From 675e96d265e942b2b9278b872865f84027c7cbea Mon Sep 17 00:00:00 2001 From: Carlos Hernandez Date: Tue, 29 Sep 2015 16:53:32 -0600 Subject: [PATCH] Adding Fts, closing issue #2: * userdata volumes and url opening code were added to use docker-browser as full replacement name browser-exec. * browser-exec allows a user to launch a link in an exisitng browser or open up the link in the default browser define by env $BROWSER * added env variable ${DOCKER_BROWSER_PARMS} allowing user to pass aditional parms if he/she so wishes * added additional userdata volumes so that browser settins persist: $CHROME_USERDATA and $FIRFOX_USERDATA * made it easier for people who fork to test using make file by using env $USER * added clean function to Makefile * esnured USERDATA voluems are added to docker run command only withn wrapper script * if userdata volumes are used home directory of browser is created first, so added code to ensure home directory has right permissions and that /etc/skel files get copied to home directory * renamed some parms * tor install binary is now gpg verified and bumped a version closing issue#2 * README.md includes information about making the settings for firefox and chrome survive after each time the browser is closed and opened. * nvidia-346 drivers are installed in container in order to fix some glx errors. * if browsers are launched with wrapper script then username within the container will be the username of the user executing * add fonts conf file, fixing font error, file copied from jfrazelle --- Dockerfile | 22 ++++++++++++-------- Makefile | 25 +++++++++++++++++++++-- README.md | 12 +++++++++++ confs/local.conf | 29 ++++++++++++++++++++++++++ entrypoint.sh | 45 +++++++++++++++++++++++++++++++++------- scripts/browser-box | 50 ++++++++++++++++++++++++++++++++++++++++++--- 6 files changed, 163 insertions(+), 20 deletions(-) create mode 100644 confs/local.conf diff --git a/Dockerfile b/Dockerfile index 0c5ca92..3508883 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,28 +1,34 @@ FROM sameersbn/ubuntu:14.04.20150825 -ENV TOR_BROWSER_VERSION=4.5.3 \ - WEB_BROWSER_USER=browser +ENV TOR_VERSION=5.0.3 \ + TOR_FINGERPRINT=0x4E2C6E8793298290 RUN wget -q -O - "https://dl-ssl.google.com/linux/linux_signing_key.pub" | sudo apt-key add - \ && echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \ && apt-get update \ - && apt-get install -y xz-utils file locales dbus-x11 pulseaudio dmz-cursor-theme \ + && apt-get install -y xz-utils file locales dbus-x11 pulseaudio dmz-cursor-theme curl \ fonts-dejavu fonts-liberation hicolor-icon-theme \ libcanberra-gtk3-0 libcanberra-gtk-module libcanberra-gtk3-module \ libasound2 libglib2.0 libgtk2.0-0 libdbus-glib-1-2 libxt6 libexif12 \ - libgl1-mesa-glx libgl1-mesa-dri \ + libgl1-mesa-glx libgl1-mesa-dri libstdc++6 nvidia-346 \ google-chrome-stable chromium-browser firefox \ && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ && mkdir -p /usr/lib/tor-browser \ - && wget -O /tmp/tor-browser-linux64-${TOR_BROWSER_VERSION}_en-US.tar.xz \ - https://www.torproject.org/dist/torbrowser/${TOR_BROWSER_VERSION}/tor-browser-linux64-${TOR_BROWSER_VERSION}_en-US.tar.xz \ - && tar -Jvxf /tmp/tor-browser-linux64-${TOR_BROWSER_VERSION}_en-US.tar.xz --strip=1 -C /usr/lib/tor-browser \ + && wget -O /tmp/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz \ + && wget -O /tmp/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc \ + && mkdir ~/.gnupg \ + && gpg --keyserver hkp://hkps.pool.sks-keyservers.net:80 --recv-keys ${TOR_FINGERPRINT} \ + && gpg --fingerprint ${TOR_FINGERPRINT} | grep "Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290" \ + && gpg /tmp/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc \ + && tar -Jvxf /tmp/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz --strip=1 -C /usr/lib/tor-browser \ && ln -sf /usr/lib/tor-browser/Browser/start-tor-browser /usr/bin/tor-browser \ - && rm -rf /tmp/tor-browser-linux64-${TOR_BROWSER_VERSION}_en-US.tar.xz \ + && rm -rf /tmp/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz \ + && rm -rf ~/.gnupg \ && rm -rf /var/lib/apt/lists/* COPY scripts/ /var/cache/browser-box/ COPY entrypoint.sh /sbin/entrypoint.sh +COPY confs/local.conf /etc/fonts/local.conf RUN chmod 755 /sbin/entrypoint.sh ENTRYPOINT ["/sbin/entrypoint.sh"] diff --git a/Makefile b/Makefile index 66903e8..b4e7270 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ XAUTH=/tmp/.docker.xauth CAPABILITIES = \ --cap-add=SYS_ADMIN -ENV_VARS= \ +ENV_VARS = \ --env="USER_UID=$(shell id -u)" \ --env="USER_GID=$(shell id -g)" \ --env="DISPLAY" \ @@ -17,6 +17,19 @@ VOLUMES = \ --volume=${XAUTH}:${XAUTH} \ --volume=/run/user/$(shell id -u)/pulse:/run/pulse +ENV_INSTL_USER = \ + --env="BROWSER_BOX_USER=${USER}" + +ifdef CHROME_USERDATA +ENV_CHROME_USERDATA = \ + --env="CHROME_USERDATA=${CHROME_USERDATA}" +endif + +ifdef FIREFOX_USERDATA +ENV_FIREFOX_USERDATA = \ + --env="FIREFOX_USERDATA=${FIREFOX_USERDATA}" +endif + help: @echo "" @echo "-- Help Menu" @@ -28,12 +41,20 @@ help: @echo " 2. make bash - bash login" @echo "" +clean: + @docker rm -f `docker ps -a | grep "${USER}/browser-box" | awk '{print $$1}'` > /dev/null 2>&1 || exit 0 + @docker rmi `docker images | grep "${USER}/browser-box" | awk '{print $$3}'` > /dev/null 2>&1 || exit 0 + + build: - @docker build --tag=${USER}/browser-box . + @docker build --rm=true --tag=${USER}/browser-box . install uninstall: build @docker run -it --rm \ --volume=/usr/local/bin:/target \ + ${ENV_CHROME_USERDATA} \ + ${ENV_FIREFOX_USERDATA} \ + ${ENV_INSTL_USER} \ ${USER}/browser-box:latest $@ google-chrome tor-browser chromium-browser firefox bash: diff --git a/README.md b/README.md index 11420d9..c10a007 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,18 @@ docker run -it --rm \ sameersbn/browser-box:latest install ``` +If you would the settings for chrome and firfox to persist +afer each time the browser is launched then you will need to add additional environment variable to the install command. In the example below "username" needs to get replace with your loggin user name. + +```bash +docker run -it --rm \ + --volume /usr/local/bin:/target \ + --env CHROME_USERDATA=/home/username/.chrome + --env FIREFOX_USERDATA=/home/username/.mozillia + sameersbn/browser-box:latest install +``` + + This will install wrapper scripts to launch: - `chromium-browser` diff --git a/confs/local.conf b/confs/local.conf new file mode 100644 index 0000000..51dd0d3 --- /dev/null +++ b/confs/local.conf @@ -0,0 +1,29 @@ + + + + + +rgb + + + + +true + + + + +hintslight + + + + +true + + + + +lcddefault + + + diff --git a/entrypoint.sh b/entrypoint.sh index 1023ea0..f2d57c3 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,6 +3,7 @@ set -e USER_UID=${USER_UID:-1000} USER_GID=${USER_GID:-1000} +BROWSER_BOX_USER=${BROWSER_BOX_USER:-browser} install_browser_box() { echo "Installing browser-box..." @@ -17,6 +18,21 @@ install_browser_box() { ln -sf browser-box /target/chromium-browser echo "Installing firefox..." ln -sf browser-box /target/firefox + echo "Installing url luancher..." + ln -sf browser-box /target/browser-exec + if [ "${BROWSER_BOX_USER}" != "browser" ] && [ -n "${BROWSER_BOX_USER}" ]; then + echo "Updating user to ${BROWSER_BOX_USER}..." + sed -i -e s%"BROWSER_BOX_USER:-browser"%"BROWSER_BOX_USER:-${BROWSER_BOX_USER}"%1 /target/browser-box + fi + if [[ -n "${CHROME_USERDATA}" ]]; then + echo "Updating Chrome user volume..." + sed -i -e s%"CHROME_USERDATA=.*$"%"CHROME_USERDATA\=${CHROME_USERDATA}"%1 /target/browser-box + fi + if [[ -n "${FIREFOX_USERDATA}" ]]; then + echo "Updating FireFox user volume..." + sed -i -e s%"FIREFOX_USERDATA=.*$"%"FIREFOX_USERDATA\=${FIREFOX_USERDATA}"%1 /target/browser-box + fi + } uninstall_browser_box() { @@ -32,18 +48,33 @@ uninstall_browser_box() { rm -rf /target/chromium-browser echo "Uninstalling firefox..." rm -rf /target/firefox + echo "Uninstalling url launcher..." + rm -rf /target/browser-exec } create_user() { + # ensure home directory is owned by browser + # and that profile files exist + if [[ -d /home/${BROWSER_BOX_USER} ]]; then + chown ${USER_UID}:${USER_GID} /home/${BROWSER_BOX_USER} + # copy user files from /etc/skel + cp /etc/skel/.bashrc /home/${BROWSER_BOX_USER} + cp /etc/skel/.bash_logout /home/${BROWSER_BOX_USER} + cp /etc/skel/.profile /home/${BROWSER_BOX_USER} + chown ${USER_UID}:${USER_GID} \ + /home/${BROWSER_BOX_USER}/.bashrc \ + /home/${BROWSER_BOX_USER}/.profile \ + /home/${BROWSER_BOX_USER}/.bash_logout + fi # create group with USER_GID - if ! getent group ${WEB_BROWSER_USER} >/dev/null; then - groupadd -f -g ${USER_GID} ${WEB_BROWSER_USER} + if ! getent group ${BROWSER_BOX_USER} >/dev/null; then + groupadd -f -g ${USER_GID} ${BROWSER_BOX_USER} 2> /dev/null fi # create user with USER_UID - if ! getent passwd ${WEB_BROWSER_USER} >/dev/null; then + if ! getent passwd ${BROWSER_BOX_USER} >/dev/null; then adduser --disabled-login --uid ${USER_UID} --gid ${USER_GID} \ - --gecos 'Browser Box' ${WEB_BROWSER_USER} + --gecos 'Browser Box' ${BROWSER_BOX_USER} fi } @@ -57,13 +88,13 @@ grant_access_to_video_devices() { done if [[ -n $VIDEO_GID ]]; then - usermod -a -G $VIDEO_GID ${WEB_BROWSER_USER} + usermod -a -G $VIDEO_GID ${BROWSER_BOX_USER} fi } launch_browser() { - cd /home/${WEB_BROWSER_USER} - exec sudo -u ${WEB_BROWSER_USER} -H PULSE_SERVER=/run/pulse/native $@ ${extra_opts} + cd /home/${BROWSER_BOX_USER} + exec sudo -u ${BROWSER_BOX_USER} -H LD_PRELOAD='/usr/$LIB/libstdc++.so.6' PULSE_SERVER=/run/pulse/native $@ ${extra_opts} } case "$1" in diff --git a/scripts/browser-box b/scripts/browser-box index 471eb35..064a8a3 100755 --- a/scripts/browser-box +++ b/scripts/browser-box @@ -1,7 +1,12 @@ #!/bin/bash PATH=/usr/sbin:/usr/bin:/sbin:/bin - +# TODO: ensure this gets updated by entrypoint script on install +BROWSER_BOX_USER=${BROWSER_BOX_USER:-browser} +BROWSER_BOX_REPO=${BROWSER_BOX_REPO:-$USER} +USER_REPO=${BROWSER_BOX_REPO:-"sameersbn"} +BROWSERS=(chromium-browser firefox google-chrome google-chrome-stable tor-browser) +# Persistant data directories CHROME_USERDATA="" FIREFOX_USERDATA="" # do we need to use sudo to start docker containers? ( id -Gn | grep -q docker ) || SUDO=sudo @@ -27,7 +32,7 @@ cleanup_stopped_browser_box_instances() { for c in $(${SUDO} docker ps -a -q) do image=$(${SUDO} docker inspect -f {{.Config.Image}} ${c}) - if [[ ${image} == "sameersbn/browser-box:latest" ]]; then + if [[ ${image} == "${USER_REPO}/browser-box:latest" ]]; then running=$(${SUDO} docker inspect -f {{.State.Running}} ${c}) if [[ ${running} != true ]]; then ${SUDO} docker rm -v "${c}" >/dev/null @@ -40,6 +45,8 @@ prepare_docker_caps_parameters() { case ${1} in google-chrome|google-chrome-stable|chromium-browser) CAPABILITIES+="--cap-add=SYS_ADMIN" + # passing gpu for SANDBOXED support + [ -d /dev/dri ] && CAPABILITIES+=" --device /dev/dri" ;; esac } @@ -50,6 +57,7 @@ prepare_docker_env_parameters() { ENV_VARS+=" --env=DISPLAY" ENV_VARS+=" --env=XAUTHORITY=${XAUTH}" ENV_VARS+=" --env=TZ=$(cat /etc/timezone)" + ENV_VARS+=" --env=BROWSER_BOX_USER=${BROWSER_BOX_USER}" } prepare_docker_volume_parameters() { @@ -61,6 +69,13 @@ prepare_docker_volume_parameters() { VOLUMES+=" --volume=/run/user/${USER_UID}/pulse:/run/pulse" } +# TODO: Need to add tor and chromium userdata dirs +# if wanted by the user, maybe use env variables +prepare_docker_userdata_volumes() { + [ -n ${CHROME_USERDATA} ] && VOLUMES+=" --volume=${CHROME_USERDATA}:/home/${BROWSER_BOX_USER}/.config/google-chrome" + [ -n ${FIREFOX_USERDATA} ] && VOLUMES+=" --volume=${FIREFOX_USERDATA}:/home/${BROWSER_BOX_USER}/.mozilla" +} + prepare_docker_device_parameters() { # enumerate video devices for webcam support VIDEO_DEVICES= @@ -72,6 +87,29 @@ prepare_docker_device_parameters() { done } +browser_exec () { + # check state of default $BROWSER + browser_state=$(docker inspect --format "{{.State.Running}}" ${BROWSER} 2>/dev/null) + if [[ "${browser_state}" == "true" ]]; then + ${SUDO} docker exec -i entrypoint.sh ${BROWSER} "$@" 2>/dev/null + exit $? + else + # checke if any other browser's are open to open link + for browser in ${BROWSERS[@]}; do + browser_state= \ + $(docker inspect --format "{{.State.Running}}" ${browser} 2>/dev/null) + if [[ "${browser_state}" == "true" ]]; then + ${SUDO} docker exec -i entrypoint.sh ${browser} "$@" 2>/dev/null + exit $? + else + # no browser is currently running, let's start the default one + default_browser=$(which ${BROWSER}) + exec ${default_browser} $@ + fi + done + fi +} + prog=$(basename $0) exec=$(which $prog) if [[ ${prog} == "browser-box" ]]; then @@ -80,6 +118,9 @@ if [[ ${prog} == "browser-box" ]]; then prog=${1} shift ;; + browser-exec) + browser_exec $@ + ;; *|help) list_browsers exit 1 @@ -94,12 +135,15 @@ cleanup_stopped_browser_box_instances prepare_docker_caps_parameters $prog prepare_docker_env_parameters prepare_docker_volume_parameters +prepare_docker_userdata_volumes prepare_docker_device_parameters echo "Starting ${prog}..." ${SUDO} docker run -d \ + ${BROWSER_BOX_PARMS} \ ${CAPABILITIES} \ ${ENV_VARS} \ ${VIDEO_DEVICES} \ ${VOLUMES} \ - sameersbn/browser-box:latest ${prog} $@ >/dev/null + --name="${prog}" \ + ${USER_REPO}/browser-box:latest ${prog} $@ >/dev/null