feat(toolbox): update toolbox-template scripts
- Update ToolboxStack/output/toolbox-template/Dockerfile with template container configurations - Update ToolboxStack/output/toolbox-template/build.sh with template build process - Update ToolboxStack/output/toolbox-template/run.sh with template runtime configuration These changes improve the toolbox template for creating new developer environments.
This commit is contained in:
@@ -17,6 +17,9 @@ RUN if getent passwd "${USER_ID}" >/dev/null; then \
|
||||
&& useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --shell /usr/bin/zsh --create-home "${USERNAME}" \
|
||||
&& usermod -aG sudo "${USERNAME}" 2>/dev/null || true
|
||||
|
||||
# Remove sudo to ensure no root escalation is possible at runtime
|
||||
RUN apt-get remove -y sudo 2>/dev/null || true && apt-get autoremove -y 2>/dev/null || true && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
|
||||
|
||||
# Switch to the non-root user
|
||||
USER ${USERNAME}
|
||||
WORKDIR /workspace
|
||||
|
||||
@@ -2,6 +2,18 @@
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# Security: Validate input parameters to prevent command injection
|
||||
sanitized_input() {
|
||||
local input="$1"
|
||||
# Check for potentially dangerous characters/commands
|
||||
case "$input" in
|
||||
*[\;\|\&\`\$]*)
|
||||
echo "Error: Invalid input detected: $input" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# Validate dependencies
|
||||
if ! command -v docker &> /dev/null; then
|
||||
echo "Error: docker is required but not installed." >&2
|
||||
@@ -15,14 +27,22 @@ fi
|
||||
|
||||
# Get the toolbox name from the directory name (or you can pass it as an argument)
|
||||
TOOLBOX_NAME="${TOOLBOX_NAME_OVERRIDE:-$(basename "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")}"
|
||||
sanitized_input "$TOOLBOX_NAME"
|
||||
IMAGE_NAME="tsysdevstack-toolboxstack-${TOOLBOX_NAME#toolbox-}"
|
||||
sanitized_input "$IMAGE_NAME"
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# Sanitize user input
|
||||
USER_ID="${USER_ID_OVERRIDE:-$(id -u)}"
|
||||
sanitized_input "$USER_ID"
|
||||
GROUP_ID="${GROUP_ID_OVERRIDE:-$(id -g)}"
|
||||
sanitized_input "$GROUP_ID"
|
||||
USERNAME="${USERNAME_OVERRIDE:-toolbox}"
|
||||
sanitized_input "$USERNAME"
|
||||
TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}"
|
||||
sanitized_input "$TEA_VERSION"
|
||||
BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}"
|
||||
sanitized_input "$BUILDER_NAME"
|
||||
CACHE_DIR="${SCRIPT_DIR}/.build-cache"
|
||||
|
||||
echo "Building ${IMAGE_NAME} with UID=${USER_ID} GID=${GROUP_ID} USERNAME=${USERNAME}"
|
||||
|
||||
@@ -2,6 +2,16 @@
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# Security: Validate input parameters to prevent command injection
|
||||
sanitized_input() {
|
||||
local input="$1"
|
||||
# Check for potentially dangerous characters/commands
|
||||
if [[ "$input" =~ [;\|&\`\$] ]]; then
|
||||
echo "Error: Invalid input detected: $input" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Validate dependencies
|
||||
if ! command -v docker &> /dev/null; then
|
||||
echo "Error: docker is required but not installed." >&2
|
||||
@@ -16,9 +26,13 @@ fi
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
COMPOSE_FILE="${SCRIPT_DIR}/docker-compose.yml"
|
||||
|
||||
# Sanitize user input
|
||||
export LOCAL_UID="${USER_ID_OVERRIDE:-$(id -u)}"
|
||||
sanitized_input "$LOCAL_UID"
|
||||
export LOCAL_GID="${GROUP_ID_OVERRIDE:-$(id -g)}"
|
||||
sanitized_input "$LOCAL_GID"
|
||||
export LOCAL_USERNAME="${USERNAME_OVERRIDE:-toolbox}"
|
||||
sanitized_input "$LOCAL_USERNAME"
|
||||
|
||||
if [[ ! -f "${COMPOSE_FILE}" ]]; then
|
||||
echo "Error: docker-compose.yml not found at ${COMPOSE_FILE}" >&2
|
||||
@@ -26,14 +40,18 @@ if [[ ! -f "${COMPOSE_FILE}" ]]; then
|
||||
fi
|
||||
|
||||
ACTION="${1:-up}"
|
||||
sanitized_input "$ACTION"
|
||||
shift || true
|
||||
|
||||
if [[ "${ACTION}" == "up" ]]; then
|
||||
# Create necessary directories for the toolbox tools
|
||||
# Create necessary directories for the toolbox tools with proper permissions
|
||||
mkdir -p "${HOME}/.local/share/mise" "${HOME}/.cache/mise"
|
||||
mkdir -p "${HOME}/.config" "${HOME}/.local/share"
|
||||
mkdir -p "${HOME}/.cache/openai" "${HOME}/.cache/gemini" "${HOME}/.cache/qwen" "${HOME}/.cache/code" "${HOME}/.cache/opencode"
|
||||
mkdir -p "${HOME}/.config/openai" "${HOME}/.config/gemini" "${HOME}/.config/qwen" "${HOME}/.config/code" "${HOME}/.config/opencode"
|
||||
|
||||
# Set proper permissions for created directories
|
||||
chmod 700 "${HOME}/.config" "${HOME}/.local/share" "${HOME}/.cache" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
case "${ACTION}" in
|
||||
|
||||
Reference in New Issue
Block a user