Problem using the sandbox

[je55eah]

When I specify a save file that exists or does not yet exist, it fails.

Code: Select all

rw-sandbox-lxc.sh /mnt/sda1/sandbox-00

mount: /mnt/sb/sandbox: failed to setup loop device for sandbox-00.
unable to mount rw image: sandbox-00

If I do not specify a save file then I am prompted to create or or to select one, and that works.

Code: Select all

rw-sandbox-lxc.sh

*Not* using user namespaces, dropping capabilities
Starting sandbox (id: sb-lxc) now.
lxc-console -q -e g -n "$LXC_ID" -t 1

Connected to tty 1
Type <Ctrl+g q> to exit the console, <Ctrl+g Ctrl+g> to enter Ctrl+g itself
can't run '/etc/rc.d/rc.sysinit.lxc': Exec format error
Leave sandbox by typing 'poweroff', do not use Ctrl-G as above.
If you accidentally use Ctrl-G connect back with 'lxc-console -n sandbox-id'

getty: tty1: can't execute '/bin/autologin'

Unfortunately, If I select only the first two layers, pup_init and kernel-modules then the sandbox is unusable and it prints unto infinity:

Code: Select all

getty: tty1: can't execute '/bin/autologin'

I can stop it by using another terminal:

Code: Select all

lxc-stop --name sb-lxc

The first terminal then returns the following:

Code: Select all

can't run '/etc/rc.d/rc.shutdown.lxc': Exec format error
Leaving sandbox

How can I get this working?

[jamesbond]

When I specify a save file that exists or does not yet exist, it fails.

Code: Select all

rw-sandbox-lxc.sh /mnt/sda1/sandbox-00

mount: /mnt/sb/sandbox: failed to setup loop device for sandbox-00.
unable to mount rw image: sandbox-00

Can't reproduce. How did you create "savefile that exists?"

Unfortunately, If I select only the first two layers, pup_init and kernel-modules then the sandbox is unusable and it prints unto infinity:

Code: Select all

getty: tty1: can't execute '/bin/autologin'

In current version of Fatdog, not including the basesfs will make (rw-)sandbox-lxc.sh to fail in the way you just described. This has been rectified internally and the fix will be published in the next release.

[je55eah]

@jamesbond

Can't reproduce. How did you create "savefile that exists?"

The savefile was created by starting the sandbox without specifying a savefile in the terminal, then choosing create when prompted by the gui.

That produced the error I posted.

The same or similar error occurred when I specified a savefile in the terminal before a savefile existed.

[jamesbond]

The savefile was created by starting the sandbox without specifying a savefile in the terminal, then choosing create when prompted by the gui.

That produced the error I posted.

Can't reproduce. Using a savefile created this way always works for me without any exceptions.
Did you finish the process? Did you run rw-sandbox until get into the sandbox, and then exit gracefully?
If you didn't exit gracefully this could happen.
Can you run file /path/to/non-working/savefile in terminal and paste the output here?

The same or similar error occurred when I specified a savefile in the terminal before a savefile existed.

That's expected. You can only pass a path to an existing savefile.

[je55eah]

If I try it for a nonexistent savefile the output is:

Code: Select all

mount: /mnt/sb/sandbox: failed to setup loop device for /mnt/sda1/sandbox-01.
unable to mount rw image: /mnt/sda1/sandbox-01

But, I guess this is not intended to work.

I tried again with the exiting savefile and as long as I load more than the first two layers the sandbox starts. The actual problem was that I did not specify the full path to the existing savefile and since it didn't work as above I thought it was the same issue.

It was user error. Thanks.

In current version of Fatdog, not including the basesfs will make (rw-)sandbox-lxc.sh to fail in the way you just described. This has been rectified internally and the fix will be published in the next release.

Can I make the fix so that I can begin to use this before the next release?

[jamesbond]

Start by rename your savefile to something with an .img extension.
Say test.img.

1. Using rox, click test.img. It will be opened in a new folder.
2. Inside the newly opened folder, create a new folder and name it "bin".
3. Download the attached autologin.tar.gz file. Get its content (a single file named autologin) and copy it to inside the "bin" folder.
4. Make sure that this file has executable permissions.
5. Then click the original test.img to close it.
Then try again, using test.img as your savelayer.
Good luck.

[je55eah]

Success! Thank you.

[je55eah]

I have surveyed the files in the first layer but I have not identified a way to access the internet.

Code: Select all

# udhcpc
udhcpc: started, v1.27.0.git
Setting IP address 0.0.0.0 on eth0
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
^C

I tried NAT and proxy ARP when starting the sandbox with:

Code: Select all

rw-sandbox-lxc.sh /mnt/sda1/sandbox-00.img

if config returns:

Code: Select all

# ifconfig
eth0      Link encap:Ethernet  HWaddr 16:35:76:F1:4B:55  
          inet addr:192.168.118.140  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::1435:76ff:fef1:4b55/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7178 (7.0 KiB)  TX bytes:586 (586.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ping indicates a good connection:

Code: Select all

# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=20.759 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=20.274 ms
64 bytes from 8.8.8.8: seq=2 ttl=117 time=20.413 ms
64 bytes from 8.8.8.8: seq=3 ttl=117 time=20.402 ms
64 bytes from 8.8.8.8: seq=4 ttl=117 time=20.532 ms
64 bytes from 8.8.8.8: seq=5 ttl=117 time=20.485 ms
64 bytes from 8.8.8.8: seq=6 ttl=117 time=20.706 ms
64 bytes from 8.8.8.8: seq=7 ttl=117 time=20.351 ms
64 bytes from 8.8.8.8: seq=8 ttl=117 time=20.469 ms
^C

so maybe my problem earlier was that I tried to run udhcpc first... or maybe it was failing with proxy ARP because it failed earlier.

It works now, but wget is letting me down.

Code: Select all

# wget https://github.com/moparisthebest/static-curl/releases/download/v7.86.0/curl-amd64
wget: bad address 'github.com'

It looks like the problem is due to the lack of SSL certifications at /etc/ssl/cert.pem

https://stackoverflow.com/questions/222 ... ertificate
https://serverfault.com/questions/89608 ... rtificates

Perhaps the certs should be included in the first layer.

As a workaround I opened the savefile from the host system and copied curl into the /usr/bin folder within sandbox-00.img. I also marked it as executable. But will curl also suffer without ssl certificates?

I wanted to try 0install, so I tried this.

Code: Select all

curl -O https://get.0install.net/0install.sh && chmod +x 0install.sh

and:

Code: Select all

0curl: (6) Could not resolve host: get.0install.net

I reopened the img file and copied /etc/wgetrc from the host into the sandbox save file.
I copied /etc/pki/tls/certs/ca-bundle.crt and the symbolic link at /etc/ssl/ca-bundle.crt
I also copied the /etc/ssl/certs folder into the sandbox.

Curl looks for the environment variable CURL_CA_BUNDLE so after I start the sandbox I need to run:

Code: Select all

export CURL_CA_BUNDLE=/etc/ssl/ca-bundle.crt

https://linuxcommand.org/lc3_man_pages/curl1.html

I think there should be a script which sets this variable automatically. I tried to find it on the host system with:

Code: Select all

grep -r CURL_CA_BUNDLE / 

but I didn't find what I was looking for. Does anyone know where I should do that?

Did it work? No.

I was still unable to download curl from github with wget and curl could not resolve the 0install host.

What should I do now?

[jamesbond]

It works now, but wget is letting me down.

Code: Select all

# wget https://github.com/moparisthebest/static-curl/releases/download/v7.86.0/curl-amd64
wget: bad address 'github.com'

It looks like the problem is due to the lack of SSL certifications at /etc/ssl/cert.pem

No it's not, the problem is that you're missing /etc/resolv.conf

Code: Select all

Starting sandbox now.
sandbox# echo nameserver 9.9.9.9 > /etc/resolv.conf
sandbox# wget https://github.com/moparisthebest/static-curl/releases/download/v7
.86.0/curl-amd64
Connecting to github.com (20.248.137.48:443)
Connecting to objects.githubusercontent.com (185.199.108.133:443)
curl-amd64           100% |*******************************|  3455k  0:00:00 ETA
sandbox# 

Did it work? No.
I was still unable to download curl from github with wget and curl could not resolve the 0install host.
What should I do now?

I can tell you this: even if you manage to download 0install, it will __NOT__ run if you're using only the bottom two layers.

Now my turn to ask you.

1. What exactly are you trying to do ?
2. Why is it that you insist on using the first two bottom layers only ?
3. Have you read Fatdog's layered filesystem details that I pointed to you before, and do you understand it ?
4. Specifically, do you know what the bottom two layers are ?

[je55eah]

4. It's the base system and the kernel modules for hardware support.
3. yes
2. I don't want all of the software to be installed together in a big jumbled mess.
1. learn and then build everything as a standalone sfs or a roxapp or an appimage or something with dependencies included.

I know that means each app will be relatively bloated, but hard drive space isn't really in short supply.

[jamesbond]

4. It's the base system and the kernel modules for hardware support.

You're right about the kernel modules, but incorrect for the "base system". pup_init is not the base system. It is only the "system initialisation" layer, that's why it is called that way. It is not used when Fatdog is up and running. There is literally nothing there which is used or usable by the higher layers. (The "base system" is located in the basesfs, that's why it is called that way)

1. learn and then build everything as a standalone sfs or a roxapp or an appimage or something with dependencies included.

The sandbox isn't designed or meant for this purpose, but of course there is nothing stopping you from using it any way you want, as long as you're aware that YMMV. I wish you luck in your endeavour.

As a parting note: I said that 0install won't work if you only use the pup_init layer. The reason why it won't, is because the pup_init layer does not even have glibc or any of the compiler run-time libraries.

[je55eah]

I don't think the sandbox lets ne start it without any layers selected. When only the first layer is selected there are 589 files present. Perhaps they are actually in a hidden base layer, but my only option with the sandbox is to start with the init layer. After I learn enough I see opportunities to further subdivide the base layer too.

Shouldn't it be possible to load the devx sfs into the sandbox as needed?

[jamesbond]

I don't think the sandbox lets ne start it without any layers selected.

When you start a sandbox, it is as if you start another copy of an operating system.
If you don't select any layers you would end-up with a blank disk.
You can't start an operating system with a blank disk.

[je55eah]

Then the base system is in fact loaded by the init layer.

[je55eah]

Adding resolv.conf to the save file did allow me to download curl with wget. Perhaps resolv.conf should be included in the base layer.

I removed the certificates I added in my earlier post, but that may have been a mistake.

Curl failed.

Code: Select all

curl -O https://get.0install.net/0install.sh && chmod +x 0install.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (77) error setting certificate verify locations:  CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none

Adding the certificates back wasn't enough because /etc/ssl/certs/ca-certificates.crt didn't exist, but after I created the CURL_CA_BUNDLE variable I was able to download 0install.sh

Code: Select all

export CURL_CA_BUNDLE=/etc/ssl/ca-bundle.crt

I wonder where this variable should be defined so that it happens automatically.

Having added resolv.conf, the certificates, and set the variable for curl I was able to download 0install.sh

You were right though, 0install didn't work.

Code: Select all

# ./0install.sh --help
./0install.sh: line 42: /root/.cache/0install.net/0install-linux-x86_64-latest/files/0install: not found

Something is wrong with the script, but /root/.cache/0install.net/0install-linux-x86_64-latest is created.

I tried to execute it

Code: Select all

# chmod +x /root/.cache/0install.net/0install-linux-x86_64-latest
# /root/.cache/0install.net/0install-linux-x86_64-latest install local
-sh: /root/.cache/0install.net/0install-linux-x86_64-latest: Permission denied

Any ideas?

[je55eah]

Code: Select all

# ldd 0install
./0install: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by ./0install)
	linux-vdso.so.1 (0x00007ffc9d1d2000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6053be1000)
	libm.so.6 => /lib64/libm.so.6 (0x00007f605384e000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f605364a000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f6053290000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f6054df5000)

I was hoping these dependencies might be in the devx sfs so I tried to load it, but the load_sfs.sh script seems to be broken in the sandbox.

Code: Select all

# ls
0install.sh        fd64-devx_813.sfs
# load_sfs.sh fd64-devx_813.sfs 
: Usage:
 load_sfs.sh [--quiet|-q] [start|stop|--loaded|help|--help|-h]
 load_sfs.sh [--quiet|-q] [--load|--unload|--add|--remove /path/to/sfsfile ...]

Without parameters, load_sfs.sh will run the interactive GUI.

'start' will load all the sfs found in the auto-load file.
'stop' will unload all the sfs found in the auto-load file.
They are useful when load_sfs.sh is symlink-ed to /etc/init.d as a service.
The auto-load file is located at /etc/load_sfs.

--loaded or --list : list all currently loaded sfs-es.
--load   : load the given sfs
--unload : unload the given sfs
--add    : add the given sfs to the auto-load list
--remove : remove the sfs from the auto-load list
--quiet  : don't output any message

# load_sfs.sh --list
# 

What else do I need to do to fix this?

[je55eah]

Code: Select all

# load_sfs.sh --load fd64-devx_813.sfs 
mknod: /dev/loop10: Operation not permitted
losetup: /root/fd64-devx_813.sfs: No such file or directory
ERROR: Failed to assign loop devices loop10 for /root/fd64-devx_813.sfs

[jamesbond]

Ah, so 0install needs glibc 2.28. You're sadly out of luck. Fatdog's glibc is 2.27, which I admit is a bit long in the tooth now, but we don't have anything newer for now. Your only recourse is to find other distro's glibc and try to shoehorn it to Fatdog. I don't usually do those kind of things, but others do, for example, this project. You may get some help from them.

As for load_sfs.sh: it does not work inside sandbox, by design.

[je55eah]

Thanks for the link. Are all of those libs part of glibc or do I also need to get them separately?

What is the reason for disabling load_sfs.sh in the sandbox? Can I do it manually?

[je55eah]

I tried to create another sandbox without lxc and encountered a new problem.

failed-sandbox-image-creation.png (72.71 KiB) Viewed 998 times

It looks bad, but the img file exists and it seems to work when I summoned it with:

Code: Select all

rw-sandbox.sh /mnt/sda1/sandbox-aa.img

[jamesbond]

Thanks for the link. Are all of those libs part of glibc or do I also need to get them separately?

I don't know, I can't tell. I don't play with those myself. You'd better ask them directly. Anyway the link I gave you is just an example, they're not the only ones doing it. Upgrading glibc is a favourite Puppy users' pastime. I can only tell this: you need all the parts of glibc, cogs and gears, to make it work.

What is the reason for disabling load_sfs.sh in the sandbox?

Because it is designed that way.

Can I do it manually?

With devx loaded, open terminal and run "man aufs". Or read it from here. You will find all that you need to know there. Good luck.

[jamesbond]

I tried to create another sandbox without lxc and encountered a new problem.

What were the layers you selected? Also, which flavour of sandbox are you using?

[je55eah]

rw-sandbox.sh

caused the screen I shared with two layers selected after I specified a file at /mnt/sda1/sandbox-aa.img when prompted

Afterwards there was a strange printout that I didn't capture, it was a multicolumn list of something then it dropped into the sandbox# prompt.

I exited it with 'exit' as opposed to 'poweroff' and proceeded to relaunch it with:

rw-sandbox.sh /mnt/sda1/sandbox-aa.img
which brings me to a sandbox.1bBNQ5w# prompt when I have the other lxc sandbox running or sandbox# when it is the only sandbox.

What is the equivalent to lxc-stop --name XXXX for these non-lxc sandboxes and what is the equivalent to lxc-console -e g -n XXXX in order to reattach with them?

[je55eah]

I recreated the situation where the savefile creation dialogue does not go away and I cleared the artifacts away by pressing tab twice.

That is what caused the weird list to be displayed. I think it is tab completion.

weird-list.png (112.05 KiB) Viewed 921 times

[jamesbond]

rw-sandbox.sh
caused the screen I shared with two layers selected after I specified a file at /mnt/sda1/sandbox-aa.img when prompted
Afterwards there was a strange printout that I didn't capture, it was a multicolumn list of something then it dropped into the sandbox# prompt.

Thanks, I was about to edit my previous post.
The error message is harmless.
The missing file will be created and you won't see the message agan next time.

I exited it with 'exit' as opposed to 'poweroff' and proceeded to relaunch it with:

That's the correct way to exit, yes.

rw-sandbox.sh /mnt/sda1/sandbox-aa.img
which brings me to a sandbox.1bBNQ5w# prompt when I have the other lxc sandbox running or sandbox# when it is the only sandbox.

Normal behaviour. You can run multple sandboxes at the same time, the "1bBNQ5w" or whatever random stuff you see is the "identification" for you to differentiate between those sandboxes. THe very first sandbox you run is the only one without these random ID.

What is the equivalent to lxc-stop --name XXXX for these non-lxc sandboxes and what is the equivalent to lxc-console -e g -n XXXX in order to reattach with them?

To stop rw-sandbox just close the terminal that runs it. You can't re-attach them once you close it because unlike the lxc-sandboxes, they're gone once you close the terminal.

[jamesbond]

I recreated the situation where the savefile creation dialogue does not go away and I cleared the artifacts away by pressing tab twice.

That is what caused the weird list to be displayed. I think it is tab completion.
weird-list.png

Indeed.

[je55eah]

To stop rw-sandbox just close the terminal that runs it. You can't re-attach them once you close it because unlike the lxc-sandboxes, they're gone once you close the terminal.

Thank you.

[je55eah]

while the sandbox is running I attempted to create a package.
In terminal A:

Code: Select all

rw-sandbox-lxc.sh /mnt/sda1/sandbox-00.img

and I answered the prompts, which I wish could be scripted.

In terminal B:

Code: Select all

sb2dir.sh /root/sandboxsetup /mnt/sb/sandbox

mkdir staging
mv sandboxsetup/ staging/sandboxsetup/
cd staging
makepkg sandboxsetup.tgz
ERROR: Can't make output package in current directory.

What did I do wrong?

Do I need to extract the resulting tgz contents and make an sfs from them or can I make the sfs from this directory also?

[step]

previous content deleted, I misunderstood you

to run makepkg successfully you need to cd inside the directory that holds package contents. I often use cd ...; makepkg -c n -l n $PWD.tgz (or txz).

You can make an sfs directly from a directory with dir2sfs /path/to/dir.

[je55eah]

Thanks @step

The first time I tried it the warning informed me that "ERROR: Can't make output package in current directory.", but your method with $PWD works somehow and I also tried it with

Code: Select all

makepkg -c n -l n ../sandboxsetup.tgz

On the other hand, I ran dir2sfs from outside of the directory.
I have attached the results for anyone who wants to add ssl certificates, resolv.conf, and curl to the first two layers in a sandbox, but I don't know how to use them in that environment yet.

the files are labeled sandboxsetup

https://www.dropbox.com/sh/fudwx0wfs9so ... tH1ia?dl=0