SPECS=$2;
     . "$BOOTCONFIG"
     shift 2
     ;;
   --union-record)
     LASTUNIONRECORD="$2";
     LAYER_SOURCES+=( union-record )
     shift 2; ;;
   -e|--extra-sfs)
     EXTRASFSLIST="$2";
     LAYER_SOURCES+=( extrasfs )
     shift 2; ;;
  --maybe-aufs)
    LAYER_SOURCE=maybe-aufs
    LAYER_SOURCES+=( maybe-aufs )
    shift 1; ;;
  --)
    shift 1
    options2+=( "$@" )
    break; ;;
  *)
     options2+=( "$1" )
     shift 1; ;;
  esac
done

#set -- "${options2[@]}"
if [ "$LAYER_SOURCE" = none ] && [ ! -z "$PDRV" ]; then
  PDRV=${PDRV:-/mnt/home}
  for rec in $LASTUNIONRECORD; do
    if [ -f "$PDRV/$rec" ]; then
      items+="\"$PDRV/$rec\" \"$rec\""$'\n'
    fi
  done
  if [ -z "$items" ]; then
    [ -z "$DISTRO_PUPPYSFS" ] && DISTRO_PUPPYSFS=$(ls -1 /mnt/home | grep -m1 puppy_.*\.sfs$)
    [ -z "$DISTRO_ZDRVSFS" ] && DISTRO_ZDRVSFS=$(ls -1 /mnt/home | grep -m1 zdrv.*\.sfs$)
    [ -z "$DISTRO_FDRVSFS" ] && DISTRO_FDRVSFS=$(ls -1 /mnt/home | grep -m1 fdrv.*\.sfs$)
    [ -z "$DISTRO_ADRVSFS" ] && DISTRO_ADRVSFS=$(ls -1 /mnt/home | grep -m1 fdrv.*\.sfs$)
    [ -z "$DISTRO_YDRVSFS" ] && DISTRO_YDRVSFS=$(ls -1 /mnt/home | grep -m1 fdrv.*\.sfs$)
    for rec in "$DISTRO_PUPPYSFS" "$DISTRO_ZDRVSFS" "$DISTRO_FDRVSFS" "$DISTRO_ADRVSFS" "$DISTRO_YDRVSFS"; do
      items+="$PDRV/$rec" "$rec"$'\n'
    done
  fi
  if [ ! -z "$items" ]; then
    for rec in $EXTRASFSLIST; do
      if [ -f "$PDRV/$rec" ]; then
        items+="\"$PDRV/$rec\" \"$rec\" "on"\""$'\n'
      fi
    done
  fi
fi
if [ -z "$items" ] && [ "$LAYER_SOURCE" = none ] ; then
    LAYER_SOURCE=aufs
    LAYER_SOURCES+=( aufs )
fi
[ -z "$PDRV" ] && PDRV="$(realpath /mnt/home)"
if [ "$(cat /proc/mounts | grep -c "$PDRV")" = 0 ]; then
  PDRV_DEV="$(blkid | grep -m1 "$PDRV" | cut -d ':' -f1)"
  PDRV="$(echo "$PDRV_DEV" | sed 's#^/dev/#/mnt/#')"
  mount "$PDRV_DEV" "$PDRVV"
fi


FAKEROOT=$SANDBOX_ROOT/fakeroot   # mounted chroot location of sandbox - ie, the fake root
SANDBOX_TMPFS=$SANDBOX_ROOT/sandbox # mounted rw location of tmpfs used for sandbox
SANDBOX_ID=
TMPFILE=$(mktemp -p /tmp)
# use namespaces if available
#[ -e /proc/1/ns/pid ] && [ -e /proc/1/ns/mnt ] && type unshare >/dev/null && USE_NS=1


# umount all if we are accidentally killed
trap 'umountall' 1
umountall() {
    {
    umount -l $FAKEROOT/$SANDBOX_TMPFS
    umount -l $FAKEROOT/tmp
    umount -l $FAKEROOT/proc
    umount -l $FAKEROOT/sys
    umount -l $FAKEROOT/dev

    umount -l $FAKEROOT
    umount -l $SANDBOX_TMPFS
    rmdir $FAKEROOT
    rmdir $SANDBOX_TMPFS
    } 2> /dev/null
}

# 0.1 must be root
if [ $(id -u) -ne 0 ]; then
    echo "You must be root to use sandbox."
    exit
fi

# 0.2 cannot launch sandbox within sandbox
if [ "$AUFS_ROOT_ID" != "" ] ; then
    grep -q $SANDBOX_ROOT /sys/fs/aufs/$AUFS_ROOT_ID/br0 &&
        echo "Cannot launch sandbox within sandbox." && exit
fi

# 0.3 help
case "$1" in
    --help|-h)
    echo "Usage: ${0##*/}"
    echo "Starts an in-memory (throwaway) sandbox. Type 'exit' to leave."
    exit
esac

# 0.4 if not running from terminal but in Xorg, then launch via terminal
! [ -t 0 ] && [ -n "$DISPLAY" ] && exec $XTERM -e "$0" "$@"
! [ -t 0 ] && exit
# 1. get aufs system-id for the root filesystem
if [ -z "$AUFS_ROOT_ID" ] ; then
    AUFS_ROOT_ID=$(
        awk '{ if ($2 == "/" && $3 == "aufs") { match($4,/si=[0-9a-f]*/); print "si_" substr($4,RSTART+3,RLENGTH-3) } }' /proc/mounts
    )
fi
function get_items(){

    OUTFILE=/tmp/get_items_out
    rm "$OUTFILE"

    items+=$(
  { echo ==mount==; cat /proc/mounts;
    echo ==losetup==; losetup-FULL -a;
    echo ==branches==;
      if [ $# -eq 0 ]; then
        ls -v /sys/fs/aufs/$AUFS_ROOT_ID/br[0-9]* | xargs sed 's/=.*//';
      else
        if [ "$1" = "-f" ]; then
          cat "$2";
        elif [ "$1" = "-s" ]; then
          cat <<<"$2";
        fi;
      fi; } | \
    awk -v PDRV="$PDRV" -v MAX_STR_LEN="$MAX_STR_LEN" -v OUTFILE="$OUTFILE" '
    function mount(MNT_PT,MNT_PATH){
      system("mkdir -p " MNT_PT)
      system("mount " MNT_PATH " " MNT_PT " 2>/dev/null")
    }
    function mount_if_valid(MNT_PT,MNT_PATH,PROOT,PDRV                  ,F_MNT_PATH,D_MNT_PATH){
          if (system("[ -f " MNT_PATH " ] && exit 0 || exit 1") == 0){
            F_MNT_PATH=MNT_PATH
          } else if (system("[ -f " PROOT "/" MNT_PATH " ] && exit 0 || exit 1") == 0){
           F_MNT_PATH=PROOT "/" MNT_PATH
         } else if (system("[ -f " PDRV "/" PROOT "/" MNT_PATH " ]  && exit 0 || exit 1") == 0){
           F_MNT_PATH=PROOT "/" MNT_PATH
          } else if (system("[ -d " MNT_PATH " ] && exit 0 || exit 1") == 0){
            D_MNT_PATH=MNT_PATH
         } else if (system("[ -d " PROOT "/" MNT_PATH " ]  && exit 0 || exit 1") == 0){
           D_MNT_PATH=PROOT "/" MNT_PATH
         } else if (system("[ -d " PDRV "/" PROOT "/" MNT_PATH " ]  && exit 0 || exit 1") == 0 ){
           D_MNT_PATH=PROOT "/" MNT_PATH
         } else {
           F_MNT_PATH=""
           D_MNT_PATH=""
        }
        if (length(F_MNT_PATH)>0){
            mount(MNT_PT,F_MNT_PATH)
            if (system("cat /proc/mounts | grep -c -m1 " MNT_PT) > 0){
              result=sucess }
            else {
              result=fail }
        }
        else if (length(D_MNT_PATH)>0) {
           result=directory
        } else {
          result=fail
        }
        return result
    }
    #BEGIN {
    #  FPAT = "'"([^ ]+)|(\\\\'[^\\\\']+\\\\')"'"
    #}
    /==mount==/ { mode=1 }
    /==losetup==/ { mode=2 }
    /==branches==/ { mode=3 }
    {
    if (mode == 1) {
      # get list of mount points, types, and devices - index is $3 (mount points)
      mountdev[$2]=$1
      mounttypes[$2]=$3

      field2[$2]=$3
    } else if (mode == 2) {
      # get list of loop devices and files - index is $1 (loop devs)
      sub(/:/,"",$1)
      sub(/.*[/]/,"",$3); sub(/)/,"",$3)
      loopdev[$1]=$3
    } else if (mode == 3) {
      # map mount types to loop files if mount devices is a loop
      for (m in mountdev) {
        if ( loopdev[mountdev[m]] != "" ){
             BNAME=loopdev[mountdev[m]]
             sub(/.*[/]/,"",BNAME)
             field2[m]=BNAME
             mountpath[m]=loopdev[mountdev[m]]
        }

      }
      # for (m in mountdev) print m " on " mountdev[m] " type " mounttypes[m]
      mode=4
    } else if (mode==4) {
      # print the branches and its mappings
      system("echo '"'"'AWK (mode==4):" $0 "'"'"' >/dev/stderr")
      if ( ! $1 in field2){
        MNT_PT=$1
        MNT_PATH=$2
        if (length(MNT_PATH)==0){
          MNT_PATH=$1
        }
        mountpath[$1]=MNT_PATH

        if (length(MNT_PATH) ==0){
           next
        }
        mnt_status=mount_if_valid(MNT_PT,MNT_PATH,PDRV)
        if(mnt_status == "fail"){
            next
        }
        BNAME=MNT_PATH
        sub(/.*[/]/,"",BNAME)
         field2[MNT_PT]=BNAME
      }
       if (NF>2){
          STATE=$3
       } else {
            STATE="on"
       }
       if ("$STATE" !~ /(on|off)/){
           STATE="on"
       }
       start=length($1)-MAX_STR_LEN
       if (start<1) start=1
       field1[$1]=substr($1,start)
         #out1=field1[$1] " " field2[$1] " " STATE
         #out2=$1 " " mounttypes[$1] " " mountpath[$1]
         #print out1
         #print out2 > OUTFILE
       print field1[$1],field2[$1],STATE
       print field1[$1],field2[$1],STATE,$1,mounttypes[$1],mountpath[$1] > OUTFILE
    }
  }
  '
  )
  echo "$items"
}
function mount_fn(){
    local MNT_PT=''
    FULL_PATH=$(realpath "$1")
    key=$(md5sum < <( echo "$FULL_PATH" ) | cut -f1 -d' ')
    key=${key:0:5}
    FNAME="$(echo "${FULL_PATH}__${key}" | sed 's#/#+#g' | sed 's#\.#+#g')"

    if [ ! -z "$2" ]; then
      MNT_PT="$(cat /proc/mounts | grep "$2" | grep -m1 $FNAME | cut -d ' ' -f2 )"
      [ -z "$MNT_PT" ] && MNT_PT="$(cat /proc/mounts | grep -m1 "$2" | cut -d ' ' -f2 )"
      [ -z "$MNT_PT" ] && MNT_PT="$(cat /proc/mounts | grep -m1 $FNAME | cut -d ' ' -f2 )"
   else
       MNT_PT="$(cat /proc/mounts | grep -m1 $FNAME | cut -d ' ' -f2)"
   fi
    if [ -z "${MNT_PT}" ]; then
      #case "FNAME" in
      #*.iso)
      #   DIR_PATH=/media; ;;
      #*)
        DIR_PATH=/mnt #; ;;
      #esac
      #if [ -z "$2" ]; then
       # MNT_PT="$2"
      #fi
      #[ -z "$MNT_PT" ] && MNT_PT="${DIR_PATH}/$FNAME"
      LN=${#FNAME}
      start="$((LN-MAX_STR_LEN-4))"
      if [ "$start" -lt 0 ]; then
        start=0
      fi
      FNAME=${FNAME:$start}
      MNT_PT="${DIR_PATH}/$FNAME"

      mkdir -p "${MNT_PT}"
      mount $FULL_PATH "${MNT_PT}"
      MNT_PT="$(cat /proc/mounts | grep -m1 $FNAME | cut -d ' ' -f2 )"
   fi
  echo  "${MNT_PT}"
}
if [ -z "$items" ]; then

  for item_source in "${LAYER_SOURCES[@]}"; do
  # 2. get branches, then map branches to mount types or loop devices
    case "$item_source" in
    input-file)
  items+="$(get_items -f "$INPUT_FILE")"; ;;
    union-record)
       new_items=''
       for rec in $LASTUNIONRECORD; do
        if [ -f "$rec" ]; then
          MNT_PT="$(mount_fm "$rec" )"
          new_items+="\"$MNT_PT\" \"$rec\" \"on\""$'\n'
        elif [ -f "$PDRV/$rec" ]; then
          MNT_PT="$(mount_fm "$PDRV/$rec" )"
          new_items+="\"$MNT_PT\", \"$PDRV/$rec\", \"on\""$'\n'
        fi
      done
      items+="$(get_items -f <<<"$new_items")"
      ;;
    extra-sfs)
       new_items=''
       for rec in $EXTRASFSLIST; do
       if [ -f "$rec" ]; then
          MNT_PT="$(mount_fm "$rec" )"
          new_items+="\"$MNT_PT\" \"$rec\" \"on\""$'\n'
        elif [ -f "$PDRV/$rec" ]; then
          MNT_PT="$(mount_fm "$PDRV/$rec" )"
          new_items+="\"$MNT_PT\" \"$PDRV/$rec\" \"on\""$'\n'
        fi
      done
      ;;
    layer=*)
      item_path="$(echo ${litem_source#*=})"
      if [ -f "$item_path" ]; then
        MNT_PT="$(mount_fm "$item_path" )"
      elif [ -d "$item_path" ]; then
        MNT_PT="$item_path" #This isn't really a mount poing
      elif [ ! -d  "$item_path" ]; then
        echo "Warning  cannot mount $item_path"
        continue
      fi
      items+="\"$MNT_PT\" \"$item_path\" \"on\""$'\n'
      ;;
    psubdir|maybe-psubdir)
      if [ "$item_source" = "maybe-psubdir" ]; then
         [ ! -z "$items" ] && continue
      fi
      [ -z "$DISTRO_PUPPYSFS" ] && DISTRO_PUPPYSFS=$(ls -1 "${PDRV}/${PSUBDIR}" | grep -m1 puppy_.*\.sfs$)
      [ -z "$DISTRO_ZDRVSFS" ] && DISTRO_ZDRVSFS=$(ls -1 "${PDRV}/${PSUBDIR}" | grep -m1 zdrv.*\.sfs$)
      [ -z "$DISTRO_FDRVSFS" ] && DISTRO_FDRVSFS=$(ls -1 "${PDRV}/${PSUBDIR}" | grep -m1 fdrv.*\.sfs$)
      [ -z "$DISTRO_ADRVSFS" ] && DISTRO_ADRVSFS=$(ls -1 "${PDRV}/${PSUBDIR}" | grep -m1 fdrv.*\.sfs$)
      [ -z "$DISTRO_YDRVSFS" ] && DISTRO_YDRVSFS=$(ls -1 "${PDRV}/${PSUBDIR}" | grep -m1 fdrv.*\.sfs$)
      new_items=""
      for rec in "$DISTRO_PUPPYSFS" "$DISTRO_ZDRVSFS" "$DISTRO_FDRVSFS" "$DISTRO_ADRVSFS" "$DISTRO_YDRVSFS"; do
        #MNT_PATH="${rec}"
        #[ ! -z "${PSUBDIR}" ] && MNT_PATH=${PSUBDIR}/${MNT_PATH}
        MNT_PATH="${PDRV}/${PSUBDIR}/$rec"
        MNT_PT="$(mount_fn "$MNT_PATH")"
        new_items+="\"${MNT_PT}\" \"$rec\" "'"on"'$'\n'
      done
      export new_items="$new_items"
      echo "$new_items"
      items+="$(get_items -s "$new_items")"
      ;;
    aufs)
      items+="$(get_items)" ; ;;
    maybe-aufs)
       [  -z "$items" ] && items+="$(get_items)"; ;;
  esac
  items="$(echo "$items" | sed -n '/^\s*\(on\)\?\s*$/! p' | sed -n '/^Error: Expected on/! p' | sed -n '/^Use --help on/! p')"
  done
fi
# 3. Ask user to choose the SFS

dialog --separate-output --backtitle "tmpfs sandbox" --title "sandbox config" \
    --checklist "Choose which SFS you want to use" 0 0 0 $items 2> $TMPFILE
chosen="$(cat $TMPFILE)"

clear
if [ -z "$chosen" ]; then
    echo "Cancelled or no SFS is chosen - exiting."
    exit 1
fi

if [ ! -z "$OUTPUT_FILE" ]; then
  cp "$TMPFILE" "$OUTPUT_FILE"
  if [ ! "$NO_EXIT" = true ]; then
    exit 0
  fi
fi
# 0.5 is this the first sandbox? If not, then create another name for mountpoints
if grep -q $FAKEROOT /proc/mounts; then
    FAKEROOT=$(mktemp -d -p $SANDBOX_ROOT ${FAKEROOT##*/}.XXXXXXX)
    SANDBOX_ID=".${FAKEROOT##*.}"
    SANDBOX_TMPFS=$SANDBOX_ROOT/${SANDBOX_TMPFS##*/}${SANDBOX_ID}
    rmdir $FAKEROOT
fi


# 4. convert chosen SFS to robranches
robranches=""
for a in $(cat $TMPFILE) ; do
    a="$(echo "$a" | sed 's/,$//')" # | sed 's/^'//' | sed 's/'$//' )"
    robranches="$robranches:$a=ro"
done
rm $TMPFILE

# 5. make the mountpoints if not exist  yet
mkdir -p $FAKEROOT $SANDBOX_TMPFS

# 6. do the magic - mount the tmpfs first, and then the rest with aufs
if mount -t tmpfs none $SANDBOX_TMPFS; then
    if mount -t aufs -o "br:$SANDBOX_TMPFS=rw$robranches" aufs $FAKEROOT; then
        # 5. record our new aufs-root-id so tools don't hack real filesystem
        SANDBOX_AUFS_ID=$(grep $FAKEROOT /proc/mounts | sed 's/.*si=/si_/; s/ .*//') #'
        sed -i -e '/AUFS_ROOT_ID/ d' $FAKEROOT/etc/BOOTSTATE 2> /dev/null
        echo AUFS_ROOT_ID=$SANDBOX_AUFS_ID >> $FAKEROOT/etc/BOOTSTATE

        # 7. sandbox is ready, now just need to mount other supports - pts, proc, sysfs, usb and tmp
        mkdir -p $FAKEROOT/dev $FAKEROOT/sys $FAKEROOT/proc $FAKEROOT/tmp
        mount -o rbind /dev $FAKEROOT/dev
        mount -t sysfs none $FAKEROOT/sys
        mount -t proc none $FAKEROOT/proc
        mount -o bind /tmp $FAKEROOT/tmp
        mkdir -p $FAKEROOT/$SANDBOX_TMPFS
        mount -o bind $SANDBOX_TMPFS $FAKEROOT/$SANDBOX_TMPFS   # so we can access it within sandbox

        # 8. optional copy, to enable running sandbox-ed xwin
        cp /usr/share/sandbox/* $FAKEROOT/usr/bin 2> /dev/null

        # 9. make sure we identify ourself as in sandbox - and we're good to go!
        echo -e '\nexport PS1="sandbox'${SANDBOX_ID}'# "' >> $FAKEROOT/etc/shinit #fatdog 600
        sed -i -e '/^PS1/ s/^.*$/PS1="sandbox'${SANDBOX_ID}'# "/' $FAKEROOT/etc/profile # earlier fatdog
        echo "Starting sandbox now."
        if [ $USE_NS ]; then
            unshare -f -p --mount-proc=$FAKEROOT/proc chroot $FAKEROOT
        else
            chroot $FAKEROOT
        fi

        # 10. done - clean up everything
        umountall
        echo "Leaving sandbox."
    else
        echo "Unable to mount aufs br:$SANDBOX_TMPFS=rw$robranches"
        umount -l $SANDBOX_TMPFS
    fi
else
    echo "unable to mount tmpfs."
fi