build: Use Github token (#1100)

.github/workflows/review.yml

@@ -0,0 +1,66 @@
+on:
+  pull_request:
+
+name: "Review"
+
+permissions:
+  contents: read
+  pull-requests: write
+  checks: write
+
+jobs:
+  review:
+    name: review
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Spelling
+        uses: reviewdog/action-misspell@v1
+        with:
+          locale: "US"
+          level: warning
+          pattern: |
+            *.md
+            *.sh
+          reporter: github-pr-review
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Hadolint
+        uses: reviewdog/action-hadolint@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          hadolint_ignore: DL3008 DL3003 DL3006 DL3013
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: YamlLint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: ActionLint
+        uses: reviewdog/action-actionlint@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Shellformat
+        uses: reviewdog/action-shfmt@v1
+        with:
+          level: warning
+          shfmt_flags: "-i 2 -ci -bn"
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Shellcheck
+        uses: reviewdog/action-shellcheck@v1
+        with:
+          level: warning
+          reporter: github-pr-review
+          shellcheck_flags: -x -e SC2001 -e SC2034 -e SC2064 -e SC2317 -e SC2153 -e SC2028          
+          github_token: ${{ secrets.GITHUB_TOKEN }}

readme.md

@@ -47,7 +47,7 @@ services:
 ##### Via Docker CLI:
 
 ```bash
-docker run -it --rm --name dsm -e "DISK_SIZE=256G" -p 5000:5000 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/dsm:/storage" --stop-timeout 120 vdsm/virtual-dsm
+docker run -it --rm --name dsm -e "DISK_SIZE=256G" -p 5000:5000 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/dsm:/storage" --stop-timeout 120 docker.io/vdsm/virtual-dsm
 ```
 
 ##### Via Kubernetes:

src/disk.sh

@@ -17,6 +17,14 @@ SYSTEM="$STORAGE/$BASE.system.img"
 [ ! -s "$BOOT" ] && error "Virtual DSM boot-image does not exist ($BOOT)" && exit 81
 [ ! -s "$SYSTEM" ] && error "Virtual DSM system-image does not exist ($SYSTEM)" && exit 82
 
+if ! setOwner "$BOOT"; then
+  error "Failed to set the owner for \"$BOOT\" !"
+fi
+
+if ! setOwner "$SYSTEM"; then
+  error "Failed to set the owner for \"$SYSTEM\" !"
+fi
+
 fmt2ext() {
   local DISK_FMT="$1"
 
@@ -338,23 +346,23 @@ checkFS () {
   DIR=$(dirname "$DISK_FILE")
   [ ! -d "$DIR" ] && return 0
 
-  if [[ "${FS,,}" == "overlay"* ]]; then
+  if [[ "${FS,,}" == "overlay"* && "$PODMAN" != [Yy1]* ]]; then
-    info "Warning: the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
+    warn "the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
   fi
 
   if [[ "${FS,,}" == "fuse"* ]]; then
-    info "Warning: the filesystem of $DIR is FUSE, this extra layer will negatively affect performance!"
+    warn "the filesystem of $DIR is FUSE, this extra layer will negatively affect performance!"
   fi
 
   if ! supportsDirect "$FS"; then
-    info "Warning: the filesystem of $DIR is $FS, which does not support O_DIRECT mode, adjusting settings..."
+    warn "the filesystem of $DIR is $FS, which does not support O_DIRECT mode, adjusting settings..."
   fi
 
   if isCow "$FS"; then
     if [ -f "$DISK_FILE" ]; then
       FA=$(lsattr "$DISK_FILE")
       if [[ "$FA" != *"C"* ]]; then
-        info "Warning: COW (copy on write) is not disabled for $DISK_DESC image file $DISK_FILE, this is recommended on ${FS^^} filesystems!"
+        warn "COW (copy on write) is not disabled for $DISK_DESC image file $DISK_FILE, this is recommended on ${FS^^} filesystems!"
       fi
     fi
   fi
@@ -437,7 +445,7 @@ addDisk () {
 
   if [[ "${DISK_SPACE,,}" == "max" || "${DISK_SPACE,,}" == "half" ]]; then
 
-    local SPARE=2147483648
+    local SPARE=1073741824
     FREE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
 
     if [[ "${DISK_SPACE,,}" == "max" ]]; then
@@ -543,6 +551,12 @@ addDisk () {
 
   fi
 
+  if [ -f "$DISK_FILE" ]; then
+    if ! setOwner "$DISK_FILE"; then
+      error "Failed to set the owner for \"$DISK_FILE\" !"
+    fi
+  fi
+
   DISK_OPTS+=$(createDevice "$DISK_FILE" "$DISK_TYPE" "$DISK_INDEX" "$DISK_ADDRESS" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" "" "")
 
   return 0

src/install.sh

@@ -31,7 +31,6 @@ if [ -n "$URL" ] && [ ! -s "$FILE" ] && [ ! -d "$DIR" ]; then
   BASE=$(basename "$URL" .pat)
   if [ ! -s "$STORAGE/$BASE.system.img" ]; then
     BASE=$(basename "${URL%%\?*}" .pat)
-    BASE="${BASE//+/ }"
     printf -v BASE '%b' "${BASE//%/\\x}"
     BASE="${BASE//[!A-Za-z0-9._-]/_}"
   fi
@@ -66,7 +65,6 @@ fi
 
 if [ ! -s "$FILE" ]; then
   BASE=$(basename "${URL%%\?*}" .pat)
-  BASE="${BASE//+/ }"
   printf -v BASE '%b' "${BASE//%/\\x}"
   BASE="${BASE//[!A-Za-z0-9._-]/_}"
 fi
@@ -82,16 +80,16 @@ rm -f "$STORAGE/$BASE.system.img"
 # Check filesystem
 FS=$(stat -f -c %T "$STORAGE")
 
-if [[ "${FS,,}" == "overlay"* ]]; then
+if [[ "${FS,,}" == "overlay"* && "$PODMAN" != [Yy1]* ]]; then
-  info "Warning: the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!"
+  warn "the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!"
 fi
 
 if [[ "${FS,,}" == "fuse"* ]]; then
-  info "Warning: the filesystem of $STORAGE is FUSE, this extra layer will negatively affect performance!"
+  warn "the filesystem of $STORAGE is FUSE, this extra layer will negatively affect performance!"
 fi
 
 if [[ "${FS,,}" == "ecryptfs" || "${FS,,}" == "tmpfs" ]]; then
-  info "Warning: the filesystem of $STORAGE is $FS, which does not support O_DIRECT mode, adjusting settings..."
+  warn "the filesystem of $STORAGE is $FS, which does not support O_DIRECT mode, adjusting settings..."
 fi
 
 if [[ "${FS,,}" == "fat"* || "${FS,,}" == "vfat"* || "${FS,,}" == "msdos"* ]]; then
@@ -100,6 +98,10 @@ fi
 
 if [[ "${FS,,}" != "exfat"* && "${FS,,}" != "ntfs"* && "${FS,,}" != "unknown"* ]]; then
   TMP="$STORAGE/tmp"
+  rm -rf "$TMP"
+  if ! makeDir "$TMP"; then
+    error "Failed to create directory \"$TMP\" !" && exit 93
+  fi
 else
   TMP="/tmp/dsm"
   TMP_SPACE=2147483648
@@ -108,10 +110,9 @@ else
   if (( TMP_SPACE > SPACE )); then
     error "Not enough free space inside the container, have $SPACE_MB available but need at least 2 GB." && exit 93
   fi
+  rm -rf "$TMP" && mkdir -p "$TMP"
 fi
 
-rm -rf "$TMP" && mkdir -p "$TMP"
-
 # Check free diskspace
 ROOT_SPACE=536870912
 SPACE=$(df --output=avail -B 1 / | tail -n 1)
@@ -224,6 +225,8 @@ if ! touch "$SYSTEM"; then
   error "Could not create file $SYSTEM for the system disk." && exit 98
 fi
 
+! setOwner "$SYSTEM" && error "Failed to set the owner for \"$SYSTEM\" !"
+
 if [[ "${FS,,}" == "btrfs" ]]; then
   { chattr +C "$SYSTEM"; } || :
   FA=$(lsattr "$SYSTEM")
@@ -256,7 +259,11 @@ PART="$TMP/partition.fdisk"
 sfdisk -q "$SYSTEM" < "$PART"
 
 MOUNT="$TMP/system"
-rm -rf "$MOUNT" && mkdir -p "$MOUNT"
+rm -rf "$MOUNT"
+
+if ! makeDir "$MOUNT"; then
+  error "Failed to create directory \"$MOUNT\" !" && exit 93
+fi
 
 MSG="Extracting system partition..."
 info "Install: $MSG" && html "$MSG"
@@ -291,6 +298,7 @@ fakeroot -- bash -c "set -Eeu;\
 
 rm -rf "$MOUNT"
 echo "$BASE" > "$STORAGE/dsm.ver"
+! setOwner "$STORAGE/dsm.ver" && error "Failed to set the owner for \"$STORAGE/dsm.ver\" !"
 
 if [[ "$URL" == "file://$STORAGE/$BASE.pat" ]]; then
   rm -f "$PAT"
@@ -298,7 +306,13 @@ else
   mv -f "$PAT" "$STORAGE/$BASE.pat"
 fi
 
+if [ -f "$STORAGE/$BASE.pat" ]; then
+  ! setOwner "$STORAGE/$BASE.pat" && error "Failed to set the owner for \"$STORAGE/$BASE.pat\" !"
+fi
+
 mv -f "$BOOT" "$STORAGE/$BASE.boot.img"
+! setOwner "$STORAGE/$BASE.boot.img" && error "Failed to set the owner for \"$STORAGE/$BASE.boot.img\" !"
+
 rm -rf "$TMP"
 
 return 0

src/network.sh

@@ -218,11 +218,14 @@ getUserPorts() {
 
     for hostport in ${exclude//,/ }; do
 
-      local val="${hostport///tcp}"
+      local port="${hostport///tcp}"
+      port="${port///udp}"
 
-      if [[ "$num" == "${val///udp}" ]]; then
+      if [[ "$num" == "$port" ]]; then
         num=""
-        warn "Could not assign port ${val///udp} to \"USER_PORTS\" because it is already in \"HOST_PORTS\"!"
+        if [[ "$port" != "$WEB_PORT" ]]; then
+          warn "Could not assign port $port to \"USER_PORTS\" because it is already in \"HOST_PORTS\"!"
+        fi
       fi
 
     done
@@ -343,6 +346,12 @@ configurePasst() {
 
   PASST_OPTS+=" -H $VM_NET_HOST"
   PASST_OPTS+=" -M $GATEWAY_MAC"
+
+  local uid gid
+  uid=$(id -u)
+  gid=$(id -g)
+  PASST_OPTS+=" --runas $uid:$gid"
+
   PASST_OPTS+=" -P /var/run/passt.pid"
   PASST_OPTS+=" -l $log"
   PASST_OPTS+=" -q"
@@ -394,7 +403,6 @@ configureNAT() {
 
   # Create the necessary file structure for /dev/net/tun
   if [ ! -c /dev/net/tun ]; then
-    [[ "$PODMAN" == [Yy1]* ]] && return 1
     [ ! -d /dev/net ] && mkdir -m 755 /dev/net
     if mknod /dev/net/tun c 10 200; then
       chmod 666 /dev/net/tun
@@ -402,6 +410,7 @@ configureNAT() {
   fi
 
   if [ ! -c /dev/net/tun ]; then
+    [[ "$PODMAN" == [Yy1]* ]] && return 1
     warn "$tuntap" && return 1
   fi
 
@@ -409,6 +418,7 @@ configureNAT() {
   if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
     { sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1; rc=$?; } || :
     if (( rc != 0 )) || [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
+      [[ "$PODMAN" == [Yy1]* ]] && return 1
       warn "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1"
       return 1
     fi
@@ -435,6 +445,7 @@ configureNAT() {
   { ip link add dev "$VM_NET_BRIDGE" type bridge ; rc=$?; } || :
 
   if (( rc != 0 )); then
+    [[ "$PODMAN" == [Yy1]* ]] && return 1
     warn "failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && return 1
   fi
 
@@ -449,6 +460,7 @@ configureNAT() {
 
   # QEMU Works with taps, set tap to the bridge created
   if ! ip tuntap add dev "$VM_NET_TAP" mode tap; then
+    [[ "$PODMAN" == [Yy1]* ]] && return 1
     warn "$tuntap" && return 1
   fi
 
@@ -697,7 +709,7 @@ getInfo() {
   [ -z "$MTU" ] && MTU="0"
 
   if [[ "${ADAPTER,,}" != "virtio-net-pci" ]]; then
-    if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
+    if [[ "$MTU" != "0" ]] && [ "$MTU" -lt "1500" ]; then
       warn "MTU size is $MTU, but cannot be set for $ADAPTER adapters!" && MTU="0"
     fi
   fi
@@ -710,6 +722,7 @@ getInfo() {
       # Generate MAC address based on Docker container ID in hostname
       VM_NET_MAC=$(echo "$HOST" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:11:32:\3:\4:\5/')
       echo "${VM_NET_MAC^^}" > "$file"
+      ! setOwner "$file" && error "Failed to set the owner for \"$file\" !"
     fi
   fi
 
@@ -727,13 +740,6 @@ getInfo() {
 
   GATEWAY_MAC=$(echo "$VM_NET_MAC" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')
 
-  if [[ "$PODMAN" == [Yy1]* && "$DHCP" != [Yy1]* ]]; then
-    if [ -z "$NETWORK" ] || [[ "${NETWORK^^}" == "Y" ]]; then
-      # By default Podman has no permissions for NAT networking
-      NETWORK="user"
-    fi
-  fi
-
   if [[ "$DEBUG" == [Yy1]* ]]; then
     line="Host: $HOST  IP: $IP  Gateway: $GATEWAY  Interface: $VM_NET_DEV  MAC: $VM_NET_MAC  MTU: $mtu"
     [[ "$MTU" != "0" && "$MTU" != "$mtu" ]] && line+=" ($MTU)"
@@ -795,8 +801,12 @@ else
 
         closeBridge
         NETWORK="user"
+
+        if [[ "$PODMAN" != [Yy1]* ]]; then
           msg="falling back to user-mode networking!"
           msg="failed to setup NAT networking, $msg"
+          warn "$msg"
+        fi
 
       fi ;;
 
@@ -828,7 +838,7 @@ else
     "passt" | "slirp" )
 
       if [ -z "$USER_PORTS" ]; then
-        info "Notice: because user-mode networking is active, if you need to expose ports, add them to the \"USER_PORTS\" variable."
+        info "Notice: because user-mode networking is active, when you need to forward custom ports to DSM, add them to the \"USER_PORTS\" variable."
       fi ;;
 
   esac

src/proc.sh

@@ -33,9 +33,8 @@ if [[ "$KVM" != [Nn]* ]]; then
   KVM_OPTS=",accel=kvm -enable-kvm -global kvm-pit.lost_tick_policy=discard"
 
   if ! grep -qw "sse4_2" <<< "$flags"; then
-    info "Your CPU does not have the SSE4 instruction set that Virtual DSM requires, it will be emulated..."
+    error "Your CPU does not have the SSE4 instruction set that Virtual DSM requires!"
-    [ -z "$CPU_MODEL" ] && CPU_MODEL="qemu64"
+    [[ "$DEBUG" != [Yy1]* ]] && exit 88
-    CPU_FEATURES+=",+ssse3,+sse4.1,+sse4.2"
   fi
 
   if [ -z "$CPU_MODEL" ]; then

src/reset.sh

@@ -78,8 +78,7 @@ fi
 
 # Check folder
 
-if [[ "${COMMIT:-}" == [Yy1]* ]]; then
+if [[ "${STORAGE,,}" != "/storage" ]]; then
-  STORAGE="/local"
   mkdir -p "$STORAGE"
 fi
 
@@ -88,7 +87,9 @@ if [ ! -d "$STORAGE" ]; then
 fi
 
 if [ ! -w "$STORAGE" ]; then
-  error "Storage folder ($STORAGE) is not writeable!" && exit 13
+  msg="Storage folder ($STORAGE) is not writeable!"
+  msg+=" If SELinux is active, you need to add the \":Z\" flag to the bind mount."
+  error "$msg" && exit 13
 fi
 
 # Check filesystem
@@ -165,6 +166,10 @@ if [[ "$KVM" != [Nn]* ]]; then
         if ! grep -qw "vmx\|svm" <<< "$flags"; then
           KVM_ERR="(not enabled in BIOS)"
         fi
+        if ! grep -qw "sse4_2" <<< "$flags"; then
+          error "Your CPU does not have the SSE4 instruction set that Virtual DSM requires!"
+          [[ "$DEBUG" != [Yy1]* ]] && exit 88
+        fi
       fi
     fi
   fi

src/utils.sh

@@ -67,6 +67,37 @@ fKill() {
   return 0
 }
 
+setOwner() {
+  local file="$1"
+  local dir uid gid
+
+  [ ! -f "$file" ] && return 1
+
+  dir=$(dirname -- "$file")
+  uid=$(stat -c '%u' "$dir")
+  gid=$(stat -c '%g' "$dir")
+
+  ! chown "$uid:$gid" "$file" && return 1
+
+  return 0
+}
+
+makeDir() {
+  local path="$1"
+  local dir uid gid
+
+  [ -d "$path" ] && return 0
+  ! mkdir -p "$path" && return 1
+
+  dir=$(dirname -- "$path")
+  uid=$(stat -c '%u' "$dir")
+  gid=$(stat -c '%g' "$dir")
+
+  ! chown "$uid:$gid" "$path" && return 1
+
+  return 0
+}
+
 escape () {
   local s
   s=${1//&/\&}
@@ -123,11 +154,11 @@ cpu() {
   fi
 
   cpu="${cpu// CPU/}"
-  cpu="${cpu// [0-9] Core}"
-  cpu="${cpu// [0-9][0-9] Core}"
   cpu="${cpu// [0-9][0-9][0-9] Core}"
-  cpu="${cpu//[0-9]th Gen }"
+  cpu="${cpu// [0-9][0-9] Core}"
+  cpu="${cpu// [0-9] Core}"
   cpu="${cpu//[0-9][0-9]th Gen }"
+  cpu="${cpu//[0-9]th Gen }"
   cpu="${cpu// Processor/}"
   cpu="${cpu// Quad core/}"
   cpu="${cpu// Dual core/}"