ybox 0.9.10__tar.gz → 0.9.11.1__tar.gz

{ybox-0.9.10/src/ybox.egg-info → ybox-0.9.11.1}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: ybox
-Version: 0.9.10
+Version: 0.9.11.1
 Summary: Securely run Linux distribution inside a container
 Author-email: Sumedh Wale <sumwale@yahoo.com>, Vishal Rao <vishalrao@gmail.com>
 License: Copyright (c) 2024-2025 Sumedh Wale and contributors
@@ -25,7 +25,7 @@ License: Copyright (c) 2024-2025 Sumedh Wale and contributors
         
 Project-URL: Homepage, https://github.com/sumwale/ybox
 Project-URL: Issues, https://github.com/sumwale/ybox/issues
-Keywords: Linux in container,toolbox
+Keywords: Linux in container,toolbox,distrobox
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: End Users/Desktop
 Classifier: License :: OSI Approved :: MIT License
@@ -42,6 +42,7 @@ License-File: LICENSE
 Requires-Dist: packaging
 Requires-Dist: simple-term-menu
 Requires-Dist: tabulate>=0.9.0
+Dynamic: license-file
 
 ## Introduction
 
@@ -99,7 +100,7 @@ So, for example, if you want to run the latest and greatest Intellij IDEA commun
 to do is:
 
 ```sh
-# create an Arch Linux based container
+# create an Arch Linux based container and generate systemd service file (if possible)
 ybox-create arch
 # then select an appropriate built-in profile e.g. "dev.ini" from the menu
 
@@ -197,6 +198,8 @@ to point to the full path of the podman or docker executable.
 ybox-create
 ```
 
+By default this will also generate a user systemd service if possible (add `-S` or
+  `--skip-systemd-service` option to skip creation of a user systemd service).
 This will allow choosing from supported distributions, then from the available profiles.
 You can start with the Arch Linux distribution and `apps.ini` profile to try it out. The container
 will have a name like `ybox-<distribution>_<profile>` by default like `ybox-arch_apps` for the
@@ -269,7 +272,7 @@ ybox-pkg list -o
 ```
 To show more details of the packages (combine with -a/-o as required):
 ```sh
-ybox-pkg list -o
+ybox-pkg list -v
 ```
 
 List all the files installed by the package:
@@ -309,6 +312,8 @@ Clean package cache, temporary downloads etc:
 ```sh
 ybox-pkg clean
 ```
+Add `-q` option to answer yes for any questions automatically if all your containers use
+the same shared root.
 
 Mark a package as explicitly installed (also registers with `ybox-pkg` if not present):
 ```sh
@@ -317,7 +322,7 @@ ybox-pkg mark firefox -e
 
 Mark a package as a dependency of another (also registers with `ybox-pkg` if not present):
 ```sh
-ybox-pkg mark qt5ct -D zoom  # mark qt5ct as an optional dependency of zoom
+ybox-pkg mark qt5ct -d zoom  # mark qt5ct as an optional dependency of zoom
 ```
 
 Repair package installation after a failure or interrupt:
@@ -437,26 +442,32 @@ for a ybox container. See the full set of options with `ybox-control -h/--help`.
 ### Auto-starting containers
 
 Containers can be auto-started as per the usual way for rootless podman/docker services.
-This is triggered by systemd on user login which is exactly what we want for ybox
+This is triggered by systemd on user login which is exactly what is required for ybox
 containers so that the container applications are available on login and are stopped on
-session logout. For docker the following should suffice:
+session logout. All the tested Linux distributions support this and provide for user
+systemd daemon on user login.
 
-```sh
-systemctl --user enable docker
-```
+The `ybox-create` command  autogenerates the systemd service file (in absence of `-S` or
+  `--skip-systemd-service` option) which is also removed by `ybox-destroy` automatically.
+The name of the generated service is `ybox-<NAME>` where `<NAME>` is the name of the
+container if `<NAME>` does not start with `ybox-` prefix, else it is just `<NAME>`.
 
-See [docker docs](https://docs.docker.com/engine/security/rootless/#daemon) for details.
-
-For podman you will need to explicitly generate systemd service file for each container and
-copy to your systemd configuration directory since podman does not use a background daemon.
-For the `ybox-arch_apps` container in the examples before:
+With a user service installed, the `systemctl` commands can be used to control the
+ybox container (`<SERVICE_NAME>` is `ybox-<NAME>/<NAME>` mentioned above):
 
 ```sh
-mkdir -p ~/.config/systemd/user/
-podman generate systemd --name ybox-arch_apps > ~/.config/systemd/user/container-ybox-arch_apps.service
-systemctl --user enable container-ybox-arch_apps.service
+systemctl --user status <SERVICE_NAME>  # show status of the service
+systemctl --user stop <SERVICE_NAME>    # stop the service
+systemctl --user start <SERVICE_NAME>   # start the service
 ```
 
+If your Linux distribution does not use systemd, then the autostart has to be handled
+manually as per the distribution's preferred way. For instance an appropriate desktop
+file can be added to `~/.config/autostart` directory to start a ybox container on
+graphical login, though performing a clean stop can be hard with this approach.
+Note that the preferred way to start/stop a ybox container is using the `ybox-control`
+command rather than directly using podman/docker.
+
 
 ## Development
 

{ybox-0.9.10 → ybox-0.9.11.1}/README.md

@@ -54,7 +54,7 @@ So, for example, if you want to run the latest and greatest Intellij IDEA commun
 to do is:
 
 ```sh
-# create an Arch Linux based container
+# create an Arch Linux based container and generate systemd service file (if possible)
 ybox-create arch
 # then select an appropriate built-in profile e.g. "dev.ini" from the menu
 
@@ -152,6 +152,8 @@ to point to the full path of the podman or docker executable.
 ybox-create
 ```
 
+By default this will also generate a user systemd service if possible (add `-S` or
+  `--skip-systemd-service` option to skip creation of a user systemd service).
 This will allow choosing from supported distributions, then from the available profiles.
 You can start with the Arch Linux distribution and `apps.ini` profile to try it out. The container
 will have a name like `ybox-<distribution>_<profile>` by default like `ybox-arch_apps` for the
@@ -224,7 +226,7 @@ ybox-pkg list -o
 ```
 To show more details of the packages (combine with -a/-o as required):
 ```sh
-ybox-pkg list -o
+ybox-pkg list -v
 ```
 
 List all the files installed by the package:
@@ -264,6 +266,8 @@ Clean package cache, temporary downloads etc:
 ```sh
 ybox-pkg clean
 ```
+Add `-q` option to answer yes for any questions automatically if all your containers use
+the same shared root.
 
 Mark a package as explicitly installed (also registers with `ybox-pkg` if not present):
 ```sh
@@ -272,7 +276,7 @@ ybox-pkg mark firefox -e
 
 Mark a package as a dependency of another (also registers with `ybox-pkg` if not present):
 ```sh
-ybox-pkg mark qt5ct -D zoom  # mark qt5ct as an optional dependency of zoom
+ybox-pkg mark qt5ct -d zoom  # mark qt5ct as an optional dependency of zoom
 ```
 
 Repair package installation after a failure or interrupt:
@@ -392,26 +396,32 @@ for a ybox container. See the full set of options with `ybox-control -h/--help`.
 ### Auto-starting containers
 
 Containers can be auto-started as per the usual way for rootless podman/docker services.
-This is triggered by systemd on user login which is exactly what we want for ybox
+This is triggered by systemd on user login which is exactly what is required for ybox
 containers so that the container applications are available on login and are stopped on
-session logout. For docker the following should suffice:
+session logout. All the tested Linux distributions support this and provide for user
+systemd daemon on user login.
 
-```sh
-systemctl --user enable docker
-```
+The `ybox-create` command  autogenerates the systemd service file (in absence of `-S` or
+  `--skip-systemd-service` option) which is also removed by `ybox-destroy` automatically.
+The name of the generated service is `ybox-<NAME>` where `<NAME>` is the name of the
+container if `<NAME>` does not start with `ybox-` prefix, else it is just `<NAME>`.
 
-See [docker docs](https://docs.docker.com/engine/security/rootless/#daemon) for details.
-
-For podman you will need to explicitly generate systemd service file for each container and
-copy to your systemd configuration directory since podman does not use a background daemon.
-For the `ybox-arch_apps` container in the examples before:
+With a user service installed, the `systemctl` commands can be used to control the
+ybox container (`<SERVICE_NAME>` is `ybox-<NAME>/<NAME>` mentioned above):
 
 ```sh
-mkdir -p ~/.config/systemd/user/
-podman generate systemd --name ybox-arch_apps > ~/.config/systemd/user/container-ybox-arch_apps.service
-systemctl --user enable container-ybox-arch_apps.service
+systemctl --user status <SERVICE_NAME>  # show status of the service
+systemctl --user stop <SERVICE_NAME>    # stop the service
+systemctl --user start <SERVICE_NAME>   # start the service
 ```
 
+If your Linux distribution does not use systemd, then the autostart has to be handled
+manually as per the distribution's preferred way. For instance an appropriate desktop
+file can be added to `~/.config/autostart` directory to start a ybox container on
+graphical login, though performing a clean stop can be hard with this approach.
+Note that the preferred way to start/stop a ybox container is using the `ybox-control`
+command rather than directly using podman/docker.
+
 
 ## Development
 

{ybox-0.9.10 → ybox-0.9.11.1}/pyproject.toml

@@ -30,7 +30,7 @@ classifiers = [
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
 ]
-keywords = ["Linux in container", "toolbox"]
+keywords = ["Linux in container", "toolbox", "distrobox"]
 
 [project.urls]
 Homepage = "https://github.com/sumwale/ybox"

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/__init__.py

@@ -1,2 +1,2 @@
 """`ybox` is a tool to easily manage linux distributions in containers"""
-__version__ = "0.9.10"
+__version__ = "0.9.11.1"

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/profiles/apps.ini

@@ -1,6 +1,7 @@
 [base]
 name = Profile for CLI and GUI apps
 includes = basic.ini
+ssh_agent = on
 
 [security]
 # SYS_PTRACE may be required by mesa which is invoked indirectly by both firefox and chromium.
@@ -9,6 +10,9 @@ includes = basic.ini
 caps_add = SYS_PTRACE
 
 [mounts]
+# export the host's ssh keys for use by ssh-agent in the container as required ("ro" mode
+#   implies that known_hosts and other files within ~/.ssh cannot be changed)
+ssh = $HOME/.ssh:$TARGET_HOME/.ssh:ro
 music = $HOME/Music:$TARGET_HOME/Music:ro
 pictures = $HOME/Pictures:$TARGET_HOME/Pictures:ro
 videos = $HOME/Videos:$TARGET_HOME/Videos:ro
@@ -19,8 +23,9 @@ videos = $HOME/Videos:$TARGET_HOME/Videos:ro
 
 [app_flags]
 # These flags will be added to Exec line of google-chrome.desktop when it is copied to host.
-# /dev/shm usage is disabled for chrome because that requires ipc=host or mounting host
-# /dev/shm in read-write mode which can be insecure.
-google-chrome = !p --disable-dev-shm-usage !a
-google-chrome-beta = !p --disable-dev-shm-usage !a
-google-chrome-unstable = !p --disable-dev-shm-usage !a
+
+# the --disable-dev-shm-usage flag in chrome/chromium based browsers disables use of /dev/shm
+# which can reduce memory footprint at the cost of performance and increased disk activity
+#google-chrome = !p --disable-dev-shm-usage !a
+#google-chrome-beta = !p --disable-dev-shm-usage !a
+#google-chrome-unstable = !p --disable-dev-shm-usage !a

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/profiles/basic.ini

@@ -20,8 +20,8 @@
 #   - YBOX_SYS_CONF_DIR: path to system configuration directory where configuration directory
 #                        shipped with ybox is installed (or the string form of
 #                          the directory if it is not on filesystem like an egg or similar)
-#   - TARGET_HOME: set to the home directory of the container user as it exists on the host
-#                  (i.e. the expanded value of the "home" key in the [base] section)
+#   - TARGET_HOME: set to the home directory of the container user in the container
+#                  (which is same as the host user's $HOME for podman and /root for docker)
 # Additionally a special notation can be used for current date+time with this notation:
 #   ${NOW:<fmt>}. The <fmt> uses the format supported by python strftime
 # (https://docs.python.org/3/library/datetime.html#datetime.datetime.strftime)
@@ -67,7 +67,7 @@ includes =
 # to freely create as many containers as desired to achieve best isolation without worrying
 # about dramatic increase in disk and/or memory usage.
 shared_root = $HOME/.local/share/ybox/SHARED_ROOTS/$YBOX_DISTRIBUTION_NAME
-# Bind mount the container $HOME to this local path (aka $TARGET_HOME). This makes it
+# Bind mount the container $HOME to this local path. This makes it
 # easier for backup software and otherwise to read useful container data.
 # If not provided then you should explicitly mount required directories in the [mounts]
 # section otherwise home will remain completely ephemeral which is not recommended.
@@ -100,6 +100,16 @@ pulseaudio = on
 dbus = on
 # If enabled then the system dbus from the host is available to the container.
 dbus_sys = off
+# If enabled then the socket for SSH agent, if present, is made available to the container.
+# The $SSH_AUTH_SOCK environment variables must be set in the host environment for this to work.
+# You can also mount $HOME/.ssh with appropriate flags ("ro" if possible) in the [mounts]
+# section to enable the container use the host's ssh keys.
+ssh_agent = off
+# If enabled then the socket for GPG agent, if present, is made available to the container.
+# The $GPG_AGENT_INFO environment variable must be set in the host environment for this to work.
+# You can also mount $HOME/.gnupg with appropriate flags ("ro" if possible) in the [mounts]
+# section to enable the container use the host's gpg keys.
+gpg_agent = off
 # If enabled then Direct Rendering Infrastructure for accelerated graphics is available to
 # the container.
 dri = on
@@ -123,8 +133,8 @@ nvidia = off
 #
 # This will take precedence if both "nvidia" and "nvidia_ctk" are enabled.
 nvidia_ctk = off
-# default podman/docker shm-size is 64m which can be insufficient for many apps
-shm_size = 1g
+# default podman/docker shm-size is only 64m which can be insufficient for many apps
+shm_size = 2g
 # Limit the maximum number of processes in the container (to avoid stuff like fork bombs).
 pids_limit = 2048
 # Logging driver to use. Default for podman/docker is to use journald in modern Linux
@@ -137,6 +147,9 @@ log_driver = json-file
 # Example for docker that does not support `path`
 log_opts = max-size=10m,max-file=3
 
+# Comma separated list of additional devices that should be made available to the container using
+# the --device option to podman/docker run. Example: devices = /dev/video0,/dev/ttyUSB0
+devices =
 
 # The security-opt and other security options passed to podman/docker.
 # You should restrict these as required.
@@ -227,9 +240,10 @@ documents = $HOME/Documents:$TARGET_HOME/Documents:ro
 # in the [base] section.
 #
 # Note: The LHS should typically have a path having $HOME while RHS will be relative to the
-#       target's home inside the container. Do not use $TARGET_HOME on RHS (or LHS for that matter)
-#       which is the target's home as on the host and not the one inside the container.
+#       target's home inside the container. Do not use $TARGET_HOME on RHS since path the assumed
+#       to be a relative one and $TARGET_HOME already inserted as required.
 [configs]
+env_conf = $HOME/.config/environment.d -> .config/environment.d
 bashrc = $HOME/.bashrc -> .bashrc
 starship = $HOME/.config/starship.toml -> .config/starship.toml
 # replicate fish configuration directory with copy of fish_variables but symlinks for the rest
@@ -303,14 +317,12 @@ XMODIFIERS
 [app_flags]
 # These flags/arguments will be added to Exec line of chromium.desktop when it is copied to
 # host as well as in the wrapper chromium executable created on the host.
-# You can use "!p" here for the first argument in the 'Exec='/'TryExec=' line in the desktop
+# You can use "!p" here for the first argument in the 'Exec=' line in the desktop
 # file and '!a' for rest of the arguments. When linking to an executable program, '!p' will
 # refer to the full path of the executable while '!a' will be replaced by "$@" in the shell
 # script. Use '!!p' for a literal '!p' and '!!a' for a literal '!a'.
 
-# /dev/shm usage is disabled for chromium because that requires ipc=host or mounting host
-# /dev/shm in read-write mode which is quite insecure.
-chromium = !p --disable-dev-shm-usage --enable-chrome-browser-cloud-management !a
+chromium = !p --enable-chrome-browser-cloud-management !a
 
 
 # Startup programs you want to run when starting the container. These are run using

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/profiles/dev.ini

@@ -1,6 +1,7 @@
 [base]
 name = Profile for creating development environment
 includes = basic.ini
+ssh_agent = on
 
 [security]
 # SYS_PTRACE is required by mesa and without this, the following warning can be seen:
@@ -8,6 +9,9 @@ includes = basic.ini
 caps_add = SYS_PTRACE
 
 [mounts]
+# export the host's ssh keys for use by ssh-agent in the container as required ("ro" mode
+#   implies that known_hosts and other files within ~/.ssh cannot be changed)
+ssh = $HOME/.ssh:$TARGET_HOME/.ssh:ro
 # add your projects and other directories having source code
 #projects = $HOME/projects:$TARGET_HOME/projects
 #pyenv = $HOME/.pyenv:$TARGET_HOME/.pyenv:ro

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/resources/entrypoint-cp.sh

@@ -28,5 +28,5 @@ echo_color "$fg_purple" "Copying data from container to shared root mounted on '
 IFS="," read -ra shared_dirs_arr <<< "$shared_dirs"
 for dir in "${shared_dirs_arr[@]}"; do
   echo_color "$fg_orange" "Copying $dir to $shared_bind$dir"
-  cp -a "$dir" "$shared_bind$dir"
+  cp -an "$dir" "$shared_bind$dir"
 done

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/resources/entrypoint-root.sh

@@ -10,9 +10,9 @@ source "$SCRIPT_DIR/entrypoint-common.sh"
 
 export HOME=/root
 echo_color "$fg_cyan" "Copying prime-run, run-in-dir and run-user-bash-cmd" >> $status_file
-cp -a "$SCRIPT_DIR/prime-run" /usr/local/bin/prime-run
-cp -a "$SCRIPT_DIR/run-in-dir" /usr/local/bin/run-in-dir
-cp -a "$SCRIPT_DIR/run-user-bash-cmd" /usr/local/bin/run-user-bash-cmd
+cp -af "$SCRIPT_DIR/prime-run" /usr/local/bin/prime-run
+cp -af "$SCRIPT_DIR/run-in-dir" /usr/local/bin/run-in-dir
+cp -af "$SCRIPT_DIR/run-user-bash-cmd" /usr/local/bin/run-user-bash-cmd
 chmod 0755 /usr/local/bin/prime-run /usr/local/bin/run-in-dir /usr/local/bin/run-user-bash-cmd
 
 # invoke the NVIDIA setup script if present

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/resources/entrypoint.sh

@@ -57,19 +57,12 @@ function replicate_config_files() {
       home_file="$HOME/${BASH_REMATCH[2]}"
       dest_file="$config_dir/${BASH_REMATCH[2]}"
       # only replace the file if it is already a link (assuming the link target may
-      #   have changed in the config_list file), or a directory containing links
+      #   have changed in the config_list file), or a directory containing only links
       if [ -e "$dest_file" ]; then
         if [ -L "$home_file" ]; then
           rm -f "$home_file"
         elif [ -d "$home_file" ]; then
-          do_rmdir=true
-          for f in "$home_file"/*; do
-            if [ -e "$f" -a ! -L "$f" ]; then
-              do_rmdir=false
-              break
-            fi
-          done
-          if [ "$do_rmdir" = true ]; then
+          if [ -z $(find "$home_file" -type f -print -quit) ]; then
             rm -rf "$home_file"
           fi
         fi

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/resources/run-in-dir

@@ -9,24 +9,34 @@ if [ -n "$dir" -a -d "$dir" ]; then
   cd "$dir"
 fi
 
-# XAUTHORITY file can change after a re-login or a restart, so search for the passed one
-# by podman/docker exec in the mount point of its parent directory
-if [ -n "$XAUTHORITY" -a -n "$XAUTHORITY_ORIG" -a ! -r "$XAUTHORITY" ]; then
-  # XAUTHORITY is assumed to be either in /run/user or in /tmp
-  run_dir="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"
-  if [[ "$XAUTHORITY" == $run_dir/* ]]; then
-    host_dir="$run_dir"
-  elif [[ "$XAUTHORITY" == /tmp/* ]]; then
-    host_dir=/tmp
+# XAUTHORITY, SSH_AUTH_SOCK and GPG_AGENT_INFO files can change after a re-login or a restart,
+# so search for the passed one by podman/docker exec in the mount point of its parent directory
+for env_var in XAUTHORITY SSH_AUTH_SOCK GPG_AGENT_INFO; do
+  env_var_orig=${env_var}_ORIG
+  var_val=${!env_var}
+  var_val_orig=${!env_var_orig}
+  if [ -n "$var_val" -a -n "$var_val_orig" ]; then
+    if [ ! -r "$var_val" ]; then
+      # the value should be in /run/user/<uid> or in /tmp, or else the parent directory is used
+      run_dir="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"
+      if [[ "$var_val" == $run_dir/* ]]; then
+        host_dir="$run_dir"
+      elif [[ "$var_val" == /tmp/* ]]; then
+        host_dir=/tmp
+      else
+        host_dir="$(dirname "$var_val")"
+      fi
+      new_val="${var_val/#$host_dir/${host_dir}-host}" # replace $host_dir by ${host_dir}-host
+      if [ ! -r "$new_val" ]; then
+        new_val="$var_val_orig"
+      fi
+      export $env_var="$new_val"
+    fi
   else
-    host_dir="$(dirname "$XAUTHORITY")"
+    # remove unset variable in the container else apps can misbehave
+    unset $env_var
   fi
-  XAUTHORITY="${XAUTHORITY/#$host_dir/${host_dir}-host}" # replace $host_dir by ${host_dir}-host
-  if [ ! -r "$XAUTHORITY" ]; then
-    XAUTHORITY="$XAUTHORITY_ORIG"
-  fi
-  export XAUTHORITY
-fi
+done
 
 # In case NVIDIA driver has been updated, the updated libraries and other files may need to be
 # linked again, so check for a missing library file and invoke the setup script if present

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/conf/resources/ybox-systemd.template

@@ -8,15 +8,17 @@ Wants=network-online.target
 After=network-online.target
 {docker_requires}
 [Service]
-EnvironmentFile={env_file}
-Type=forking
+Environment=PATH={sys_path}:{ybox_bin_dir}
+EnvironmentFile=%h/.config/systemd/user/{env_file}
+Type=notify
+NotifyAccess=all
 Restart=on-failure
-TimeoutStopSec=70
 # sleep to allow for initialization of the user's login/graphical environment
 ExecStartPre=/usr/bin/sleep $SLEEP_SECS
-ExecStart=/bin/sh -c 'ybox-control start {name}'
+ExecStart=/bin/sh -c 'ybox-control start {name} && systemd-notify --ready && exec ybox-control wait {name}'
 ExecStop=/bin/sh -c 'ybox-control stop -t 20 --ignore-stopped {name}'
 ExecStopPost=/bin/sh -c 'ybox-control stop -t 20 --ignore-stopped {name}'
-{pid_file}
+TimeoutStopSec=60
+
 [Install]
 WantedBy=default.target

{ybox-0.9.10 → ybox-0.9.11.1}/src/ybox/env.py

@@ -60,34 +60,41 @@ class Environ:
         :param home_dir: if a non-default user home directory has to be set
         """
         self._home_dir = home_dir or os.path.expanduser("~")
+        self._home_dir = self._home_dir.rstrip("/")
         self._docker_cmd = docker_cmd or get_docker_command()
         cmd_version = subprocess.check_output([self._docker_cmd, "--version"])
         self._uses_podman = "podman" in cmd_version.decode("utf-8").lower()
         # local user home might be in a different location than /home but target user in the
         # container will always be in /home with podman else /root for the root user with docker
         # as ensured by entrypoint-base.sh script
-        target_uid = 0
+        current_user = getpass.getuser()
+        current_uid = pwd.getpwnam(current_user).pw_uid
         if self._uses_podman:
-            self._target_user = getpass.getuser()
-            target_uid = pwd.getpwnam(self._target_user).pw_uid
+            self._target_user = current_user
+            target_uid = current_uid
             self._target_home = f"/home/{self._target_user}"
         else:
             self._target_user = "root"
+            target_uid = 0
             self._target_home = "/root"
             # confirm that docker is being used in rootless mode (not required for podman because
             #   it runs as rootless when run by a non-root user in any case without explicit sudo
             #   which the ybox tools don't use)
             if (docker_ctx := subprocess.check_output(
                     [self._docker_cmd, "context", "show"]).decode("utf-8")).strip() != "rootless":
-                raise NotSupportedError("docker should use the rootless mode (see "
-                                        "https://docs.docker.com/engine/security/rootless/) "
-                                        f"but the current context is '{docker_ctx}'")
+                # check for DOCKER_HOST environment variable
+                expected_docker_host = f"unix:///run/user/{current_uid}/docker.sock"
+                if not docker_ctx or os.environ.get("DOCKER_HOST", "") != expected_docker_host:
+                    raise NotSupportedError("docker should use the rootless mode (see "
+                                            "https://docs.docker.com/engine/security/rootless/) "
+                                            f"but the current context is '{docker_ctx}' and "
+                                            f"$DOCKER_HOST is not set to '{expected_docker_host}'")
         os.environ["TARGET_HOME"] = self._target_home
         self._user_base = user_base = site.getuserbase()
         target_user_base = f"{self._target_home}/.local"
         self._data_dir = f"{user_base}/share/ybox"
         self._target_data_dir = f"{target_user_base}/share/ybox"
-        self._xdg_rt_dir = os.environ.get("XDG_RUNTIME_DIR", "")
+        self._xdg_rt_dir = os.environ.get("XDG_RUNTIME_DIR", "").rstrip("/")
         # the container user's one can be different because it is the root user for docker
         self._target_xdg_rt_dir = f"/run/user/{target_uid}"
         self._now = datetime.now()
@@ -148,6 +155,10 @@ class Environ:
         """if podman is the container manager being used"""
         return self._uses_podman
 
+    def systemd_user_conf_dir(self) -> str:
+        """standard configuration directory location of user specific systemd services"""
+        return f"{self._home_dir}/.config/systemd/user"
+
     @property
     def target_user(self) -> str:
         """username of the container user (which is the same as the current user for podman

ybox-0.9.10/src/ybox/migrate/0.9.0-0.9.7:0.9.8.py → ybox-0.9.11.1/src/ybox/migrate/0.9.0-0.9.10:0.9.11.py

@@ -20,11 +20,12 @@ copy_ybox_scripts_to_container(static_conf, distro_conf)
 
 # rename PKGMGR_CLEANUP to PKGMGR_CLEAN in pkgmgr.conf
 scripts_dir = static_conf.scripts_dir
-pkgmgr_conf = f"{scripts_dir}/pkgmgr.conf"
-with open(pkgmgr_conf, "r", encoding="utf-8") as pkgmgr_file:
-    pkgmgr_data = pkgmgr_file.read()
-with open(pkgmgr_conf, "w", encoding="utf-8") as pkgmgr_file:
-    pkgmgr_file.write(pkgmgr_data.replace("PKGMGR_CLEANUP", "PKGMGR_CLEAN"))
+pkgmgr_conf = Path(f"{scripts_dir}/pkgmgr.conf")
+if pkgmgr_conf.exists():
+    with pkgmgr_conf.open("r", encoding="utf-8") as pkgmgr_file:
+        pkgmgr_data = pkgmgr_file.read()
+    with pkgmgr_conf.open("w", encoding="utf-8") as pkgmgr_file:
+        pkgmgr_file.write(pkgmgr_data.replace("PKGMGR_CLEANUP", "PKGMGR_CLEAN"))
 # run entrypoint-root.sh again to refresh scripts and configuration
 subprocess.run([static_conf.env.docker_cmd, "exec", "-it", static_conf.box_name, "/usr/bin/sudo",
                 "/bin/bash", f"{static_conf.target_scripts_dir}/entrypoint-root.sh"])