conlink 2.5.4 → 2.5.6

package/.github/workflows/push.yml

@@ -23,6 +23,11 @@ jobs:
         timeout-minutes: 5
         run: time node_modules/.bin/dctest --verbose-commands conlink-test $(ls -v test/test*.yaml)
 
+      - name: "show logs"
+        if: always()
+        run: |
+          docker compose -p conlink-test logs --no-color -t || true
+
       - name: Check --show-config and net2dot
         run: |
           cfg=$(./conlink --show-config --compose-file examples/test1-compose.yaml)
@@ -30,3 +35,74 @@ jobs:
           [ "${summary}" = "s1.s2.s3 h1.h2.h3.r0" ]
           dot=$(echo "${cfg}" | ./net2dot)
           [ $(echo "${dot}" | grep "r0.*eth" | wc -l) -ge 10 ]
+
+  # Decide if a release is necessary, do any release linting/checks
+  check-release:
+    needs: [ tests ]
+    name: Check Release
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '.')
+    outputs:
+      RELEASE_VERSION: ${{ steps.get-version.outputs.RELEASE_VERSION }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with: { submodules: 'recursive', fetch-depth: 0 }
+
+      - id: get-version
+        name: Get release version
+        run: |
+          echo "RELEASE_VERSION=$(jq -r .version package.json)" | tee "$GITHUB_ENV" | tee "$GITHUB_OUTPUT"
+
+      - name: Check git tag matches release version
+        run: |
+          [ "refs/tags/v${RELEASE_VERSION}" == "${{ github.ref }}" ]
+
+  release-npm:
+    needs: [ check-release ]
+    name: Release NPM
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with: { submodules: 'recursive', fetch-depth: 0 }
+
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+          scope: ''
+
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  release-docker-hub:
+    needs: [ check-release ]
+    name: Release Docker Hub
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_VERSION: ${{ needs.check-release.outputs.RELEASE_VERSION }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with: { submodules: 'recursive', fetch-depth: 0 }
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: lonocloud/conlink:${{ env.RELEASE_VERSION }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: lonocloud/conlink:latest

package/Dockerfile

@@ -1,4 +1,7 @@
-FROM node:16 AS build
+###
+### conlink build (ClojureScript)
+###
+FROM node:20 AS cljs-build
 
 RUN apt-get -y update && \
     apt-get -y install libpcap-dev default-jdk-headless
@@ -19,15 +22,47 @@ RUN cd /app && \
     shadow-cljs compile conlink && \
     chmod +x build/*.js
 
-FROM node:16-slim AS run
+###
+### Utilities build (Rust)
+###
+FROM rust:latest AS rust-build
+
+RUN rustup target add x86_64-unknown-linux-musl
+
+# musl-tools for static linking
+RUN apt-get update && apt-get install -y musl-tools
+
+WORKDIR /app/
+RUN mkdir -p src
+
+# Download and compile deps for rebuild efficiency
+#COPY Cargo.toml Cargo.lock ./
+COPY rust/Cargo.toml ./
+RUN echo "fn main() {}" > src/echo.rs
+RUN cargo build --release --target x86_64-unknown-linux-musl --bin echo
+RUN rm src/echo.rs # 1
+
+# Build the main program
+COPY rust/src/* src/
+RUN cargo build --release --target x86_64-unknown-linux-musl
+RUN cd /app/target/x86_64-unknown-linux-musl/release/ && cp -v wait copy echo /app/
+# Located at: ./target/x86_64-unknown-linux-musl/release/
+
+###
+### conlink runtime stage
+###
+FROM node:20-slim AS run
 
 RUN apt-get -y update
 # Runtime deps and utilities
 RUN apt-get -y install libpcap-dev tcpdump iproute2 iputils-ping curl \
-                       iptables bridge-utils ethtool jq \
+                       iptables bridge-utils ethtool jq netcat-openbsd socat \
                        openvswitch-switch openvswitch-testcontroller
 
-COPY --from=build /app/ /app/
+RUN mkdir -p /app /utils
+COPY --from=cljs-build /app/ /app/
+COPY --from=rust-build /app/wait /app/copy /app/echo /utils/
+ADD scripts/wait.sh scripts/copy.sh /utils/
 ADD link-add.sh link-del.sh link-mirred.sh link-forward.sh /app/
 ADD schema.yaml /app/build/
 

package/README.md

@@ -46,14 +46,14 @@ The [reference documentation](https://lonocloud.github.io/conlink/#/reference/ne
 contains the full list of configuration options. Be sure to also read [usage notes](https://lonocloud.github.io/conlink/#/usage-notes),
 which highlight some unique aspects of using conlink-provided networking.
 
-Conlink also includes scripts that make docker compose a much more
+Conlink also includes tools that make docker compose a much more
 powerful development and testing environment (refer to
-[Compose scripts](https://lonocloud.github.io/conlink/#/guides/compose-scripts) for
+[Compose Tools](https://lonocloud.github.io/conlink/#/guides/compose-tools) for
 details):
 
-* [mdc](https://lonocloud.github.io/conlink/#/guides/compose-scripts?id=mdc): modular management of multiple compose configurations
-* [wait.sh](https://lonocloud.github.io/conlink/#/guides/compose-scripts?id=waitsh): wait for network and file conditions before continuing
-* [copy.sh](https://lonocloud.github.io/conlink/#/guides/compose-scripts?id=copysh): recursively copy files with variable templating
+* [mdc](https://lonocloud.github.io/conlink/#/guides/compose-tools?id=mdc): modular management of multiple compose configurations
+* [wait](https://lonocloud.github.io/conlink/#/guides/compose-tools?id=wait): wait for network and file conditions before continuing
+* [copy](https://lonocloud.github.io/conlink/#/guides/compose-tools?id=copy): recursively copy files with variable templating
 
 ## Why conlink?
 

package/docs/_sidebar.md

@@ -4,6 +4,6 @@
 - **Reference**
   - [Network Configuration Syntax](/reference/network-configuration-syntax.md)
 - **Guides**
-  - [Compose Scripts](/guides/compose-scripts.md)
+  - [Compose Tools](/guides/compose-tools.md)
   - [Graphviz Rendering](/guides/graphviz-rendering.md)
   - [Examples](/guides/examples.md)

package/docs/guides/{compose-scripts.md → compose-tools.md}

@@ -1,11 +1,11 @@
-# Compose scripts
+# Compose Tools
 
-Conlink also includes scripts that make docker compose a much more
-powerful development and testing environment:
+Conlink includes some tools/programs that make docker compose a much
+more powerful development and testing environment:
 
 * `mdc` - modular management of multiple compose configurations
-* `wait.sh` - wait for network and file conditions before continuing
-* `copy.sh` - recursively copy files with variable templating
+* `wait` - wait for network and file conditions before continuing
+* `copy` - recursively copy files with variable templating
 
 ## mdc
 
@@ -47,8 +47,8 @@ of docker compose:
    `bar/svc1/files/etc/conf1`. When `mdc` is run this will result in
    the following two files: `.files/svc1/etc/conf1` and
    `.files/svc2/etc/conf2`. The content of `conf1` will come from the
-   "bar" mode because it is resolved second. The use of the `copy.sh`
-   script (described below) simplifies recursive file copying and also
+   "bar" mode because it is resolved second. The use of the `copy`
+   utils (described below) simplifies recursive file copying and also
    provides variable templating of copied files.
 4. **Set environment variables based on the selected modes/modules**.
    When `mdc` is run it will set the following special environment
@@ -82,49 +82,71 @@ directly merge `x-network` configuration from multiple compose files
 by passing the `COMPOSE_FILE` variable to the conlink `--compose-file`
 parameter (which supports a colon sperated list of compose files).
 
-## wait.sh
+## wait
 
-The dynamic event driven nature of conlink mean that interfaces may
+The dynamic event driven nature of conlink means that interfaces may
 appear after the container service code starts running (unlike plain
-docker container networking). For this reason, the `wait.sh` script is
+docker container networking). For this reason, the `wait` command is
 provided to simplify waiting for interfaces to appear (and other
-network conditions). Here is a compose file snippit that will wait for
-`eth0` to appear and for `eni1` to both appear and have an IP address
-assigned before running the startup command (after the `--`):
+network conditions).
+
+You can either use the shell script version at
+`conlink/scripts/wait.sh` or you can build and extract static Rust
+executables into the `conlink/utils/` directory by running this
+command:
+
+```
+USER_ID=$(id -u) GROUP_ID=$(id -g) \
+    docker compose -f conlink/test/utils-compose.yaml run --rm extract-utils
+```
+
+Here is a compose file snippit that will wait for `eth0` to appear and
+for `eni1` to both appear and have an IP address assigned before
+running the startup command (after the `--`):
 
 ```
 services:
   svc1:
     volumes:
-      - ./conlink/scripts:/scripts:ro
-    command: /scripts/wait.sh -i eth0 -I eni1 -- /start-cmd.sh arg1 arg2
+      - ./conlink/utils:/utils:ro
+    command: /utils/wait -i eth0 -I eni1 -- /start-cmd.sh arg1 arg2
 ```
 
 In addition to waiting for interfaces and address assignment,
-`wait.sh` can also wait for a file to appear (`-f FILE`), a remote TCP
+`wait` can also wait for a file to appear (`-f FILE`), a remote TCP
 port to become accessible (`-t HOST:PORT`), or run a command until it
 completes successfully (`-c COMMAND`).
 
 
-## copy.sh
+## copy
 
-One of the features of the `mdc` command is to collect directory
+One of the features of `mdc` is composing/combining directory
 hierarchies from mode/module directories into a single `.files/`
 directory at the top-level. The intended use of the merged directory
 hierarchy is to be merged into file-systems of running containers.
 However, simple volume mounts will replace entire directory
 hierarchies (and hide all prior files under the mount point). The
-`copy.sh` script is provided for easily merging/overlaying one
+`copy` command is provided for easily merging/overlaying one
 directory hierarchy onto another one. In addition, the `-T` option
 will also replace special `{{VAR}}` tokens in the files being copied
 with the value of the matching environment variable.
 
-Here is a compose file snippit that shows the use of `copy.sh` to
+You can either use the shell script version at
+`conlink/scripts/copy.sh` or you can build and extract static Rust
+executables into the `conlink/utils/` directory by running this
+command:
+
+```
+USER_ID=$(id -u) GROUP_ID=$(id -g) \
+    docker compose -f conlink/test/utils-compose.yaml run --rm extract-utils
+```
+
+Here is a compose file snippit that shows the use of `copy` to
 recursively copy/overlay the directory tree in `./.files/svc2` onto
 the container root file-system. In addition, due to the use of the
-`-T` option, the script will replace any occurence of the string
-`{{FOO}}` with the value of the `FOO` environment variable within any
-of the files that are copied:
+`-T` option, any occurence of the string
+`{{FOO}}` will be replaced with the value of the `FOO` environment
+variable within any of the files that are copied:
 
 ```
 services:
@@ -132,12 +154,13 @@ services:
     environment:
       - FOO=123
     volumes:
+      - ./conlink/utils:/utils:ro
       - ./.files/svc2:/files:ro
-    command: /scripts/copy.sh -T /files / -- /start-cmd.sh arg1 arg2
+    command: /utils/copy -T /files / -- /start-cmd.sh arg1 arg2
 ```
 
-Note that instances of `copy.sh` and `wait.sh` can be easily chained
+Note that instances of `copy` and `wait` can be easily chained
 together like this:
 ```
-/scripts/copy.sh -T /files / -- /scripts/wait.sh -i eth0 -- cmd args
+/utils/copy -T /files / -- /utils/wait -i eth0 -- cmd args
 ```

package/docs/guides/examples.md

@@ -393,3 +393,25 @@ docker-compose -f examples/test10-compose.yaml exec node1 ping 10.2.0.2
 docker-compose -f examples/test10-compose.yaml exec node2 ping 10.1.0.1
 
 ```
+
+## test11: copy/wait tools
+
+This example demonstrates the use of the `copy` and `wait` commands.
+The `copy` command recursively copies and templates files/directories.
+The `wait` command waits/blocks on certain file and network
+events/states. Refer to the guide for more information about these
+programs.
+
+Start the test11 compose configuration:
+
+```
+docker-compose -f examples/test11-compose.yaml up --build --force-recreate
+```
+
+The `webserver` service uses `copy` to populate and
+template a file hierarchy that it will serve. The `webserver` and
+`client` services both use `wait` to wait for conlink
+interfaces to be configured before continuing. Finally the `client`
+service also uses `wait` to probe the `webserver` until it accepts
+TCP connections on port 8080 before, and then it starts its main loop
+that repeatedly requests a templated file from the `webserver`.

package/examples/test11-compose.yaml

@@ -0,0 +1,48 @@
+x-network:
+  links:
+    - {service: webserver, bridge: ctl, dev: eth0, ip: 192.168.100.10/24}
+    - {service: client,    bridge: ctl, dev: eth0, ip: 192.168.100.20/24}
+
+x-hosts: &hosts
+  webserver: 192.168.100.10
+  client:    192.168.100.20
+
+x-service: &service-base
+  depends_on: {extract-utils: {condition: service_completed_successfully}}
+  image: python
+  network_mode: none
+  extra_hosts: { <<: *hosts }
+  volumes:
+    - ../utils:/utils:ro
+    - ../test:/test:ro
+
+services:
+  extract-utils:
+    build: {context: ../, dockerfile: Dockerfile}
+    user: ${USER_ID:-0}:${GROUP_ID:-0}
+    network_mode: none
+    volumes:
+      - ../utils:/conlink_utils
+    command: cp /utils/wait /utils/wait.sh /utils/copy /utils/copy.sh /utils/echo /conlink_utils/
+
+  webserver:
+    <<: *service-base
+    environment:
+      - VAL2=val2
+    working_dir: /tmp
+    command: /utils/copy -T /test /tmp -- /utils/wait -I eth0 -- python -m http.server 8080
+
+  client:
+    <<: *service-base
+    command: /utils/wait -I eth0 -t webserver:8080 -- sh -c 'while [ "val2" = $(curl -s webserver:8080/dir1/dir2/file2 | tee -a /var/log/test.log) ]; do sleep 5; done'
+
+  network:
+    build: {context: ../}
+    pid: host
+    network_mode: none
+    cap_add: [SYS_ADMIN, NET_ADMIN, SYS_NICE, NET_BROADCAST, IPC_LOCK]
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./:/test
+    command: /app/build/conlink.js --compose-file /test/test11-compose.yaml

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "conlink",
-  "version": "2.5.4",
+  "version": "2.5.6",
   "description": "conlink -  Declarative Low-Level Networking for Containers",
   "repository": "https://github.com/LonoCloud/conlink",
   "license": "SEE LICENSE IN LICENSE",

package/rust/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "conlink-utils"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+nix = "0.23"
+which = "4.4"
+anyhow = "1.0"
+clap = { version = "4.5", features = ["derive"] }
+walkdir = "2.3"
+regex = "1.5"
+
+[[bin]]
+name = "wait"
+path = "src/wait.rs"
+
+[[bin]]
+name = "copy"
+path = "src/copy.rs"
+
+[[bin]]
+name = "echo"
+path = "src/echo.rs"
+

package/rust/src/copy.rs

@@ -0,0 +1,109 @@
+// Copyright (c) 2024, Equinix, Inc
+// Licensed under MPL 2.0
+
+use anyhow::{Context, Result};
+use regex::Regex;
+use std::{
+    env,
+    fs::{self, File},
+    io::{Read, Write},
+    path::PathBuf,
+    process::Command,
+    os::unix::process::CommandExt,
+};
+use clap::Parser;
+
+#[derive(Debug, Parser)]
+#[command(name = "copy", about = "Recursively copy with optional templating")]
+struct Opt {
+    #[arg(short = 'T', long = "template",
+          help = "Enable variable substitution")]
+    template: bool,
+
+    #[arg(help = "Source directory")]
+    source: PathBuf,
+
+    #[arg(help = "Destination directory")]
+    destination: PathBuf,
+
+    #[arg(name = "COMMAND", last = true, allow_hyphen_values = true,
+          help = "Optional command to run after copy")]
+    command: Vec<String>,
+}
+
+fn main() -> Result<()> {
+    let opt = Opt::parse();
+
+    if !opt.source.is_dir() {
+        anyhow::bail!("Not a directory: '{}'", opt.source.display());
+    }
+    if !opt.destination.is_dir() {
+        anyhow::bail!("Not a directory: '{}'", opt.destination.display());
+    }
+
+    // Walk through source directory
+    for entry in walkdir::WalkDir::new(&opt.source)
+        .into_iter()
+        .filter_map(|e| e.ok())
+        .filter(|e| e.file_type().is_file())
+    {
+        let rel_path = entry
+            .path()
+            .strip_prefix(&opt.source)
+            .context("Failed to strip prefix")?;
+        let dst_path = opt.destination.join(rel_path);
+
+        // Create parent directories
+        if let Some(parent) = dst_path.parent() {
+            fs::create_dir_all(parent).context("Failed to create target directory")?;
+        }
+
+        // Get source permissions
+        let src_permissions = entry.metadata()?.permissions();
+
+        // Read source file
+        let mut content = String::new();
+        File::open(entry.path())?.read_to_string(&mut content)?;
+
+        println!("Copying '{}' to '{}'", entry.path().display(), dst_path.display());
+
+        // Process template if requested
+        if opt.template {
+            let re = Regex::new(r"\{\{([^}\s]+)\}\}")?;
+            for cap in re.captures_iter(&content.clone()) {
+                let var_name = &cap[1];
+                if let Ok(var_value) = env::var(var_name) {
+                    println!(r"Replacing '{{{{{}}}}}' with '{}' in '{}'",
+                             var_name, var_value, dst_path.display());
+                    content = content.replace(&format!(r"{{{{{}}}}}", var_name),
+                                              &var_value);
+                }
+            }
+        }
+
+        // Write content to destination
+        File::create(&dst_path)
+            .context("Failed to create destination file")?
+            .write_all(content.as_bytes())
+            .context("Failed to write file content")?;
+
+        // Set permissions to match source
+        fs::set_permissions(&dst_path, src_permissions)
+            .context("Failed to set permissions")?;
+    }
+
+    // Execute command if provided
+    if !opt.command.is_empty() {
+        if !which::which(&opt.command[0]).is_ok() {
+            eprintln!("Error: '{}' not found", opt.command[0]);
+            std::process::exit(1);
+        }
+        // Exec the command, replacing the current process
+        println!("Running: {:?}", opt.command);
+        Command::new(&opt.command[0])
+            .args(&opt.command[1..])
+            .exec();
+    }
+
+    Ok(())
+}

package/rust/src/echo.rs

@@ -0,0 +1,4 @@
+fn main() {
+    let args: Vec<String> = std::env::args().skip(1).collect();
+    println!("{}", args.join(" "));
+}

package/rust/src/wait.rs

@@ -0,0 +1,162 @@
+// Copyright (c) 2024, Equinix, Inc
+// Licensed under MPL 2.0
+
+use std::env;
+use std::time::Duration;
+use std::thread::sleep;
+use std::process::Command;
+use std::fs;
+use std::net::TcpStream;
+use std::os::unix::process::CommandExt;
+use std::io::Read;
+
+const USAGE: &str = "Usage: wait [OPTIONS] [-- COMMAND]
+
+Options:
+  -f, --file FILE          Wait until the specified file exists
+  -i, --if, --intf IFACE   Wait until the specified network interface exists
+  -I, --ip IFACE           Wait until the specified interface has IP/routing
+  -t, --tcp HOST:PORT      Wait until the specified TCP host:port is reachable
+  -c, --cmd COMMAND        Wait until the specified command succeeds
+  -s, --sleep SECONDS      Set the sleep duration between retries (default: 1)
+  --                       Separate wait options from the command to run";
+
+fn main() {
+    let mut args = env::args().skip(1); // Skip the program name
+    let mut sleep_duration = 1; // Default sleep duration
+
+    eprintln!("Starting wait...");
+
+    while let Some(arg) = args.next() {
+        match arg.as_str() {
+            "--" => {
+                // Collect the remaining arguments as the command to exec
+                let command = args.collect::<Vec<String>>();
+
+                if !command.is_empty() {
+                    if !which::which(&command[0]).is_ok() {
+                        eprintln!("Error: '{}' not found", command[0]);
+                        std::process::exit(1);
+                    }
+                    // Exec the command, replacing the current process
+                    println!("Running: {:?}", command);
+                    Command::new(&command[0])
+                        .args(&command[1..])
+                        .exec();
+                }
+                return; // If no command is provided after '--', exit
+            }
+            "-f" | "--file" => {
+                if let Some(file) = args.next() {
+                    wait_for_file(&file, sleep_duration);
+                } else {
+                    eprintln!("--file requires a file path argument");
+                    return;
+                }
+            }
+            "-i" | "--if" | "--intf" => {
+                if let Some(interface) = args.next() {
+                    wait_for_interface(&interface, sleep_duration);
+                } else {
+                    eprintln!("--if requires an interface name argument");
+                    return;
+                }
+            }
+            "-I" | "--ip" => {
+                if let Some(interface) = args.next() {
+                    wait_for_ip_routing(&interface, sleep_duration);
+                } else {
+                    eprintln!("--ip requires an interface name argument");
+                    return;
+                }
+            }
+            "-t" | "--tcp" => {
+                if let Some(tcp) = args.next() {
+                    let parts: Vec<&str> = tcp.split(':').collect();
+                    let host = parts[0];
+                    let port: u16 = parts[1].parse().expect("Invalid port number");
+                    wait_for_tcp(host, port, sleep_duration);
+                } else {
+                    eprintln!("--tcp requires a host:port argument");
+                    return;
+                }
+            }
+            "-c" | "--cmd" | "--command" => {
+                if let Some(command) = args.next() {
+                    wait_for_command(&command, sleep_duration);
+                } else {
+                    eprintln!("--command requires a command string argument");
+                    return;
+                }
+            }
+            "-s" | "--sleep" => {
+                if let Some(sleep_str) = args.next() {
+                    if let Ok(duration) = sleep_str.parse::<u64>() {
+                        sleep_duration = duration;
+                    } else {
+                        eprintln!("Invalid sleep duration");
+                        return;
+                    }
+                } else {
+                    eprintln!("--sleep requires a duration in seconds");
+                    return;
+                }
+            }
+            _ => {
+                eprintln!("Unknown option: {}\n{}", arg, USAGE);
+                return;
+            }
+        }
+    }
+}
+
+fn wait_for_file(path: &str, sleep_duration: u64) {
+    while !fs::metadata(path).is_ok() {
+        println!("Waiting for file: {}...", path);
+        sleep(Duration::from_secs(sleep_duration));
+    }
+    println!("File '{}' exists", path);
+}
+
+fn wait_for_interface(interface: &str, sleep_duration: u64) {
+    let path = format!("/sys/class/net/{}", interface);
+    while !fs::metadata(&path).is_ok() {
+        println!("Waiting for interface: {}...", interface);
+        sleep(Duration::from_secs(sleep_duration));
+    }
+    println!("Interface '{}' exists", interface);
+}
+
+fn wait_for_ip_routing(interface: &str, sleep_duration: u64) {
+    loop {
+        let mut content = String::new();
+        if fs::File::open("/proc/net/route")
+            .and_then(|mut f| f.read_to_string(&mut content))
+            .map(|_| content.lines().any(|line| line.starts_with(interface) && line[interface.len()..]
+                                         .starts_with(|c| c == '\t' || c == ' ')))
+            .unwrap_or(false)
+        {
+            break;
+        }
+
+        println!("Waiting for IP/routing on interface: {}...", interface);
+        sleep(Duration::from_secs(sleep_duration));
+    }
+    println!("Interface '{}' has IP/routing", interface);
+}
+
+fn wait_for_tcp(host: &str, port: u16, sleep_duration: u64) {
+    while TcpStream::connect((host, port)).is_err() {
+        println!("Waiting for TCP connection at {}:{}", host, port);
+        sleep(Duration::from_secs(sleep_duration));
+    }
+    println!("TCP connection established at {}:{}", host, port);
+}
+
+fn wait_for_command(command: &str, sleep_duration: u64) {
+    while Command::new("sh").arg("-c").arg(command).status().unwrap().success() == false {
+        println!("Command '{}' failed, retrying...", command);
+        sleep(Duration::from_secs(sleep_duration));
+    }
+    println!("Command '{}' executed successfully", command);
+}

package/test/Dockerfile.empty

@@ -0,0 +1 @@
+FROM scratch

package/test/dir1/dir2/file2

@@ -0,0 +1 @@
+{{VAL2}}

package/test/dir1/file1

@@ -0,0 +1 @@
+val1

package/test/test-utils.yaml

@@ -0,0 +1,17 @@
+name: "test-utils: test Rust copy and wait commands (without conlink)"
+
+env:
+  DC: "${{ process.env.DOCKER_COMPOSE || 'docker compose' }}"
+  COMPOSE_FILE: test/utils-compose.yaml
+
+tests:
+  test-utils:
+    name: "build and use copy and wait"
+    steps:
+      - exec: :host
+        run: |
+          ${DC} down --remove-orphans --volumes -t1
+          ${DC} up --force-recreate
+
+      - exec: :host
+        run: ${DC} down --remove-orphans --volumes -t1

package/test/test11.yaml

@@ -0,0 +1,26 @@
+name: "test11: build and use Rust copy and wait commands"
+
+env:
+  DC: "${{ process.env.DOCKER_COMPOSE || 'docker compose' }}"
+  COMPOSE_FILE: examples/test11-compose.yaml
+
+tests:
+  test11:
+    name: "build and use copy and wait"
+    steps:
+      - exec: :host
+        run: |
+          ${DC} down --remove-orphans --volumes -t1
+          ${DC} up -d --force-recreate
+      - exec: :host
+        run: |
+          echo "waiting for conlink startup"
+          ${DC} logs network | grep "All links connected"
+        repeat: { retries: 30, interval: '1s' }
+
+      - exec: client
+        run: grep "val2" /var/log/test.log
+        repeat: { retries: 10, interval: '1s' }
+
+      - exec: :host
+        run: ${DC} down --remove-orphans --volumes -t1

package/test/utils-compose.yaml

@@ -0,0 +1,69 @@
+x-service: &service-base
+  image: alpine
+  volumes:
+    - state:/state
+    - ../utils:/utils
+    - ../test:/test:ro
+
+services:
+  clean:
+    <<: *service-base
+    command: sh -c 'rm -vf /state/*; ls -l /state/'
+
+  extract-utils:
+    build: {context: ../, dockerfile: Dockerfile}
+    user: ${USER_ID:-0}:${GROUP_ID:-0}
+    volumes:
+      - ../utils:/conlink_utils
+    command: cp /utils/wait /utils/wait.sh /utils/copy /utils/copy.sh /utils/echo /conlink_utils/
+
+  # Verify wait functionality
+  wait-alpine:
+    <<: *service-base
+    depends_on: {clean:       {condition: service_completed_successfully},
+                 extract-utils: {condition: service_completed_successfully}}
+    command: /utils/wait -c "sleep 1" -f /state/file -i eth0 -I eth0 -t tcp:8080 -- echo "wait finished"
+
+  # Verify wait works in a scratch image (no shell or other files)
+  wait-empty:
+    <<: *service-base
+    image: !unset
+    depends_on: {clean:       {condition: service_completed_successfully},
+                 extract-utils: {condition: service_completed_successfully}}
+    build: {dockerfile: Dockerfile.empty}
+    command: ["/utils/wait", "-f", "/state/file", "-i", "eth0", "-I", "eth0", "-t", "tcp:8080", "--", "/utils/echo", "'wait finished'"]
+
+   # Verify copy unctionality
+  copy-alpine:
+    <<: *service-base
+    depends_on: {extract-utils: {condition: service_completed_successfully}}
+    environment:
+      - VAL2=val2
+    command: sh -c 'mkdir /tmp/dir1 && /utils/copy -T /test/dir1 /tmp/dir1 && grep -q "val1" /tmp/dir1/file1 && grep -q "val2" /tmp/dir1/dir2/file2 && echo "copy finished"'
+
+  file:
+    <<: *service-base
+    depends_on: {clean:       {condition: service_completed_successfully},
+                 wait-alpine: {condition: service_started},
+                 wait-empty:  {condition: service_started}}
+    command: sh -c 'sleep 2 && touch /state/file'
+
+  tcp:
+    <<: *service-base
+    depends_on: {wait-alpine: {condition: service_started},
+                 wait-empty:  {condition: service_started}}
+    # Accepts two connections and then exits
+    command: sh -c 'sleep 3 && nc -l -p 8080 && nc -l -p 8080'
+
+  test:
+    <<: *service-base
+    depends_on: {file:         {condition: service_started},
+                 tcp:          {condition: service_started},
+                 wait-alpine:  {condition: service_completed_successfully},
+                 wait-empty:   {condition: service_completed_successfully},
+                 copy-alpine:  {condition: service_completed_successfully}}
+    command: echo "Success"
+
+
+volumes:
+  state: {}