DEBUGNOTE[16:57:20,424]: check_host(): Command tty failed. Guess if running on console: yes DEBUGNOTE[16:57:20,554]: check_host(): ps can watch root processes: yes x11docker[16:57:20,583]: Image name: pccastor_v2tfhj_wallet:latest Container command: DEBUGNOTE[16:57:20,620]: host user: debian 1000:1000 /home/debian x11docker WARNING: User debian is member of group docker. That allows unprivileged processes on host to gain root privileges. DEBUGNOTE[16:57:20,983]: storeinfo(): cache=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960 DEBUGNOTE[16:57:20,995]: storeinfo(): stdout=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/stdout DEBUGNOTE[16:57:21,006]: storeinfo(): stderr=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/stderr DEBUGNOTE[16:57:21,048]: storeinfo(): x11dockerpid=25519 DEBUGNOTE[16:57:21,193]: x11docker version: 6.10.1-beta-4 Backend version: Docker version 20.10.12, build e91ed57 Host system: "Debian GNU/Linux 10 (buster)" Host architecture: amd64 (x86_64) Command: '/usr/bin/x11docker' '-q' '--showenv' '--cap-default' '--hostuser=debian' '--backend=docker' '--xvfb' '--size=1980x1200' '--lang=fr' '--keymap=fr-latin9' '--home' '--homebasedir=/var/www/html/pccastor-com/wp-content/plugins/Loamok_xpra_docker_admin/system_admin-tpls/vms/home' '--pulseaudio' 'pccastor_v2tfhj_wallet:latest' Parsed options: -q --showenv --cap-default --hostuser 'debian' --backend 'docker' --xvfb --size '1980x1200' --lang 'fr' --keymap 'fr-latin9' --home '' --homebasedir '/var/www/html/pccastor-com/wp-content/plugins/Loamok_xpra_docker_admin/system_admin-tpls/vms/home' --pulseaudio '' -- 'pccastor_v2tfhj_wallet:latest' DEBUGNOTE[16:57:21,201]: Dependency check for --xvfb: 0 DEBUGNOTE[16:57:21,206]: Dependencies of --xvfb already checked: 0 DEBUGNOTE[16:57:21,212]: Dependencies of --xvfb already checked: 0 DEBUGNOTE[16:57:21,216]: storeinfo(): xserver=--xvfb x11docker WARNING: Option --cap-default disables security hardening for containers done by x11docker. Default docker capabilities are allowed. This is considered to be less secure. x11docker note: Option --cap-default: Enabling option --newprivileges. You can avoid this with --newprivileges=no DEBUGNOTE[16:57:21,260]: container user: debian 1000:1000 /home/debian x11docker WARNING: Option --homebasedir: Specified path does not exist: /var/www/html/pccastor-com/wp-content/plugins/Loamok_xpra_docker_admin/system_admin-tpls/vms/home Fallback: Using default home base directory. x11docker[16:57:21,324]: Sharing directory /home/debian/.local/share/x11docker/pccastor_v2tfhj_wallet with container as its home directory /home/debian DEBUGNOTE[16:57:21,392]: waitforlogentry(): tailstderr: Waiting for logentry "x11docker=ready" in store.info DEBUGNOTE[16:57:21,398]: waitforlogentry(): tailstdout: Waiting for logentry "x11docker=ready" in store.info DEBUGNOTE[16:57:21,515]: storepid(): Stored pid '26187' of 'watchpidlist': 26187 ? 00:00:00 bash DEBUGNOTE[16:57:21,584]: storepid(): Stored pid '26225' of 'watchmessagefifo': 26225 ? 00:00:00 bash x11docker[16:57:21,605]: Virtual screen size: 1980x1200 x11docker[16:57:21,617]: Physical screen size: x11docker WARNING: Option --pulseaudio allows container applications to catch your audio output and microphone input. DEBUGNOTE[16:57:21,657]: storeinfo(): pulseaudiomoduleid=255 x11docker[16:57:21,744]: Generated pulseaudio client.conf: 1 # Connect to host pulseaudio server using mounted UNIX socket 2 default-server = unix:/x11docker/pulseaudio.socket 3 # Prevent a server running in container 4 autospawn = no 5 daemon-binary = /bin/true 6 # Prevent use of shared memory 7 enable-shm = false 8 DEBUGNOTE[16:57:22,453]: storeinfo(): DISPLAY=:164 DEBUGNOTE[16:57:22,467]: storeinfo(): XAUTHORITY=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client DEBUGNOTE[16:57:22,477]: storeinfo(): XSOCKET=/tmp/.X11-unix/X164 DEBUGNOTE[16:57:22,546]: storeinfo(): XDG_RUNTIME_DIR=/run/user/1000 DEBUGNOTE[16:57:22,710]: storeinfo(): Xenv= DISPLAY=:164 XAUTHORITY=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X164 XDG_RUNTIME_DIR=/run/user/1000 DEBUGNOTE[16:57:22,744]: X server command: /usr/bin/Xvfb :164 \ -retro \ +extension RANDR \ +extension RENDER \ +extension GLX \ +extension XVideo \ +extension DOUBLE-BUFFER \ +extension SECURITY \ +extension DAMAGE \ +extension X-Resource \ -extension XINERAMA -xinerama \ -extension MIT-SHM \ +extension Composite +extension COMPOSITE \ +extension XTEST \ -dpms \ -s off \ -auth /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/Xauthority.server \ -nolisten tcp \ -screen 0 1980x1200x24 \ x11docker[16:57:23,744]: --init: Found tini binary: /usr/bin/docker-init DEBUGNOTE[16:57:23,771]: storeinfo(): tini=/usr/bin/docker-init DEBUGNOTE[16:57:23,788]: Users and terminal: x11docker was started by: debian As host user serves (running X, storing cache): debian Container user will be: debian Container user password: x11docker Getting permission to run backend with: eval Terminal for password frontend: bash -c Running in a terminal: no Running on console: yes Running over SSH: no Running sourced: no bash $-: hB x11docker WARNING: Option --newprivileges=yes: x11docker does not set docker run option --security-opt=no-new-privileges. That degrades container security. However, this is still within a default docker setup. DEBUGNOTE[16:57:23,799]: storeinfo(): containername=x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 DEBUGNOTE[16:57:26,455]: docker command: docker run --detach --tty \ --name x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 \ --user 1000:1000 \ --userns=host \ --security-opt label=type:container_runtime_t \ --volume '/usr/bin/docker-init':'/usr/local/bin/init':ro \ --tmpfs /run:exec --tmpfs /run/lock \ --volume '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share':'/x11docker':rw \ --volume '/home/debian/.local/share/x11docker/pccastor_v2tfhj_wallet':'/home/debian':rw \ --volume '/tmp/.X11-unix/X164':'/X164':rw \ --volume /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/pulseaudio.client.conf:/etc/pulse/client.conf:ro \ --workdir '/tmp' \ --entrypoint env \ --env 'container=docker' \ --env 'XAUTHORITY=/x11docker/Xauthority.client' \ --env 'DISPLAY=:164' \ --env 'PULSE_COOKIE=/x11docker/pulseaudio.cookie' \ --env 'PULSE_SERVER=unix:/x11docker/pulseaudio.socket' \ --env 'HOME=/home/debian' \ --env 'USER=debian' \ -- pccastor_v2tfhj_wallet:latest /usr/local/bin/init -- /bin/sh - /x11docker/containerrc x11docker[16:57:26,744]: Generated dockerrc: 1 #! /usr/bin/env bash 2 3 # dockerrc: 4 # This script runs as root (or member of group docker) on host. 5 # - inspect image 6 # - pull image if needed 7 # - create containerrc 8 # - set up systemd/elogind cgroup if needed 9 # - run window manager in container or from host if needed 10 11 trap '' SIGINT 12 13 askyesno () 14 { 15 local Choice; 16 read -t60 -n1 -p "(timeout after 60s assuming no) [Y|n]" Choice; 17 [ "$?" = '0' ] && { 18 [[ "$Choice" == [YyJj]* ]] || [ -z "$Choice" ] && return 0 19 }; 20 return 1 21 } 22 checkpid () 23 { 24 [ -e "/proc/${1:-NONSENSE}" ] 25 } 26 escapestring () 27 { 28 echo "${1:-}" | LC_ALL=C sed -e 's/[^a-zA-Z0-9,._+@=:/-]/\\&/g; ' 29 } 30 mysleep () 31 { 32 sleep "${1:-1}" 2> /dev/null || sleep 1 33 } 34 parse_inspect () 35 { 36 local Parserscript; 37 Parserscript="$Cachefolder/parse_inspect.py"; 38 Parserscript="#! $Pythonbin 39 $(cat << EOF 40 import json,sys 41 42 def parse_inspect(*args): 43 """ 44 parse output of docker|podman|nerdctl inspect 45 args: 46 0: ignored 47 1: string containing inspect output 48 2..n: json keys. For second level keys provide e.g. "Config","Cmd" 49 Prints key value as a string. 50 Prints empty string if key not found. 51 A list is printed as a string with '' around each element. 52 """ 53 54 output="" 55 inspect=args[1] 56 inspect=inspect.strip() 57 if inspect[0] == "[" : 58 inspect=inspect[1:-2] # remove enclosing [ ] 59 60 obj=json.loads(inspect) 61 62 for arg in args[2:]: # recursively find the desired object. Command.Cmd is found with args "Command" , "Cmd" 63 try: 64 obj=obj[arg] 65 except: 66 obj="" 67 68 objtype=str(type(obj)) 69 if "'list'" in objtype: 70 for i in obj: 71 output=output+"'"+str(i)+"' " 72 else: 73 output=str(obj) 74 75 if output == "None": 76 output="" 77 78 print(output) 79 80 parse_inspect(*sys.argv) 81 EOF 82 )"; 83 echo "$Parserscript" | $Pythonbin - "$@" 84 } 85 pspid () 86 { 87 LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME' 88 } 89 rmcr () 90 { 91 case "${1:-}" in 92 "") 93 sed "s/$(printf "\r")//g" 94 ;; 95 *) 96 sed -i "s/$(printf "\r")//g" "${1:-}" 97 ;; 98 esac 99 } 100 rocknroll () 101 { 102 [ -s "$Timetosaygoodbyefile" ] && return 1; 103 [ -e "$Timetosaygoodbyefile" ] || return 1; 104 return 0 105 } 106 saygoodbye () 107 { 108 debugnote "time to say goodbye ($*)"; 109 [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> $Timetosaygoodbyefile; 110 [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> $Timetosaygoodbyefifo 111 } 112 storeinfo () 113 { 114 [ -e "$Storeinfofile" ] || return 1; 115 case "${1:-}" in 116 dump) 117 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 118 ;; 119 drop) 120 sed -i "/^${2:-}=/d" $Storeinfofile 121 ;; 122 test) 123 grep -q "^${2:-}=" $Storeinfofile 124 ;; 125 *) 126 debugnote "storeinfo(): ${1:-}"; 127 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 128 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 129 }; 130 echo "${1:-}" >> $Storeinfofile 131 ;; 132 esac 133 } 134 storepid () 135 { 136 case "${1:-}" in 137 dump) 138 grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1 139 ;; 140 test) 141 grep -q -w "${2:-}" "$Storepidfile" 142 ;; 143 *) 144 echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile"; 145 debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid ${1:-} ||:)" 146 ;; 147 esac 148 } 149 waitforlogentry () 150 { 151 local Startzeit Uhrzeit Dauer Count=0 Schlaf; 152 local Errorkeys="${4:-}"; 153 local Warten="${5:-60}"; 154 local Error=; 155 Startzeit="$(date +%s ||:)"; 156 Startzeit="${Startzeit:-0}"; 157 [ "$Warten" = "infinity" ] && Warten=32000; 158 debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename ${2:-})"; 159 while ! grep -q "${3:-}" < "${2:-}"; do 160 Count="$(( $Count + 1 ))"; 161 Uhrzeit="$(date +%s ||:)"; 162 Uhrzeit="${Uhrzeit:-0}"; 163 Dauer="$(( $Uhrzeit - $Startzeit ))"; 164 Schlaf="$(( $Count / 10 ))"; 165 [ "$Schlaf" = "0" ] && Schlaf="0.5"; 166 mysleep "$Schlaf"; 167 [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename ${2:-})"; 168 [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename ${2:-}) 169 Last lines of $(basename ${2:-}): 170 $(tail "${2:-}")"; 171 [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile. 172 Last lines of logfile $(basename ${2:-}): 173 $(tail "${2:-}")"; 174 rocknroll || { 175 debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal."; 176 Error=1; 177 break 178 }; 179 done; 180 [ "$Error" ] && return 1; 181 debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-})."; 182 return 0 183 } 184 185 warning() { 186 echo "$*:WARNING" | sed "s/\$/ /" >>$Messagefile 187 } 188 note() { 189 echo "$*:NOTE" | sed "s/\$/ /" >>$Messagefile 190 } 191 verbose() { 192 echo "$*:VERBOSE" | sed "s/\$/ /" >>$Messagefile 193 } 194 debugnote() { 195 echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 196 } 197 error() { 198 echo "$*:ERROR" | sed "s/\$/ /" >>$Messagefile 199 exit 64 200 } 201 stdout() { 202 echo "$*:STDOUT" | sed "s/\$/ /" >>$Messagefile 203 } 204 205 Cachefolder='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960' 206 Containercommand="" 207 Imagename="pccastor_v2tfhj_wallet:latest" 208 Messagefile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/message.fifo' 209 Newxenv=' DISPLAY=:164 XAUTHORITY=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X164 XDG_RUNTIME_DIR=/run/user/1000' 210 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games' 211 Pythonbin='/usr/bin/python' 212 Storeinfofile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/store.info' 213 Storepidfile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/store.pids' 214 Timetosaygoodbyefile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/timetosaygoodbye' 215 Timetosaygoodbyefifo='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/timetosaygoodbye.fifo' 216 Xserver='--xvfb' 217 Workdir='' 218 219 Containerarchitecture= 220 Containerid= 221 Containerip= 222 Dockerlogspid='' 223 Exec= 224 Entrypoint= 225 Failure= 226 Imagepull= 227 Imageuser= 228 Inspect= 229 Line= 230 Pid1pid= 231 Runtime= 232 Signal= 233 debugnote 'Running dockerrc: Setup as root or as user docker on host.' 234 235 236 # Check whether docker daemon is running, get docker info 237 docker info >>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/docker.info 2>>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log || { 238 error "'docker info' failed. 239 If using docker: Is docker daemon running at all? 240 Try to start docker daemon with 'systemctl start docker'. 241 Last lines of log: 242 $(rmcr < '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log' | tail)" 243 } 244 245 # Check default runtime 246 Runtime="$( { grep 'Default Runtime' < '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/docker.info' ||: ;} | awk '{print $3}' )" 247 [ -n "$Runtime" ] && { 248 debugnote "dockerrc: Found default container Runtime: $Runtime" 249 debugnote "dockerrc: All $(grep 'Runtimes' < '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/docker.info' ||: )" 250 [ "$Runtime" != '' ] && { 251 case $Runtime in 252 kata-runtime) warning 'Found default container runtime kata-runtime. 253 Please run x11docker with --runtime=kata-runtime to avoid issues.' ;; 254 nvidia) [ 'no' = 'yes' ] && warning 'Option --gpu: Found default container runtime nvidia. 255 Please run x11docker with --runtime=nvidia to avoid issues.' ;; 256 runc|crun|oci) ;; 257 *) note "Found unknown container runtime: $Runtime 258 Please report at: https://github.com/mviereck/x11docker" ;; 259 esac 260 } 261 } 262 Runtime='UNDECLARED_RUNTIME' 263 debugnote "dockerrc: Container Runtime: $Runtime" 264 storeinfo "runtime=$Runtime" 265 266 # Refresh images.list for x11docker-gui 267 docker images 2>>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log | grep -v REPOSITORY | awk '{print $1 ":" $2}' >>/home/debian/.cache/x11docker/docker.imagelist.sort 268 rmcr /home/debian/.cache/x11docker/docker.imagelist.sort 269 while read -r Line ; do 270 grep -q "" <<<$Line || echo $Line >> /home/debian/.cache/x11docker/docker.imagelist 271 done < <(sort < /home/debian/.cache/x11docker/docker.imagelist.sort) 272 rm /home/debian/.cache/x11docker/docker.imagelist.sort 273 274 # Check if image pccastor_v2tfhj_wallet:latest is available locally 275 Imagepull=no 276 277 rocknroll || exit 64 278 279 [ "$Imagepull" = 'yes' ] && { 280 note "Pulling image 'pccastor_v2tfhj_wallet:latest' from docker hub" 281 env DISPLAY='' DBUS_SESSION_BUS_ADDRESS='unix:path=/run/user/1000/bus' bash -c "notify-send 'x11docker: Pulling image pccastor_v2tfhj_wallet:latest'" 2>/dev/null & 282 docker pull pccastor_v2tfhj_wallet:latest 1>&2 || error "Pulling image 'pccastor_v2tfhj_wallet:latest' seems to have failed!" 283 } 284 285 rocknroll || exit 64 286 287 Inspect="$(docker inspect pccastor_v2tfhj_wallet:latest)" 288 # Check architecture 289 Containerarchitecture=$(parse_inspect "$Inspect" "Architecture") 290 debugnote "dockerrc: Image architecture: $Containerarchitecture" 291 # Check CMD 292 [ -z "$Containercommand" ] && { 293 # extract image command from image if not given on cli 294 Containercommand="$(parse_inspect "$Inspect" "Config" "Cmd")" 295 debugnote "dockerrc: Image CMD: $Containercommand" 296 echo "$Containercommand" | grep -q /x11docker/containerrc && error 'Recursion error: Found CMD /x11docker/containerrc in image. 297 Did you use 'docker commit' with an x11docker container? 298 Please build new images with a Dockerfile instead of using docker commit, 299 or provide a different container command.' 300 } 301 302 # Check USER 303 Imageuser="$(parse_inspect "$Inspect" "Config" "User")" 304 debugnote "dockerrc: Image USER: $Imageuser" 305 [ "$Imageuser" ] && note "Found 'USER $Imageuser' in image. 306 If you want to run with user $Imageuser instead of host user debian, 307 than run with --user=RETAIN." 308 storeinfo containeruser="debian" 309 310 # Check ENTRYPOINT 311 Entrypoint="$(parse_inspect "$Inspect" "Config" "Entrypoint")" 312 debugnote "dockerrc: Image ENTRYPOINT: $Entrypoint" 313 echo "$Entrypoint" | grep -qE 'tini|init|systemd' && { 314 note "There seems to be an init system in ENTRYPOINT of image: 315 $Entrypoint 316 Will disable it as x11docker already runs an init with option --tini. 317 To allow this ENTRYPOINT, run x11docker with option --init=none." 318 Entrypoint= 319 } 320 321 # Check WORKDIR 322 Workdir="$(parse_inspect "$Inspect" "Config" "Workdir")" 323 debugnote "dockerrc: Image WORKDIR: $Workdir" 324 [ "$Workdir" ] && note "Found 'WORKDIR $Workdir' in image. 325 You can change it with option --workdir=DIR." 326 327 [ -z "$Containercommand$Entrypoint" ] && error 'No container command specified and no CMD or ENTRYPOINT found in image.' 328 329 ######## Create containerrc ######## 330 331 { echo '#! /bin/sh' 332 echo '' 333 echo '# containerrc' 334 echo '# Created startscript for docker run used as container command.' 335 echo '# Runs as unprivileged user in container.' 336 echo '' 337 echo 'exec >>/x11docker/container.log 2>&1' 338 echo '' 339 echo 'mysleep () 340 { 341 sleep "${1:-1}" 2> /dev/null || sleep 1 342 }' 343 echo 'rocknroll () 344 { 345 [ -s "$Timetosaygoodbyefile" ] && return 1; 346 [ -e "$Timetosaygoodbyefile" ] || return 1; 347 return 0 348 }' 349 echo 'saygoodbye () 350 { 351 debugnote "time to say goodbye ($*)"; 352 [ -e "$Timetosaygoodbyefile" ] && echo timetosaygoodbye >> $Timetosaygoodbyefile; 353 [ -e "$Timetosaygoodbyefifo" ] && echo timetosaygoodbye >> $Timetosaygoodbyefifo 354 }' 355 echo 'storeinfo () 356 { 357 [ -e "$Storeinfofile" ] || return 1; 358 case "${1:-}" in 359 dump) 360 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 361 ;; 362 drop) 363 sed -i "/^${2:-}=/d" $Storeinfofile 364 ;; 365 test) 366 grep -q "^${2:-}=" $Storeinfofile 367 ;; 368 *) 369 debugnote "storeinfo(): ${1:-}"; 370 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 371 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 372 }; 373 echo "${1:-}" >> $Storeinfofile 374 ;; 375 esac 376 }' 377 echo 'waitforlogentry () 378 { 379 local Startzeit Uhrzeit Dauer Count=0 Schlaf; 380 local Errorkeys="${4:-}"; 381 local Warten="${5:-60}"; 382 local Error=; 383 Startzeit="$(date +%s ||:)"; 384 Startzeit="${Startzeit:-0}"; 385 [ "$Warten" = "infinity" ] && Warten=32000; 386 debugnote "waitforlogentry(): ${1:-}: Waiting for logentry \"${3:-}\" in $(basename ${2:-})"; 387 while ! grep -q "${3:-}" < "${2:-}"; do 388 Count="$(( $Count + 1 ))"; 389 Uhrzeit="$(date +%s ||:)"; 390 Uhrzeit="${Uhrzeit:-0}"; 391 Dauer="$(( $Uhrzeit - $Startzeit ))"; 392 Schlaf="$(( $Count / 10 ))"; 393 [ "$Schlaf" = "0" ] && Schlaf="0.5"; 394 mysleep "$Schlaf"; 395 [ "$Dauer" -gt "10" ] && debugnote "waitforlogentry(): ${1:-}: Waiting since ${Dauer}s for log entry \"${3:-}\" in $(basename ${2:-})"; 396 [ "$Dauer" -gt "$Warten" ] && error "waitforlogentry(): ${1:-}: Timeout waiting for entry \"${3:-}\" in $(basename ${2:-}) 397 Last lines of $(basename ${2:-}): 398 $(tail "${2:-}")"; 399 [ "$Errorkeys" ] && grep -i -q -E "$Errorkeys" < "${2:-}" && error "waitforlogentry(): ${1:-}: Found error message in logfile. 400 Last lines of logfile $(basename ${2:-}): 401 $(tail "${2:-}")"; 402 rocknroll || { 403 debugnote "waitforlogentry(): ${1:-}: Stopped waiting for ${3:-} in $(basename ${2:-}) due to terminating signal."; 404 Error=1; 405 break 406 }; 407 done; 408 [ "$Error" ] && return 1; 409 debugnote "waitforlogentry(): ${1:-}: Found log entry \"${3:-}\" in $(basename ${2:-})."; 410 return 0 411 }' 412 echo ' 413 warning() { 414 echo "$*:WARNING" | sed "s/\$/ /" >>$Messagefile 415 } 416 note() { 417 echo "$*:NOTE" | sed "s/\$/ /" >>$Messagefile 418 } 419 verbose() { 420 echo "$*:VERBOSE" | sed "s/\$/ /" >>$Messagefile 421 } 422 debugnote() { 423 echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 424 } 425 error() { 426 echo "$*:ERROR" | sed "s/\$/ /" >>$Messagefile 427 exit 64 428 } 429 stdout() { 430 echo "$*:STDOUT" | sed "s/\$/ /" >>$Messagefile 431 }' 432 echo 'Messagefile=/x11docker/message.fifo' 433 echo 'Storeinfofile=/x11docker/store.info' 434 echo 'Timetosaygoodbyefile=/x11docker/timetosaygoodbye' 435 echo '' 436 echo 'waitforlogentry containerrc $Storeinfofile containerrootrc=ready infinity' 437 echo 'debugnote "Running containerrc: Unprivileged user commands in container"' 438 echo '' 439 echo "Containercommand=\"$Containercommand\"" 440 echo "Entrypoint=\"$Entrypoint\"" 441 echo '' 442 echo 'verbose "containerrc: Container system:' 443 echo '$(cat /etc/os-release 2>&1 ||:)"' 444 echo '' 445 } >> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/containerrc 446 { 447 echo '' 448 echo '# USER and HOME' 449 echo 'Containeruser="$(storeinfo dump containeruser)"' 450 echo 'Containeruserhome="/home/debian"' 451 echo 'export USER="$Containeruser"' 452 echo '[ "$Containeruserhome" ] && {' 453 echo ' export HOME="$Containeruserhome"' 454 echo '}' 455 echo '' 456 echo '# XDG_RUNTIME_DIR' 457 echo 'Containeruseruid=$(id -u $Containeruser)' 458 echo 'export XDG_RUNTIME_DIR=/tmp/XDG_RUNTIME_DIR' 459 echo '[ -e /run/user/$Containeruseruid ] && ln -s /run/user/$Containeruseruid $XDG_RUNTIME_DIR || mkdir -p -m700 $XDG_RUNTIME_DIR' 460 echo '' 461 echo '# Copy files from /etc/skel into empty HOME' 462 echo '[ -d "$HOME" ] && {' 463 echo ' [ -d /etc/skel ] && [ -z "$(ls -A "$Containeruserhome" 2>/dev/null | grep -v -E "gnupg")" ] && {' 464 echo ' debugnote "containerrc: HOME is empty. Copying from /etc/skel"' 465 echo ' cp -n -R /etc/skel/. $Containeruserhome' 466 echo ' :' 467 echo ' } || {' 468 echo ' debugnote "containerrc: HOME is not empty. Not copying from /etc/skel"' 469 echo ' }' 470 echo '}' 471 echo '' 472 echo '# Create softlink to X unix socket' 473 echo '[ -e /tmp/.X11-unix/X164 ] || ln -s /X164 /tmp/.X11-unix' 474 echo '' 475 echo 'unset WAYLAND_DISPLAY' 476 echo '' 477 echo 'export XDG_SESSION_TYPE=x11' 478 echo '' 479 echo '' 480 echo 'export TERM=xterm' 481 echo 'storeinfo test locale && export LANG="$(storeinfo dump locale)"' 482 echo '[ -e "/usr/share/zoneinfo/UCT" ] || export TZ=UTC-00' 483 echo '[ "$(date -Ihours)" != "2022-03-04T16+00:00" ] && export TZ=UTC-00' 484 echo '[ "$DEBIAN_FRONTEND" = noninteractive ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND' 485 echo '[ "$DEBIAN_FRONTEND" = newt ] && unset DEBIAN_FRONTEND && export DEBIAN_FRONTEND' 486 echo '# container environment (--env)' 487 echo "export 'container=docker'" 488 echo "export 'XAUTHORITY=/x11docker/Xauthority.client'" 489 echo "export 'DISPLAY=:164'" 490 echo "export 'PULSE_COOKIE=/x11docker/pulseaudio.cookie'" 491 echo "export 'PULSE_SERVER=unix:/x11docker/pulseaudio.socket'" 492 echo "export 'HOME=/home/debian'" 493 echo "export 'USER=debian'" 494 echo '' 495 echo '[ -d "$HOME" ] && cd "$HOME"' 496 [ "$Workdir" ] && echo "[ -d \"$Workdir\" ] && cd \"$Workdir\" # WORKDIR in image" 497 echo '' 498 echo '' 499 echo 'env >> /x11docker/container.environment' 500 echo 'verbose "Container environment:' 501 echo '$(env | sort)"' 502 echo '' 503 echo 'tail -f /x11docker/stdout 2>/dev/null &' 504 echo 'tail -f /x11docker/stderr >&2 2>/dev/null &' 505 echo "exec \$Dbus sh /x11docker/cmdrc >>/x11docker/stdout 2>>/x11docker/stderr" 506 } >> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/containerrc 507 ######## End of containerrc ######## 508 509 # Write containerrc into x11docker.log 510 nl -ba >> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/x11docker.log < /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/containerrc 511 512 ######## Create cmdrc ######## 513 { echo '#! /bin/sh' 514 echo '# Created startscript for cmdrc containing final container command' 515 echo '' 516 echo 'storeinfo () 517 { 518 [ -e "$Storeinfofile" ] || return 1; 519 case "${1:-}" in 520 dump) 521 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 522 ;; 523 drop) 524 sed -i "/^${2:-}=/d" $Storeinfofile 525 ;; 526 test) 527 grep -q "^${2:-}=" $Storeinfofile 528 ;; 529 *) 530 debugnote "storeinfo(): ${1:-}"; 531 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 532 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 533 }; 534 echo "${1:-}" >> $Storeinfofile 535 ;; 536 esac 537 }' 538 echo ' 539 warning() { 540 echo "$*:WARNING" | sed "s/\$/ /" >>$Messagefile 541 } 542 note() { 543 echo "$*:NOTE" | sed "s/\$/ /" >>$Messagefile 544 } 545 verbose() { 546 echo "$*:VERBOSE" | sed "s/\$/ /" >>$Messagefile 547 } 548 debugnote() { 549 echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 550 } 551 error() { 552 echo "$*:ERROR" | sed "s/\$/ /" >>$Messagefile 553 exit 64 554 } 555 stdout() { 556 echo "$*:STDOUT" | sed "s/\$/ /" >>$Messagefile 557 }' 558 echo 'Messagefile=/x11docker/message.fifo' 559 echo 'Storeinfofile="/x11docker/store.info"' 560 echo '' 561 echo "debugnote \"cmdrc: Running container command: 562 $Entrypoint $Containercommand 563 \"" 564 echo '' 565 echo "$Entrypoint $Containercommand " 566 echo "storeinfo cmdexitcode=\$?" 567 echo '' 568 echo '[ -h "$Homesoftlink" ] && rm $Homesoftlink' 569 } >> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/cmdrc 570 ######## End of cmdrc ######## 571 572 # Write cmdrc into x11docker.log 573 nl -ba >> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/x11docker.log < /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/cmdrc 574 575 # Send signal to run X and wait for X to be ready 576 storeinfo readyforX=ready 577 waitforlogentry 'dockerrc' /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/xinit.log 'xinitrc is ready' 'xinit: giving up|unable to connect to X server|Connection refused|server error|Only console users are allowed' 578 579 rocknroll || exit 64 580 581 #### run docker image #### 582 read Containerid < <(docker run --detach --tty \ 583 --name x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 \ 584 --user 1000:1000 \ 585 --userns=host \ 586 --security-opt label=type:container_runtime_t \ 587 --volume '/usr/bin/docker-init':'/usr/local/bin/init':ro \ 588 --tmpfs /run:exec --tmpfs /run/lock \ 589 --volume '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share':'/x11docker':rw \ 590 --volume '/home/debian/.local/share/x11docker/pccastor_v2tfhj_wallet':'/home/debian':rw \ 591 --volume '/tmp/.X11-unix/X164':'/X164':rw \ 592 --volume /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/pulseaudio.client.conf:/etc/pulse/client.conf:ro \ 593 --workdir '/tmp' \ 594 --entrypoint env \ 595 --env 'container=docker' \ 596 --env 'XAUTHORITY=/x11docker/Xauthority.client' \ 597 --env 'DISPLAY=:164' \ 598 --env 'PULSE_COOKIE=/x11docker/pulseaudio.cookie' \ 599 --env 'PULSE_SERVER=unix:/x11docker/pulseaudio.socket' \ 600 --env 'HOME=/home/debian' \ 601 --env 'USER=debian' \ 602 -- pccastor_v2tfhj_wallet:latest /usr/local/bin/init -- /bin/sh - /x11docker/containerrc 2>>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log | rmcr) 603 ########################## 604 605 606 [ "$Containerid" ] || { 607 error "Startup of docker failed. Did not receive a container ID. 608 609 Last lines of container log: 610 $(rmcr < /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log | tail)" 611 } 612 storeinfo containerid="$Containerid" 613 # Wait for container to be ready 614 for ((Count=1 ; Count<=40 ; Count++)); do 615 docker exec x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 sh -c : 2>&1 | rmcr >>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log && { debugnote 'dockerrc: Container is up and running.' ; break ; } || debugnote "dockerrc: Container not ready on $Count. attempt, trying again." 616 rocknroll || exit 64 617 mysleep 0.1 618 done 619 620 # Wait for pid 1 in container 621 for ((Count=1 ; Count<=40 ; Count++)); do 622 Inspect="$(docker inspect x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 2>>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log | rmcr)" 623 [ "$Inspect" != "[]" ] && Pid1pid="$(parse_inspect "$Inspect" "State" "Pid")" 624 debugnote "dockerrc: $Count. check for PID 1: $Pid1pid" 625 checkpid "$Pid1pid" && break 626 rocknroll || exit 64 627 mysleep 0.1 628 done 629 [ "$Pid1pid" = "0" ] && Pid1pid="" 630 [ -z "$Pid1pid" ] && error "dockerrc(): Did not receive PID of PID1 in container. 631 Maybe the container immediately stopped for unknown reasons. 632 Just in case, check if host and image architecture are compatible: 633 Host architecture: amd64 (x86_64), image architecture: $Containerarchitecture. 634 Output of \"docker ps | grep x11docker\": 635 $(docker ps | grep x11docker) 636 637 Content of container log: 638 $(rmcr < /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log | uniq )" 639 storeinfo pid1pid="$Pid1pid" 640 641 # Get IP of container 642 Containerip="$(parse_inspect "$Inspect" "NetworkSettings" "IPAddress")" 643 storeinfo containerip=$Containerip 644 645 # Check log for startup failure 646 Failure="$(rmcr < /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log | grep -v grep | grep -E 'Error response from daemon|OCI runtime exec' ||:)" 647 [ "$Failure" ] && { 648 echo "$Failure" >>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log 649 error "Got error message from docker: 650 $Failure 651 652 Last lines of logfile: 653 $(tail /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log)" 654 } 655 656 debugnote 'dockerrc(): Starting containerrootrc with docker exec' 657 # copy containerrootrc inside of container to avoid possible noexec of host home. 658 docker exec x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 sh -c 'cp /x11docker/containerrootrc /tmp/containerrootrc ; chmod 644 /tmp/containerrootrc' 2>&1 | rmcr >>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log 659 # run container root setup. containerrc will wait until setup script is ready. 660 docker exec -u root x11docker_X164_pccastor_v2tfhj_wallet-latest_13039525960 /bin/sh /tmp/containerrootrc 2>&1 | rmcr >>/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log 661 662 storeinfo dockerrc=ready 663 664 [ "$Containerid" ] && { 665 # wait for signal of finish() 666 read Signal > /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log 2>&1 & 669 [ "$Dockerlogspid" ] && kill $Dockerlogspid >> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/container.log 2>&1 & 670 } 671 } & storepid $! dockerstopshell 672 exit 0 x11docker[16:57:26,867]: Generated containerrootrc: 1 #! /bin/sh 2 3 # containerrootrc 4 # This Script is executed as root in container. 5 # - Create container user 6 # - Time zone 7 # - Install NVIDIA driver if requested 8 # - Set up init system services and DBus for --init=systemd|openrc|runit|sysvinit 9 10 # redirect output to have it available before 'docker logs' starts. --init=runit (void) would eat up the output at all for unknown reasons. 11 exec 1>>/x11docker/container.log 2>&1 12 13 storeinfo () 14 { 15 [ -e "$Storeinfofile" ] || return 1; 16 case "${1:-}" in 17 dump) 18 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 19 ;; 20 drop) 21 sed -i "/^${2:-}=/d" $Storeinfofile 22 ;; 23 test) 24 grep -q "^${2:-}=" $Storeinfofile 25 ;; 26 *) 27 debugnote "storeinfo(): ${1:-}"; 28 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 29 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 30 }; 31 echo "${1:-}" >> $Storeinfofile 32 ;; 33 esac 34 } 35 rocknroll () 36 { 37 [ -s "$Timetosaygoodbyefile" ] && return 1; 38 [ -e "$Timetosaygoodbyefile" ] || return 1; 39 return 0 40 } 41 42 warning() { 43 echo "$*:WARNING" | sed "s/\$/ /" >>$Messagefile 44 } 45 note() { 46 echo "$*:NOTE" | sed "s/\$/ /" >>$Messagefile 47 } 48 verbose() { 49 echo "$*:VERBOSE" | sed "s/\$/ /" >>$Messagefile 50 } 51 debugnote() { 52 echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 53 } 54 error() { 55 echo "$*:ERROR" | sed "s/\$/ /" >>$Messagefile 56 exit 64 57 } 58 stdout() { 59 echo "$*:STDOUT" | sed "s/\$/ /" >>$Messagefile 60 } 61 Messagefile=/x11docker/message.fifo 62 Storeinfofile='/x11docker/store.info' 63 Timetosaygoodbyefile=/x11docker/timetosaygoodbye 64 65 debugnote 'Running containerrootrc: Setup as root in container' 66 67 Error='' 68 for Line in cat chmod chown cut cd cp date echo env export grep id ln ls mkdir mv printf rm sed sh sleep tail touch; do 69 command -v "$Line" || { 70 warning "ERROR: Command not found in image: $Line" 71 Error=1 72 } 73 done 74 [ "$Error" ] && error 'Commands for container setup missing in image. 75 You can try with option --no-setup to avoid this error.' 76 77 # Check type of libc 78 ldd --version 2>&1 | grep -q 'musl libc' && Containerlibc='musl' 79 ldd --version 2>&1 | grep -q -E 'GLIBC|GNU libc' && Containerlibc='glibc' 80 debugnote "containerrootrc: Container libc: $Containerlibc" 81 82 # Prepare X environment 83 # Create some system dirs with needed permissions 84 mkdir -v -p /var/lib/dbus /var/run/dbus 85 mkdir -v -p -m 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix 86 chmod -c 1777 /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix 87 export DISPLAY=:164 XAUTHORITY=/x11docker/Xauthority.client 88 89 # workaround: autostart of xrandr for some desktops like deepin, cinnamon and gnome to fix wrong autoresize 90 echo '#! /bin/sh 91 Output=$(xrandr | grep ' connected' | cut -d" " -f1) 92 Mode=1980x1200 93 xrandr --output $Output --mode $Mode\n' > /usr/local/bin/x11docker-xrandr 94 chmod +x /usr/local/bin/x11docker-xrandr 95 mkdir -p /etc/xdg/autostart 96 echo '[Desktop Entry] 97 Encoding=UTF-8 98 Version=0.9.4 99 Type=Application 100 Name=x11docker-xrandr 101 Comment= 102 Exec=/usr/local/bin/x11docker-xrandr 103 ' > /etc/xdg/autostart/x11docker-xrandr.desktop 104 105 # Time zone 106 [ ! -d /usr/share/zoneinfo ] && [ "$Containerlibc" = "glibc" ] && { 107 mkdir -p /usr/share/zoneinfo 108 cp '/x11docker/libc.localtime' '/usr/share/zoneinfo/UCT' 109 } 110 [ -e '/usr/share/zoneinfo/UCT' ] && ln -f -s '/usr/share/zoneinfo/UCT' /etc/localtime 111 112 # Container system 113 Containersystem="$(grep '^ID=' /etc/os-release 2>/dev/null | cut -d= -f2 || echo 'unknown')" 114 verbose "Container system ID: $Containersystem" 115 116 # Environment variables 117 export 'container=docker' 118 export 'XAUTHORITY=/x11docker/Xauthority.client' 119 export 'DISPLAY=:164' 120 export 'PULSE_COOKIE=/x11docker/pulseaudio.cookie' 121 export 'PULSE_SERVER=unix:/x11docker/pulseaudio.socket' 122 export 'HOME=/home/debian' 123 export 'USER=debian' 124 125 # Check container user 126 Containeruser="$(storeinfo dump containeruser)" 127 Containeruser="${Containeruser:-debian}" 128 129 Containeruserhome='/home/debian' 130 # Create user entry in /etc/passwd (and delete possibly existing same uid) 131 cat /etc/passwd | grep -v ':1000:' > /tmp/passwd 132 133 # Disable possible /etc/shadow passwords for other users 134 sed -i 's%:x:%:-:%' /tmp/passwd 135 bash --version >/dev/null 2>&1 && Containerusershell=/bin/bash || Containerusershell=/bin/sh 136 Containeruserentry="debian:x:1000:1000:debian,,,:/home/debian:$Containerusershell" 137 debugnote "containerrootrc: $Containeruserentry" 138 echo "$Containeruserentry" >> /tmp/passwd 139 140 rm /etc/passwd 141 mv /tmp/passwd /etc/passwd || warning 'Unable to change /etc/passwd. That may be a security risk.' 142 143 # Create password entry for container user in /etc/shadow 144 rm -v /etc/shadow || warning 'Cannot change /etc/shadow. That may be a security risk.' 145 echo "debian:sac19FwGGTx/A:17293:0:99999:7:::" > /etc/shadow 146 echo 'root:*:17219:0:99999:7:::' >> /etc/shadow 147 chmod 640 /etc/shadow # can fail depending on available capabilities 148 149 # Create user group entry (and delete possibly existing same gid) 150 cat /etc/group | grep -v ':1000:' > /tmp/group 151 echo "debian:x:1000:" >> /tmp/group 152 mv /tmp/group /etc/group 153 154 # Create /etc/sudoers, delete /etc/sudoers.d. Overwrite possible sudo setups in image. 155 [ -e /etc/sudoers.d ] && rm -v -R /etc/sudoers.d 156 [ -e /etc/sudoers ] && rm -v /etc/sudoers 157 echo '# /etc/sudoers created by x11docker' > /etc/sudoers 158 echo 'Defaults env_reset' >> /etc/sudoers 159 echo 'root ALL=(ALL) ALL' >> /etc/sudoers 160 161 # Restrict PAM configuration of su and sudo 162 mkdir -p /etc/pam.d 163 [ -e /etc/pam.d/sudo ] && rm -v /etc/pam.d/sudo 164 case "$Containersystem" in 165 fedora) 166 echo '#%PAM-1.0' > /etc/pam.d/su 167 echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su 168 echo 'account sufficient pam_succeed_if.so uid = 0 use_uid quiet' >> /etc/pam.d/su 169 echo 'session include system-auth' >> /etc/pam.d/su 170 ;; 171 *) 172 echo '#%PAM-1.0' > /etc/pam.d/su 173 echo 'auth sufficient pam_rootok.so' >> /etc/pam.d/su # allow root to switch user without a password 174 echo '@include common-auth' >> /etc/pam.d/su 175 echo '@include common-account' >> /etc/pam.d/su 176 echo '@include common-session' >> /etc/pam.d/su 177 ;; 178 esac 179 180 # Set up container user groups 181 # Create HOME 182 [ -e "$Containeruserhome" ] || { 183 mkdir -v -p "$(dirname "$Containeruserhome")" 184 mkdir -v -m 777 "$Containeruserhome" 185 chown -v "$Containeruser":"$Containerusergroup" "$Containeruserhome" && chmod -v 755 "$Containeruserhome" # can fail depending on capabilities 186 } 187 ls -la $Containeruserhome 188 189 rocknroll || exit 64 190 191 192 # disable getty in inittab 193 [ -e /etc/inittab ] && sed -i 's/.*getty/##getty disabled by x11docker## \0/' /etc/inittab 194 195 196 rocknroll || exit 64 197 198 # --lang: Language locale 199 verbose "Searching for language locale matching fr" 200 Locales="$(locale -a)" 201 Langall="$(cat /usr/share/i18n/SUPPORTED | grep -E 'UTF-8|utf8' | cut -d' ' -f1 | cut -d. -f1 | cut -d@ -f1 | sort | uniq)" 202 Langland="$(echo fr | cut -d. -f1)" 203 Langcontainer='' 204 205 echo "$Langland" | grep -q '_' || { 206 Langland="$(echo $Langland | tr '[:upper:]' '[:lower:]')_$(echo $Langland | tr '[:lower:]' '[:upper:]')" 207 echo "$Langall" | grep -q "$Langland" || { 208 echo "$Langall" | grep -i -q "fr" && { 209 Langland="$(echo "$Langall" | grep -i -m1 "fr")" 210 } 211 } 212 } 213 214 Langland="$(echo "$Langland" | cut -d_ -f1 | tr '[:upper:]' '[:lower:]')_$(echo "$Langland" | cut -d_ -f2 | tr '[:lower:]' '[:upper:]')" 215 216 echo "$Locales" | grep -q "$Langland.UTF-8" && Langcontainer="$Langland.UTF-8" 217 echo "$Locales" | grep -q "$Langland.utf8" && Langcontainer="$Langland.utf8" 218 219 [ -z "$Langcontainer" ] && { 220 [ -e /usr/share/i18n/SUPPORTED ] || note "Option --lang: /usr/share/i18n/SUPPORTED not found. 221 Please install package 'locales' in image (belongs to glibc). 222 Look here to find a package for your image system: 223 https://github.com/mviereck/x11docker/wiki/dependencies#dependencies-in-image" 224 225 Langcontainer="$Langland.utf8" 226 note "Option --lang: Generating language locale $Langcontainer". 227 228 command -v localedef >/dev/null || note 'Option --lang: Command localedef not found in image. 229 Need it for language locale creation. 230 Look here to find a package for your image system: 231 https://github.com/mviereck/x11docker/wiki/dependencies#dependencies-in-image' 232 localedef --verbose --force -i "$Langland" -f UTF-8 $Langcontainer || verbose "localedef exit code: $?" 233 234 locale -a | grep -q "$Langcontainer" || { 235 note "Option --lang: Generation of locale $Langcontainer failed." 236 Langcontainer='' 237 } 238 } || { 239 debugnote "Option --lang: Found locale in image: $Langcontainer" 240 } 241 242 [ "$Langcontainer" ] && { 243 storeinfo locale="$Langcontainer" 244 echo "LANG=$Langcontainer" > /etc/default/locale 245 } || note 'Option --lang: Desired locale for 'fr' not found and not generated.' 246 247 debugnote "Option --lang: Output of locale -a: 248 $(locale -a)" 249 250 rocknroll || exit 64 251 252 storeinfo containerrootrc=ready 253 x11docker[16:57:26,889]: Generated xinitrc: 1 #! /bin/sh 2 disable_xhost () 3 { 4 local Line=; 5 command -v xhost > /dev/null || { 6 warning "Command 'xhost' not found. 7 Can not check for possibly allowed network access to X. 8 Please install 'xhost'."; 9 return 1 10 }; 11 xhost 2>&1 | tail -n +2 /dev/stdin | while read -r Line; do 12 debugnote "xhost: Removing entry $Line"; 13 xhost -$Line; 14 done; 15 xhost -; 16 [ "$(xhost 2>&1 | wc -l)" -gt "1" ] && { 17 warning "Remaining xhost permissions found on display ${DISPLAY:-} 18 $(xhost 2>&1 )"; 19 return 1 20 }; 21 xhost 2>&1 | grep "access control disabled" && { 22 warning "Failed to restrict xhost permissions. 23 Access to display ${DISPLAY:-} is allowed for everyone."; 24 return 1 25 }; 26 return 0 27 } 28 pspid () 29 { 30 LC_ALL=C ps -p "${1:-}" 2> /dev/null | grep -v 'TIME' 31 } 32 rocknroll () 33 { 34 [ -s "$Timetosaygoodbyefile" ] && return 1; 35 [ -e "$Timetosaygoodbyefile" ] || return 1; 36 return 0 37 } 38 storeinfo () 39 { 40 [ -e "$Storeinfofile" ] || return 1; 41 case "${1:-}" in 42 dump) 43 grep "^${2:-}=" $Storeinfofile | sed "s/^${2:-}=//" 44 ;; 45 drop) 46 sed -i "/^${2:-}=/d" $Storeinfofile 47 ;; 48 test) 49 grep -q "^${2:-}=" $Storeinfofile 50 ;; 51 *) 52 debugnote "storeinfo(): ${1:-}"; 53 grep -q "^$(echo "${1:-}" | cut -d= -f1)=" $Storeinfofile && { 54 sed -i "/^$(echo "${1:-}" | cut -d= -f1)=/d" $Storeinfofile 55 }; 56 echo "${1:-}" >> $Storeinfofile 57 ;; 58 esac 59 } 60 storepid () 61 { 62 case "${1:-}" in 63 dump) 64 grep -w "${2:-}" "$Storepidfile" | cut -d' ' -f1 65 ;; 66 test) 67 grep -q -w "${2:-}" "$Storepidfile" 68 ;; 69 *) 70 echo "${1:-NOPID}" "${2:-NONAME}" >> "$Storepidfile"; 71 debugnote "storepid(): Stored pid '${1:-}' of '${2:-}': $(pspid ${1:-} ||:)" 72 ;; 73 esac 74 } 75 76 warning() { 77 echo "$*:WARNING" | sed "s/\$/ /" >>$Messagefile 78 } 79 note() { 80 echo "$*:NOTE" | sed "s/\$/ /" >>$Messagefile 81 } 82 verbose() { 83 echo "$*:VERBOSE" | sed "s/\$/ /" >>$Messagefile 84 } 85 debugnote() { 86 echo "$*:DEBUGNOTE" | sed "s/\$/ /" >>$Messagefile 87 } 88 error() { 89 echo "$*:ERROR" | sed "s/\$/ /" >>$Messagefile 90 exit 64 91 } 92 stdout() { 93 echo "$*:STDOUT" | sed "s/\$/ /" >>$Messagefile 94 } 95 getscreensize() { 96 CurrentXaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f1 )" 97 CurrentYaxis="$(xrandr | grep primary | cut -d' ' -f4 | cut -dx -f2 | cut -d+ -f1)" 98 } 99 checkscreensize() { 100 getscreensize 101 [ "$Xaxis" = "$CurrentXaxis" ] || return 1 102 [ "$Yaxis" = "$CurrentYaxis" ] || return 1 103 return 0 104 } 105 getprimary() { 106 xrandr | grep -q primary || xrandr --output $(xrandr | grep ' connected' | head -n1 | cut -d' ' -f1) --primary 107 echo $(xrandr | grep primary | cut -d' ' -f1) 108 } 109 110 Messagefile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/message.fifo' 111 Output="$(getprimary)" 112 Storeinfofile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/store.info' 113 Storepidfile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/store.pids' 114 Timetosaygoodbyefile='/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/timetosaygoodbye' 115 116 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games' 117 118 Cookie='' 119 Line='' 120 Var='' 121 122 debugnote 'Running xinitrc' 123 124 export DISPLAY=:164 XAUTHORITY=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client XSOCKET=/tmp/.X11-unix/X164 XDG_RUNTIME_DIR=/run/user/1000 125 # background color 126 xsetroot -solid '#7F7F7F' 2>/dev/null 127 128 # create new XAUTHORITY cookies 129 :> /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client 130 131 echo 'Requesting trusted cookie from X server' 132 xauth -v -i -f /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client generate :164 . trusted timeout 3600 133 134 [ -s '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client' ] || { 135 [ 'trusted' = 'untrusted' ] && note 'Could not create untrusted cookie. 136 Maybe your X server misses extension SECURITY.' 137 } 138 [ -s '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client' ] || { 139 # still no cookie? try to create one without extension security 140 debugnote 'xinitrc: Failed to retrieve trusted cookie from X server. Will bake one myself.' 141 echo 'Failed to retrieve trusted cookie from X server. Will bake one myself.' 142 xauth -v -i -f /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client add :164 . d501e67e89a378a7d453922b9b7e8694 143 ls -l /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client 144 } 145 146 # Prepare cookie with localhost identification disabled by ffff, needed if X socket is shared. ffff means 'familiy wild' 147 Cookie="$(xauth -i -f /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client nlist | sed -e 's/^..../ffff/')" 148 echo "$Cookie" | xauth -v -i -f /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client nmerge - 149 150 debugnote "xinitrc: Created cookie: $(xauth -f /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client list 2>&1)" 151 ls -l /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client 152 cp /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/Xauthority.server 153 chmod 644 /home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client 154 155 [ -s '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client' ] || warning 'Cookie creation failed!' 156 export XAUTHORITY=/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client 157 [ 'yes' = 'no' ] || [ ! -s '/home/debian/.cache/x11docker/pccastor_v2tfhj_wallet-latest-13039525960/share/Xauthority.client' ] && unset XAUTHORITY && warning '--xvfb: X server :164 runs without cookie authentication.' 158 159 # clean xhost 160 verbose 'Disabling any possible access to new X server possibly granted by xhost' 161 disable_xhost 162 163 # Keyboard layout 164 165 # create set of different screen resolutions 166 xrandr --newmode "1984x1200" 199.25 1984 2120 2328 2672 1200 1203 1213 1245 -hsync +vsync 167 xrandr --addmode $Output "1984x1200" 168 while read Line; do 169 Line="$(echo "$Line" | sed 's/Modeline//g')" 170 Line="$(echo "$Line" | sed 's/"//g')" 171 xrandr --newmode $Line 2>/dev/null 172 xrandr --addmode "$Output" $(echo $Line | cut -d' ' -f1) 2>/dev/null 173 done < "/home/debian/.cache/x11docker/modelines.1980x1200" 174 175 176 verbose "Output of xrandr on :164 177 $(xrandr)" 178 179 echo 'xinitrc: xinitrc is ready' 180 storeinfo xinitrc=ready 181 182 # wait for the end 183 read Var