ybox 0.9.9__tar.gz → 0.9.10__tar.gz

{ybox-0.9.9/src/ybox.egg-info → ybox-0.9.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: ybox
-Version: 0.9.9
+Version: 0.9.10
 Summary: Securely run Linux distribution inside a container
 Author-email: Sumedh Wale <sumwale@yahoo.com>, Vishal Rao <vishalrao@gmail.com>
 License: Copyright (c) 2024-2025 Sumedh Wale and contributors
@@ -35,6 +35,7 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
@@ -54,7 +55,17 @@ of the container including directories to be shared, logging etc.
 
 Special emphasis is given on security where users can choose to lock down
 or open up the container as required with reasonable defaults out of the
-box. There is no sharing of HOME or no privileged mode container.
+box. There is no sharing of HOME or no privileged mode container. This sets
+it apart from other similar solutions like distrobox/toolbx and the reason
+for starting this project since those other solutions don't care about
+security/sandboxing at all and share the entire HOME while running the
+containers in privileged mode. The other problem with those solutions is that
+the shared HOME means that the user's configuration dot files also get shared
+and can cause all kinds of trouble where container apps can overwrite
+with their own versions (especially for updated apps in the containers)
+breaking the app in the host system. It is, however, possible to share the
+entire HOME if user really wants but that needs to be explcitly configured
+in the ini profile.
 
 Expected usage is for users to group similar applications in a container
 and separate out containers depending on different needs like higher/lower
@@ -144,10 +155,11 @@ require you to install in a custom virtual environment which can be done manuall
  fish: `python3 -m venv ybox-venv && source ybox-env/bin/activate.fish`)
 or automatically using `pipx`. Alternatively you can add `--break-system-packages`
 flag to the `pip` command above or add it globally for all future packages using
-`python3 -m pip config set global.break-system-packages true`. The alternative
-approach works well for `ybox` which has a very minimal set of dependencies but
-in the rare case you see any issues due to package conflicts, use `pipx` or
-manual virtual environment.
+`python3 -m pip config set global.break-system-packages true`. This alternative
+approach works well for `ybox` which has a very minimal set of dependencies which will
+not conflict with system packages (rather work with whatever system version is installed),
+but if you prefer keeping the installation separate then use `pipx` or
+a manual virtual environment.
 
 Now you can run the `ybox-create` and other utilities that are normally installed
 in your `~/.local/bin` directory which should be in PATH for modern Linux distributions.
@@ -209,7 +221,9 @@ does not run properly as root, then you cannot run it when using docker unless y
 `sudo/su` to the host user in the container command. However, running as host user when running
 rootless docker will map to a different user ID in the host (as specified in `/etc/subuid` on the
 host) so files shared with the host, including devices like those in `/dev/dri`, will cause
-permission issues that can hinder or break the application.
+permission issues that can hinder or break the application. Hence it is recommended to
+just install podman (even if you already have docker installed) which works out of the
+box in rootless mode in all tested distributions.
 
 
 ### Package management: install/uninstall/list/search/...
@@ -448,8 +462,8 @@ systemctl --user enable container-ybox-arch_apps.service
 
 Virtual environment setup have been provided for consistent development, test and build
 with multiple python versions. The minimum python version required is 3.9 and tests are
-run against all major python versions higher than that (i.e. 3.10, 3.11, 3.12 and others
-in future).
+run against all major python versions higher than that (i.e. 3.10, 3.11, 3.12, 3.13 and
+    others in future).
 
 The setup uses pyenv with venv which can be used for development with IDEA/PyCharm/VSCode
 or in terminal, running tests against all supported python versions using `tox` etc.
@@ -476,14 +490,23 @@ Next you can install the required python versions and venv environment:
 pyenv/setup-venv.sh
 ```
 
-Finally, you can activate it in bash/zsh:
+Finally, you can activate it.
+
+bash:
+
+```sh
+source pyenv/activate.bash
+source .venv/bin/activate
+```
+
+zsh:
 
 ```sh
-source pyenv/activate.sh
+source pyenv/activate.zsh
 source .venv/bin/activate
 ```
 
-Or in fish shell:
+fish:
 
 ```
 source pyenv/activate.fish

{ybox-0.9.9 → ybox-0.9.10}/README.md

@@ -10,7 +10,17 @@ of the container including directories to be shared, logging etc.
 
 Special emphasis is given on security where users can choose to lock down
 or open up the container as required with reasonable defaults out of the
-box. There is no sharing of HOME or no privileged mode container.
+box. There is no sharing of HOME or no privileged mode container. This sets
+it apart from other similar solutions like distrobox/toolbx and the reason
+for starting this project since those other solutions don't care about
+security/sandboxing at all and share the entire HOME while running the
+containers in privileged mode. The other problem with those solutions is that
+the shared HOME means that the user's configuration dot files also get shared
+and can cause all kinds of trouble where container apps can overwrite
+with their own versions (especially for updated apps in the containers)
+breaking the app in the host system. It is, however, possible to share the
+entire HOME if user really wants but that needs to be explcitly configured
+in the ini profile.
 
 Expected usage is for users to group similar applications in a container
 and separate out containers depending on different needs like higher/lower
@@ -100,10 +110,11 @@ require you to install in a custom virtual environment which can be done manuall
  fish: `python3 -m venv ybox-venv && source ybox-env/bin/activate.fish`)
 or automatically using `pipx`. Alternatively you can add `--break-system-packages`
 flag to the `pip` command above or add it globally for all future packages using
-`python3 -m pip config set global.break-system-packages true`. The alternative
-approach works well for `ybox` which has a very minimal set of dependencies but
-in the rare case you see any issues due to package conflicts, use `pipx` or
-manual virtual environment.
+`python3 -m pip config set global.break-system-packages true`. This alternative
+approach works well for `ybox` which has a very minimal set of dependencies which will
+not conflict with system packages (rather work with whatever system version is installed),
+but if you prefer keeping the installation separate then use `pipx` or
+a manual virtual environment.
 
 Now you can run the `ybox-create` and other utilities that are normally installed
 in your `~/.local/bin` directory which should be in PATH for modern Linux distributions.
@@ -165,7 +176,9 @@ does not run properly as root, then you cannot run it when using docker unless y
 `sudo/su` to the host user in the container command. However, running as host user when running
 rootless docker will map to a different user ID in the host (as specified in `/etc/subuid` on the
 host) so files shared with the host, including devices like those in `/dev/dri`, will cause
-permission issues that can hinder or break the application.
+permission issues that can hinder or break the application. Hence it is recommended to
+just install podman (even if you already have docker installed) which works out of the
+box in rootless mode in all tested distributions.
 
 
 ### Package management: install/uninstall/list/search/...
@@ -404,8 +417,8 @@ systemctl --user enable container-ybox-arch_apps.service
 
 Virtual environment setup have been provided for consistent development, test and build
 with multiple python versions. The minimum python version required is 3.9 and tests are
-run against all major python versions higher than that (i.e. 3.10, 3.11, 3.12 and others
-in future).
+run against all major python versions higher than that (i.e. 3.10, 3.11, 3.12, 3.13 and
+    others in future).
 
 The setup uses pyenv with venv which can be used for development with IDEA/PyCharm/VSCode
 or in terminal, running tests against all supported python versions using `tox` etc.
@@ -432,14 +445,23 @@ Next you can install the required python versions and venv environment:
 pyenv/setup-venv.sh
 ```
 
-Finally, you can activate it in bash/zsh:
+Finally, you can activate it.
+
+bash:
+
+```sh
+source pyenv/activate.bash
+source .venv/bin/activate
+```
+
+zsh:
 
 ```sh
-source pyenv/activate.sh
+source pyenv/activate.zsh
 source .venv/bin/activate
 ```
 
-Or in fish shell:
+fish:
 
 ```
 source pyenv/activate.fish

{ybox-0.9.9 → ybox-0.9.10}/pyproject.toml

@@ -28,6 +28,7 @@ classifiers = [
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
 ]
 keywords = ["Linux in container", "toolbox"]
 

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/__init__.py

@@ -1,2 +1,2 @@
 """`ybox` is a tool to easily manage linux distributions in containers"""
-__version__ = "0.9.9"
+__version__ = "0.9.10"

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/cmd.py

@@ -10,6 +10,7 @@ import sys
 from enum import Enum
 from typing import Callable, Iterable, Optional, Union
 
+from ybox import __version__ as product_version
 from ybox.config import Consts
 
 from .print import print_error, print_info, print_notice, print_warn
@@ -207,7 +208,7 @@ def run_command(cmd: Union[str, list[str]], capture_output: bool = False,
             sys.exit(result.returncode)
         else:
             return result.returncode
-    if capture_output and result.stderr:
+    if capture_output and result.stderr and error_msg != "SKIP":
         print_warn(result.stderr.decode("utf-8"), file=sys.stderr)
     return result.stdout.decode("utf-8") if capture_output else result.returncode
 
@@ -221,6 +222,21 @@ def _print_subprocess_output(result: subprocess.CompletedProcess[bytes]) -> None
         print_warn(result.stderr.decode("utf-8"), file=sys.stderr)
 
 
+def parser_version_check(parser: argparse.ArgumentParser, argv: list[str]) -> None:
+    """
+    Update command-line parser to add `--version` option to existing ones that will output the
+    ybox product version and exit if specified in the given list of arguments.
+
+    :param parser: instance of :class:`argparse.ArgumentParser` having the command-line parser
+    :param argv: the list of arguments to be parsed
+    """
+    parser.add_argument("--version", action="store_true", help="output ybox version")
+    # argv may have required positional arguments, hence check for --version separately
+    if "--version" in argv:
+        print(product_version)
+        sys.exit(0)
+
+
 def parse_opt_deps_args(argv: list[str]) -> argparse.Namespace:
     """
     Common command-line parser for `opt_deps` utilities (see [pkgmgr] section of distro.ini)

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/completions/ybox.fish

@@ -29,6 +29,8 @@ end
 complete -f -c ybox-create -s h -l help -d "show help"
 complete -c ybox-create -s n -l name -d "name of the ybox container" -r
 complete -f -c ybox-create -s F -l force-own-orphans -d "force ownership of orphans on shared root"
+complete -f -c ybox-create -s C -l distribution-config -d "path to custom distribution configuration file"
+complete -f -c ybox-create -l distribution-image -d "custom container image"
 complete -f -c ybox-create -s q -l quiet -d "skip interactive questions"
 complete -f -c ybox-create -n "not __fish_seen_subcommand_from (__fish_ybox_complete_distributions)" -a "(__fish_ybox_complete_distributions)"
 

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/distros/arch/init-user.sh

@@ -10,8 +10,8 @@ current_user="$(id -un)"
 # install binaries for paru from paru-bin (paru takes too long to compile)
 PARU="paru --noconfirm"
 echo_color "$fg_cyan" "Installing AUR helper 'paru'" >> $status_file
-export HOME="$(eval echo "~$current_user")"
-cd ~
+export HOME=$(getent passwd "$current_user" | cut -d: -f6)
+cd "$HOME"
 rm -rf paru-bin
 git clone https://aur.archlinux.org/paru-bin.git
 cd paru-bin

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/distros/arch/init.sh

@@ -6,6 +6,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 source "$SCRIPT_DIR/entrypoint-common.sh"
 
+export HOME=/root
 # pacman configuration
 PAC="pacman --noconfirm"
 echo_color "$fg_cyan" "Configuring pacman" >> $status_file

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/distros/arch/pkgdeps.py

@@ -17,6 +17,8 @@ where:
                   newlines in the description
 """
 
+# TODO: SW: this is returning back installed packages too which should be skipped
+
 import gzip
 import os
 import re

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/distros/deb-generic/pkgdeps.py

@@ -11,7 +11,7 @@ where:
             and so on; resolution of level > 2 is not required since caller currently ignores those
  * <order>: this is a simple counter assigned to the dependencies where the value itself is of no
             significance but if multiple dependencies have the same value then it means that they
-            are ORed dependencies and only one of them should normlly be selected for installation
+            are ORed dependencies and only one of them need to be selected for installation
  * <installed>: true if the dependency already installed and false otherwise
  * <description>: detailed description of the dependency; it can contain literal \n to indicate
                   newlines in the description
@@ -69,6 +69,7 @@ class PkgDetail(Enum):
     OPTIONAL_DEP = 5
 
 
+# noinspection PyUnusedLocal
 def process_next_item(line: str, parse_line: Callable[[str], tuple[PkgDetail, str]],
                       parse_dep: Callable[[str], Iterable[tuple[str, str, Optional[str]]]],
                       installed: Callable[[str], bool], max_level: int,

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/profiles/basic.ini

@@ -20,7 +20,8 @@
 #   - YBOX_SYS_CONF_DIR: path to system configuration directory where configuration directory
 #                        shipped with ybox is installed (or the string form of
 #                          the directory if it is not on filesystem like an egg or similar)
-#   - TARGET_HOME: set to the home directory of the container user
+#   - TARGET_HOME: set to the home directory of the container user as it exists on the host
+#                  (i.e. the expanded value of the "home" key in the [base] section)
 # Additionally a special notation can be used for current date+time with this notation:
 #   ${NOW:<fmt>}. The <fmt> uses the format supported by python strftime
 # (https://docs.python.org/3/library/datetime.html#datetime.datetime.strftime)
@@ -115,7 +116,7 @@ nvidia = off
 # works well on most Linux distros (https://wiki.archlinux.org/title/docker or
 #    https://wiki.archlinux.org/title/podman), and the official NVIDIA docs:
 #  https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
-# For example on ubuntu with podman, configure the apt repository from the previous link
+# For example, on ubuntu with podman, configure the apt repository from the previous link
 # and install the package as noted there, then run
 # `sudo nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml`.
 # This will need to be repeated if nvidia driver version is upgraded.
@@ -200,29 +201,40 @@ documents = $HOME/Documents:$TARGET_HOME/Documents:ro
 #   section) to a directory that is mounted read-only.
 #
 # The value has two parts separated by "->" with the LHS of this being the source that
-# is to be copied while the RHS is the required relative path in the target directory.
-# On the target container the same is used to symlink from the target on RHS to source on LHS.
+# is to be copied while the RHS is the required relative path in the container's home directory.
+# Any spaces around "->" are excluded from the LHS and RHS names.
 # Source is skipped if it does not exist or not readable with a message on standard output.
 #
 # Typically this will contain shell, vim and other common configuration files.
 # These can be either files or directories and are skipped if they do not exist.
-# The keys here have no special significance other than the fact that they should be
-# unique and can be used to override in later files that include this one.
+# The keys here should be unique and can be used to override in later files that include this one.
 #
-# Note: The files are symlinks in the container user area and are mounted on a read-only
-# mount by default, so if you need to change a file within a container then you will
-# need to first remove the symlink and make a copy of the file. This will remove the
+# Two special suffixes can be used in the key names:
+#  1) ":dir" : this suffix indicates that the source is a directory and entire directory structure
+#              should be replicated in the target with symlinks only for the individual files;
+#              this helps in cases where user needs to make a separate copy of a file inside
+#              the directory (using either ":copy" suffix or manually)
+#  2) ":copy": this suffix indicates that the source should be copied to the target; if a
+#              file/directory to be copied lies inside another directory that is being linked,
+#              then it should be mentioned before this and marked with ":dir" so that directory
+#              structure is replicated in the target (see example of fish shell config below)
+#
+# Note: The files from the host are mounted read-only by default in the target container, so if
+# you need to change a file within a container then you can use the ":copy" suffix in the key name
+# or manually remove the symlink and make a copy of the file. This will remove the
 # direct sharing between the two which has to be done manually thereon if required.
 # The sharing behavior also depends on "config_hardlinks" as described in its comment above
 # in the [base] section.
 #
-# Note: The HOME environment variable here will be evaluated both in the host
-# session (for the source to be transferred) and inside the container session
-# (for the target). Do not use TARGET_HOME here which can be incorrect for the host session.
+# Note: The LHS should typically have a path having $HOME while RHS will be relative to the
+#       target's home inside the container. Do not use $TARGET_HOME on RHS (or LHS for that matter)
+#       which is the target's home as on the host and not the one inside the container.
 [configs]
 bashrc = $HOME/.bashrc -> .bashrc
 starship = $HOME/.config/starship.toml -> .config/starship.toml
-fishrc = $HOME/.config/fish -> .config/fish
+# replicate fish configuration directory with copy of fish_variables but symlinks for the rest
+fish_conf:dir = $HOME/.config/fish -> .config/fish
+fish_vars:copy = $HOME/.config/fish/fish_variables -> .config/fish/fish_variables
 omf = $HOME/.config/omf -> .config/omf
 omf_data = $HOME/.local/share/omf -> .local/share/omf
 zshrc = $HOME/.zshrc -> .zshrc
@@ -261,10 +273,11 @@ speechconf = $HOME/.config/speech-dispatcher -> .config/speech-dispatcher
 [env]
 TERM
 TERMINFO_DIRS = /usr/share/terminfo:/var/lib/terminfo
-XDG_CURRENT_DESKTOP
-XDG_SESSION_DESKTOP
+# always pretend desktop to be GNOME since KDE/*DE apps required by xdg-* are not installed
+XDG_CURRENT_DESKTOP = GNOME
+XDG_SESSION_DESKTOP = GNOME
+DESKTOP_SESSION = gnome
 XDG_SESSION_TYPE
-DESKTOP_SESSION
 GTK_IM_MODULE
 QT_IM_MODULE
 SDL_IM_MODULE

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/profiles/dev.ini

@@ -12,12 +12,6 @@ caps_add = SYS_PTRACE
 #projects = $HOME/projects:$TARGET_HOME/projects
 #pyenv = $HOME/.pyenv:$TARGET_HOME/.pyenv:ro
 
-[env]
-# always pretend desktop to be GNOME since KDE apps required by xdg-* are not installed
-XDG_CURRENT_DESKTOP = GNOME
-XDG_SESSION_DESKTOP = GNOME
-DESKTOP_SESSION = gnome
-
 [apps]
 # some packages for Arch Linux - uncomment and update for your distribution as required
 #ides = intellij-idea-community-edition-jre,visual-studio-code-bin,zed

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/resources/entrypoint-root.sh

@@ -8,6 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 source "$SCRIPT_DIR/entrypoint-common.sh"
 
+export HOME=/root
 echo_color "$fg_cyan" "Copying prime-run, run-in-dir and run-user-bash-cmd" >> $status_file
 cp -a "$SCRIPT_DIR/prime-run" /usr/local/bin/prime-run
 cp -a "$SCRIPT_DIR/run-in-dir" /usr/local/bin/run-in-dir

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/resources/entrypoint-user.sh

@@ -13,9 +13,11 @@ mkdir -p "$user_home/.gnupg" && chmod 0700 "$user_home/.gnupg"
 echo "keyserver $DEFAULT_GPG_KEY_SERVER" > "$user_home/.gnupg/dirmngr.conf"
 rm -f "$user_home"/.gnupg/*/*.lock
 
-echo_color "$fg_cyan" "Enabling python pip installation for $current_user" >> $status_file
-mkdir -p "$user_home/.config/pip"
-cat > "$user_home/.config/pip/pip.conf" << EOF
+if [ ! -e "$user_home/.config/pip/pip.conf" ]; then
+  echo_color "$fg_cyan" "Enabling python pip installation for $current_user" >> $status_file
+  mkdir -p "$user_home/.config/pip"
+  cat > "$user_home/.config/pip/pip.conf" << EOF
 [global]
 break-system-packages = true
 EOF
+fi

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/resources/entrypoint.sh

@@ -22,7 +22,7 @@ echo -n > $status_file
 # the current user as well as the group of the normal user
 uid="$(id -u)"
 gid="$(id -g)"
-chown $uid:$YBOX_HOST_GID $status_file
+chown $uid:${YBOX_HOST_GID:-$gid} $status_file
 chmod 0660 $status_file
 if [ "$uid" -eq 0 ]; then
   SUDO=""
@@ -47,16 +47,14 @@ function show_usage() {
   echo "  -h               show this help message and exit"
 }
 
-# link the configuration files in HOME to the target directory having the required files
-function link_config_files() {
+# copy/link the configuration files in HOME to the target directory having the required files
+function replicate_config_files() {
   # line is of the form <src> -> <dest>; pattern below matches this while trimming spaces
   echo_color "$fg_orange" "Linking configuration files from $config_dir to user's home" >> $status_file
-  pattern='(.*[^[:space:]]+)[[:space:]]*->[[:space:]]*(.*)'
+  pattern='(COPY|LINK_DIR|LINK):(.*)'
   while read -r config; do
     if [[ "$config" =~ $pattern ]]; then
-      home_file="${BASH_REMATCH[1]}"
-      # expand env variables
-      eval home_file="$home_file"
+      home_file="$HOME/${BASH_REMATCH[2]}"
       dest_file="$config_dir/${BASH_REMATCH[2]}"
       # only replace the file if it is already a link (assuming the link target may
       #   have changed in the config_list file), or a directory containing links
@@ -80,7 +78,15 @@ function link_config_files() {
           mkdir -p "$home_filedir"
         fi
         if [ ! -e "$home_file" ]; then
-          ln -s "$dest_file" "$home_file"
+          if [ "${BASH_REMATCH[1]}" = "COPY" ]; then
+            cp -r "$dest_file" "$home_file"
+          elif [ "${BASH_REMATCH[1]}" = "LINK_DIR" ]; then
+            # if dest_file is a directory, then replicate the directory structure in home and
+            # symlink individual files which is accomplished with "cp -sr"
+            cp -sr "$dest_file" "$home_file"
+          else  # "${BASH_REMATCH[1]}" = "LINK"
+            ln -s "$dest_file" "$home_file"
+          fi
         fi
       fi
     else
@@ -180,7 +186,7 @@ run_dir=${XDG_RUNTIME_DIR:-/run/user/$uid}
 if [ -d $run_dir ]; then
   $SUDO chown $uid:$gid $run_dir 2>/dev/null || true
 fi
-if [ -n "$(ls $run_dir 2>/dev/null)" ]; then
+if compgen -G "$run_dir/*" >/dev/null; then
   $SUDO chown $uid:$gid $run_dir/* 2>/dev/null || true
 fi
 
@@ -212,7 +218,7 @@ fi
 
 # process config files, application installs and invoke startup apps
 if [ -n "$config_list" ]; then
-  link_config_files
+  replicate_config_files
 fi
 if [ -n "$app_list" ]; then
   install_apps
@@ -231,14 +237,17 @@ function cleanup() {
   # clear status file first just in case other operations do not finish before SIGKILL comes
   echo -n > $status_file
   # first send SIGTERM to all "docker exec" processes that will have parent PID as 0 or 1
+  kill_sent=0
   exec_pids="$(ps -e -o ppid=,pid= | \
     awk '{ if (($1 == 0 || $1 == 1) && $2 != 1 && $2 != '$childPID') print $2 }')"
   for pid in $exec_pids; do
-    echo "Sending SIGTERM to $pid"
-    kill -TERM $pid
+    if kill -TERM $pid 2>/dev/null; then
+      kill_sent=1
+      echo "Sent SIGTERM to $pid"
+    fi
   done
   # sleep a bit for $exec_pids to finish
-  [ -n "$exec_pids" ] && sleep 3
+  [ $kill_sent -eq 1 ] && sleep 3
   # lastly kill the infinite tail process
   kill -TERM $childPID
 }

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/resources/prime-run

@@ -1,7 +1,5 @@
 #!/bin/sh
 
-set -e
-
 __NV_PRIME_RENDER_OFFLOAD=1
 __GLX_VENDOR_LIBRARY_NAME=nvidia
 __VK_LAYER_NV_optimus=NVIDIA_only

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/conf/resources/run-in-dir

@@ -49,6 +49,7 @@ if [ -e "$nvidia_setup" ]; then
       flock -x -w 60 $lock_fd || /bin/true
       trap "flock -u $lock_fd || /bin/true" 0 1 2 3 4 5 6 7 8 10 11 12 13 14 15
       if ! is_nvidia_valid; then
+        # set umask for root execution to ensure that other users have read/execute permissions
         umask 022
         sudo /bin/bash "$nvidia_setup" || /bin/true
       fi
@@ -57,4 +58,7 @@ if [ -e "$nvidia_setup" ]; then
   fi
 fi
 
+# reset to more conservative umask setting
+umask 027
+
 exec "$@"

ybox-0.9.10/src/ybox/conf/resources/run-user-bash-cmd

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# This script either runs a given command using bash directly, or if YBOX_HOST_UID environment
+# variable is set to something other than the UID of the current user, then uses sudo to run
+# the command as that UID (plus YBOX_HOST_GID as the GID). This latter case happens for rootless
+# docker where the ybox container runs as the root user (due to absence of --userns=keep-id like
+#   in podman) but some commands need to be run as a normal user like Arch's paru/yay AUR helpers.
+
+set -e
+
+if [ "$#" -ne 1 ]; then
+  echo "Usage: $0 <full command to run as single argument like passed to '/bin/bash -c'>"
+  exit 1
+fi
+
+if [ "$(id -u)" -eq 0 -a -n "$YBOX_HOST_UID" ] && getent passwd $YBOX_HOST_UID > /dev/null; then
+  sudo -u "#$YBOX_HOST_UID" -g "#$YBOX_HOST_GID" /bin/bash -c "$1"
+  status=$?
+  if [ $status -ne 0 ]; then
+    echo "FAILED (exit code = $status) in sudo execution of: $1"
+    exit $status
+  fi
+else
+  eval "$1"
+  status=$?
+  if [ $status -ne 0 ]; then
+    echo "FAILED (exit code = $status) in execution of: $1"
+    exit $status
+  fi
+fi

ybox-0.9.10/src/ybox/conf/resources/ybox-systemd.template

@@ -0,0 +1,22 @@
+# ybox-{name}.service
+#
+# Autogenerated by ybox-create {version} on {date}
+
+[Unit]
+Description={manager_name} ybox-{name}.service
+Wants=network-online.target
+After=network-online.target
+{docker_requires}
+[Service]
+EnvironmentFile={env_file}
+Type=forking
+Restart=on-failure
+TimeoutStopSec=70
+# sleep to allow for initialization of the user's login/graphical environment
+ExecStartPre=/usr/bin/sleep $SLEEP_SECS
+ExecStart=/bin/sh -c 'ybox-control start {name}'
+ExecStop=/bin/sh -c 'ybox-control stop -t 20 --ignore-stopped {name}'
+ExecStopPost=/bin/sh -c 'ybox-control stop -t 20 --ignore-stopped {name}'
+{pid_file}
+[Install]
+WantedBy=default.target

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/config.py

@@ -142,6 +142,9 @@ class Consts:
     Defines fixed file/path and other names used by ybox that are not configurable.
     """
 
+    # standard system executable paths
+    _SYS_BIN_DIRS = ("/usr/bin", "/bin", "/usr/sbin", "/sbin", "/usr/local/bin", "/usr/local/sbin")
+    # regex pattern to match all manual page directories
     _MAN_DIRS_PATTERN = re.compile(r"/usr(/local)?(/share)?/man(/[^/]*)?/man[0-9][a-zA-Z_]*")
 
     @staticmethod
@@ -216,13 +219,18 @@ class Consts:
     @staticmethod
     def container_bin_dirs() -> Iterable[str]:
         """directories on the container that has executables that may need to be wrapped"""
-        return ("/usr/bin", "/usr/sbin", "/bin", "/sbin", "/usr/local/bin", "/usr/local/sbin")
+        return Consts._SYS_BIN_DIRS
 
     @staticmethod
     def container_man_dir_pattern() -> re.Pattern[str]:
         """directory regex pattern on the container having man-pages that may need to be linked"""
         return Consts._MAN_DIRS_PATTERN
 
+    @staticmethod
+    def sys_bin_dirs() -> Iterable[str]:
+        """standard directories to search for system installed executables"""
+        return Consts._SYS_BIN_DIRS
+
     @staticmethod
     def nvidia_target_base_dir() -> str:
         """base directory path where NVIDIA libs/data are linked in the container"""

{ybox-0.9.9 → ybox-0.9.10}/src/ybox/pkg/clean.py

@@ -8,14 +8,10 @@ from configparser import SectionProxy
 from ybox.cmd import PkgMgr, build_shell_command, run_command
 from ybox.config import StaticConfiguration
 from ybox.print import print_info
-from ybox.state import RuntimeConfiguration, YboxStateManagement
 
 
-# noinspection PyUnusedLocal
 def clean_cache(args: argparse.Namespace, pkgmgr: SectionProxy, docker_cmd: str,
-                conf: StaticConfiguration, runtime_conf: RuntimeConfiguration,
-                state: YboxStateManagement) -> int:
-    # pylint: disable=unused-argument
+                conf: StaticConfiguration) -> int:
     """
     Clean package cache and related intermediate files.
 
@@ -23,8 +19,6 @@ def clean_cache(args: argparse.Namespace, pkgmgr: SectionProxy, docker_cmd: str,
     :param pkgmgr: the `[pkgmgr]` section from `distro.ini` configuration file of the distribution
     :param docker_cmd: the podman/docker executable to use
     :param conf: the :class:`StaticConfiguration` for the container
-    :param runtime_conf: the `RuntimeConfiguration` of the container
-    :param state: instance of `YboxStateManagement` having the state of all ybox containers
     :return: integer exit status of clean command where 0 represents success
     """
     print_info(f"Cleaning package cache in container '{conf.box_name}'")