cmd: fallback to parsing getent passwd output when $SHELL is not set#1760
cmd: fallback to parsing getent passwd output when $SHELL is not set#1760Rolv-Apneseth wants to merge 1 commit intocontainers:mainfrom
getent passwd output when $SHELL is not set#1760Conversation
Summary of ChangesHello @Rolv-Apneseth, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the application's ability to reliably determine the user's default shell. It addresses scenarios where the Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a fallback mechanism to determine the user's shell by parsing getent passwd output when the $SHELL environment variable is not set. This is a good improvement for robustness. The changes are applied consistently across the create, enter, and rootMigrationPath commands. My review includes a couple of suggestions for the new getUserShell function in src/cmd/utils.go to enhance its portability and robustness. Additionally, since you've mentioned being open to adding tests, it would be great to add unit tests for the new getUserShell function to cover both the successful paths and the error cases you're handling. This would improve the long-term maintainability of this new logic.
Rolv-Apneseth
force-pushed
the
fallback_shell
branch
2 times, most recently
from
9c87365 to
262de18
Compare
|
Build succeeded. ✔️ unit-test SUCCESS in 2m 10s |
|
man.. it sure would be nice if golang/go#59121 were implemented :) |
Yeah that's a shame |
debarshiray
left a comment
debarshiray
left a comment
There was a problem hiding this comment.
Thanks for working on this, @Rolv-Apneseth ! Let me first answer your question about how the tests work.
I think something like this that inserts a unset SHELL should work:
$ git diff
diff --git a/test/system/101-create.bats b/test/system/101-create.bats
index 06b64a859dd6..97525ee78d3f 100644
--- a/test/system/101-create.bats
+++ b/test/system/101-create.bats
@@ -60,6 +60,35 @@ teardown() {
assert_output "true"
}
+@test "create: Smoke test with SHELL unset" {
+ local default_container
+ default_container="$(get_system_id)-toolbox-$(get_system_version)"
+
+ pull_default_image
+ unset SHELL
+
+ run --keep-empty-lines --separate-stderr "$TOOLBX" create
+
+ assert_success
+ assert_line --index 0 "Created container: $default_container"
+ assert_line --index 1 "Enter with: toolbox enter"
+ assert [ ${#lines[@]} -eq 2 ]
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run podman ps --all
+
+ assert_success
+ assert_output --regexp "Created[[:blank:]]+$default_container"
+
+ run podman inspect \
+ --format '{{index .Config.Labels "com.github.containers.toolbox"}}' \
+ --type container \
+ "$default_container"
+
+ assert_success
+ assert_output "true"
+}
+
@test "create: With a custom name (using option --container)" {
pull_default_imageI ran the toolbox binary with and without your commit against this test, and the test passed and failed respectively. So, at least it's roughly working. :)
Feel free to add it to your commit, if you think everything is alright.
There are two broad categories of tests. First, the unit tests in the *_test.go files for the Go code run by meson test .... Second, the system tests using Bats in test/system that run the toolbox binary.
To run the unit tests locally, ensure that all the optional dependencies listed during meson setup are present, and do a git submodule init and git submodule update dance. You can either run all the tests with:
$ TMPDIR=/var/tmp TOOLBX=/path/to/toolbox bats /path/to/test/system... or a particular file with:
$ TMPDIR=/var/tmp TOOLBX=/path/to/toolbox bats /path/to/test/system/101-create.batsThe latter might be easier to start with because there are a lot of tests and many of them do a lot of I/O. So, it may take a while to run all of them. :)
There's also a README.md in the test/system directory that might be of help.
debarshiray
left a comment
debarshiray
left a comment
There was a problem hiding this comment.
The changes look mostly good to me, other than some of these details.
I have one question arising out of curiosity. Did you check that the SHELL environment variable is really missing from the CoreOS command line environment? I wanted to try it for myself but I never got around to it.
The only other time I saw it go missing was in the GitHub Actions workflow environment when trying to run the Toolbx tests on a Ubuntu 22.04 host. See:
https://github.com/orgs/community/discussions/59413
8c28dc2660d61025
c22b09d095c7a8ac
The log-in sequence jumps through various hoops, and our future selves will be grateful, if we documented these deviations from the usual. :)
| } | ||
|
|
||
| // However, fallback to parsing `getent passwd` output if it is not set for whatever reason | ||
| logrus.Debug("$SHELL environment variable was empty - falling back to getent passwd") |
There was a problem hiding this comment.
The comment looks superfluous, because the debug log says the same. :)
src/cmd/utils.go
Outdated
| logrus.Debug("$SHELL environment variable was empty - falling back to getent passwd") | ||
|
|
||
| if currentUser == nil { | ||
| return "", errors.New("failed to get the current user's default shell") |
There was a problem hiding this comment.
Did you actually hit any scenario where currentUser was nil inside this function?
I am asking because I expect currentUser to be set to a valid *user.User very early in the lifecycle of the process. Look for the setUpGlobals() function. It's called in the init() of the cmd package, which should be very early. So, it would have to be a programmer error for currentUser to be nil.
If all that is true, then it will be better to use a panic() to express a mandatory pre-condition, because returning an error makes it look like a possible runtime scenario. See the getCurrentUserHomeDir() function for an example.
There was a problem hiding this comment.
Ah, makes sense. I'll use a panic.
src/cmd/utils.go
Outdated
| if currentUser == nil { | ||
| return "", errors.New("failed to get the current user's default shell") | ||
| } | ||
| cmd := exec.Command("getent", "passwd", currentUser.Uid) |
There was a problem hiding this comment.
Instead of directly using os/exec, it will be better to go through one of the github.com/containers/toolbox/pkg/shell wrappers because they hook up the standard error and output streams of the child process to toolbox --verbose.
Something like this should work:
import (
...
"github.com/containers/toolbox/pkg/shell"
...
)
...
...
var stderr strings.Builder
var stdout strings.Builder
if err := shell.Run("getent", nil, &stdout, &stderr, "passwd", currentUser.Uid); err != nil {
errString := stderr.String()
logrus.Debugf("Getting entry for user %s from the passwd database failed: %s", currentUser.Uid, errString)
return "", fmt.Errorf("failed to get the current user's default shell: %w", err)
}
...There was a problem hiding this comment.
Ah, didn't know about that, thank you
src/cmd/utils.go
Outdated
| func getUserShell() (string, error) { | ||
| // $SHELL is supposed to get set during login | ||
| userShell := os.Getenv("SHELL") | ||
| if userShell != "" { |
There was a problem hiding this comment.
I wonder if these two lines can be combined for brevity and to restrict the scope of userShell. Like:
if userShell := os.Getenv("SHELL"); userShell != "" {
src/cmd/utils.go
Outdated
| userShell = split[len(split)-1] | ||
|
|
||
| // Ensure $SHELL is set moving forward | ||
| os.Setenv("SHELL", userShell) |
There was a problem hiding this comment.
Was it really necessary to set the SHELL environment variable? It's a bit unexpected for a getSomething() function to have the side effect of setting something. :)
If it's not really necessary, then let's not set it. The SHELL environment variable is not used in any hot code path, and only once at the beginning for the create and enter commands.
There was a problem hiding this comment.
No I suppose not, I just assumed it would make sense if $SHELL is also forwarded to the container itself as it might cause issues with other programs? Without that line, env | grep SHELL within the container has no output.
I was beginning to wonder if |
Signed-off-by: Rolv Apneseth <rolv.apneseth@gmail.com> Signed-off-by: Rolv-Apneseth <rolv.apneseth@gmail.com>
Rolv-Apneseth
force-pushed
the
fallback_shell
branch
from
262de18 to
8bf9068
Compare
Thank you for the breakdown of the testing setup and writing a test! It looks good to me.
I linked the other issue as it was related, and that's where your suggestion for a solution was, but I'm actually here from this issue, which is indeed an OpenShift debug pod. I haven't personally been able to reproduce the issue on CoreOS locally. Where would you like these occurrences documented? And thank you for the thorough review. Hopefully I've addressed all your points but just let me know if more changes are required. |
|
Build succeeded. ✔️ unit-test SUCCESS in 2m 20s |
3 participants
As suggested in #1615, this PR just adds a fallback if $SHELL is not set for whatever reason.
Not very comfortable with Go, but hopefully the code is alright. Happy to make any changes anyway. And let me know if you want some tests added, I just wasn't sure entirely where to add that.