diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml index cf8d74d..bddd139 100644 --- a/.github/workflows/flowzone.yml +++ b/.github/workflows/flowzone.yml @@ -24,4 +24,6 @@ jobs: ) secrets: inherit with: - balena_slugs: 'balenalabs/browser-aarch64,balenalabs/browser-amd64,balenalabs/browser-armv7hf' + # Prevent publishing of releases to balenaCloud after its move to balena-io-experimental org + # To update on balenaHub, do a manual push of the browser block from the balenalabs account + balena_slugs: '' diff --git a/Dockerfile.template b/Dockerfile.template index ec28f91..6177f07 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -1,6 +1,6 @@ -ARG NODEJS_VERSION="20.12.0" +FROM node:20.19.2-bookworm -FROM balenalib/%%BALENA_MACHINE_NAME%%-debian-node:${NODEJS_VERSION}-bookworm-run +ENV DEBIAN_FRONTEND=noninteractive # Install the necessary packages COPY ./build /usr/src/build diff --git a/build/install_chromium b/build/install_chromium index 5ec64d3..d826291 100755 --- a/build/install_chromium +++ b/build/install_chromium @@ -34,7 +34,8 @@ else ln -s /usr/bin/chromium /usr/bin/chromium-browser fi -install_packages \ +# mimic previous balenalib "install_packages" behavior: +apt-get update && apt-get install -y --no-install-recommends \ ${CHROMIUM_PACKAGE} \ chromium-common \ libgles2-mesa \ @@ -47,4 +48,5 @@ install_packages \ xserver-xorg-video-fbdev \ xserver-xorg xinit \ xinput \ - xterm + xterm && \ + rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* diff --git a/src/entry.sh b/src/entry.sh new file mode 100644 index 0000000..4e0baa4 --- /dev/null +++ b/src/entry.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +# This command only works in privileged container +tmp_mount='/tmp/_balena' +mkdir -p "$tmp_mount" +if mount -t devtmpfs none "$tmp_mount" &> /dev/null; then + PRIVILEGED=true + umount "$tmp_mount" +else + PRIVILEGED=false +fi +rm -rf "$tmp_mount" + +function mount_dev() +{ + tmp_dir='/tmp/tmpmount' + mkdir -p "$tmp_dir" + mount -t devtmpfs none "$tmp_dir" + mkdir -p "$tmp_dir/shm" + mount --move /dev/shm "$tmp_dir/shm" + mkdir -p "$tmp_dir/mqueue" + mount --move /dev/mqueue "$tmp_dir/mqueue" + mkdir -p "$tmp_dir/pts" + mount --move /dev/pts "$tmp_dir/pts" + touch "$tmp_dir/console" + mount --move /dev/console "$tmp_dir/console" + umount /dev || true + mount --move "$tmp_dir" /dev + + # Since the devpts is mounted with -o newinstance by Docker, we need to make + # /dev/ptmx point to its ptmx. + # ref: https://www.kernel.org/doc/Documentation/filesystems/devpts.txt + ln -sf /dev/pts/ptmx /dev/ptmx + + # When using io.balena.features.sysfs the mount point will already exist + # we need to check the mountpoint first. + sysfs_dir='/sys/kernel/debug' + + if ! mountpoint -q "$sysfs_dir"; then + mount -t debugfs nodev "$sysfs_dir" + fi + +} + +function start_udev() +{ + if [ "$UDEV" == "on" ]; then + if $PRIVILEGED; then + mount_dev + if command -v udevd &>/dev/null; then + unshare --net udevd --daemon &> /dev/null + else + unshare --net /lib/systemd/systemd-udevd --daemon &> /dev/null + fi + udevadm trigger &> /dev/null + else + echo "Unable to start udev, container must be run in privileged mode to start udev!" + fi + fi +} + +function init() +{ + # echo error message, when executable file is passed but doesn't exist. + if [ -n "$1" ]; then + if CMD=$(command -v "$1" 2>/dev/null); then + shift + exec "$CMD" "$@" + else + echo "Command not found: $1" + exit 1 + fi + fi +} + +UDEV=$(echo "$UDEV" | awk '{print tolower($0)}') + +case "$UDEV" in + '1' | 'true') + UDEV='on' + ;; +esac + +start_udev +init "$@" diff --git a/src/start.sh b/src/start.sh index 6e89c01..219c470 100644 --- a/src/start.sh +++ b/src/start.sh @@ -4,7 +4,7 @@ sysctl -w user.max_user_namespaces=10000 # Run balena base image entrypoint script -/usr/bin/entry.sh echo "Running balena base image entrypoint..." +/usr/src/app/entry.sh echo "Running balena base image entrypoint..." export DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket @@ -25,7 +25,7 @@ if [[ -z "$DISPLAY_NUM" ]] fi # set whether to show a cursor or not -if [[ ! -z $SHOW_CURSOR ]] && [[ "$SHOW_CURSOR" -eq "1" ]] +if [[ -n $SHOW_CURSOR ]] && [[ "$SHOW_CURSOR" -eq "1" ]] then export CURSOR='' echo "Enabling cursor" @@ -67,5 +67,6 @@ environment=$(env | grep -v -w '_' | awk -F= '{ st = index($0,"=");print substr( environment="${environment::-1}" # launch Chromium and whitelist the enVars so that they pass through to the su session -su -w $environment -c "export DISPLAY=:$DISPLAY_NUM && startx /usr/src/app/startx.sh $CURSOR" - chromium -balena-idle +su -w "$environment" -c "export DISPLAY=:$DISPLAY_NUM && startx /usr/src/app/startx.sh $CURSOR" - chromium + +sleep infinity