feat: Podmansh (experimentation)

[jeefy]

Distrobox is cool, but a by-default "I open terminal and I'm sandboxed" is better. :) This issue is to track efforts towards getting podmansh as our default shell.

Currently I have podmansh setup with this config:

[Unit]
Description=The Podmansh container
After=local-fs.target

[Container]
Image=ghcr.io/ublue-os/ubuntu-toolbox:latest
ContainerName=podmansh
RemapUsers=keep-id
RunInit=yes

Exec=sleep infinity

[Service]
ExecStartPre=/usr/bin/mkdir -p %h/data

[Install]
RequiredBy=default.target

I set it up with a just command (just podmansh). Initially, because I YOLO things, I got locked out of my own host filesystem, and had to install a different terminal (Konsole) to get back into the host (because podmansh was failing). That's a story we should probably capture and prevent lol.

[bigpod98]

While yes podmansh is cool do you have access to podman and so on inside the container

[jeefy]

Not yet. This was my first attempt to just get it working, next is "okay the engine runs, let's attach a transmission and a steering wheel"

[bketelsen]

did you create a user specifically for this or did you set your host's login account to the podmansh shell?

[jeefy]

Host's login account (I did say: YOLO).

My current status is /usr/bin/podmansh works, and I have it pointed to our Ubuntu toolkit.

Next is "Okay now actually make it functional"

• Map in volumes
• "How can we swap images easily"
• Map through docker.sock/container support

[bketelsen]

Bold move, sir.

[Nitrousoxide]

I'm not sure how good this would be for ublue, since it would immediately balloon the install size by a gig or so when you first login thanks to the shell container getting spun up
That seems like a lot of storage overhead for a shell for single user instance, which is the typical use case for ublue, probably.
Podmansh seems to be mainly intended for multiple user instances, so you can lock down shell access for non-admin users.

[castrojo]

It wouldn't be included on the image (which we can't do anyway), it'd be a pull on initial launch like we do with distrobox. We'd use the same image but probably just turn init on.

[Nitrousoxide]

How would a user change the shell. Would they need to build their own container if they, for instance, prefer Fish over Bash? As I understand it the actual shell you'd end up using is whatever one is the default shell of the container image you are downloading. That would make it a lot more complicated for a user to change a shell to a different one they prefer if they have to start tweaking quadlet files and having podman build a new image on every restart (or at least whenever the referenced base image changes) with the shell they prefer.

[castrojo]

Yes, you're correct, you'd change the shell in the container image. You'd just chsh in there like you would do it in a distrobox. This isn't really any different than using distrobox today, it's just built into the terminal experience.

You'd only need to mess with the quadlet if you prefer to use a custom image and you want to swap it out -- I'm hoping to just switch alpine or just switch ubuntu in a host terminal and then that would just let you swap out the userspaces by disabling and enabling the units.

[castrojo]

(I'll keep the issue open for running notes)

Ok so I was able to successfully use both ubuntu and opensuse images. Alpine via boxkit didn't work but I didn't investigate on the why.

Tips for people who wanna try: have a terminal set to custom command into /bin/bash so you don't paint yourself into a corner (or use a VM). I think just fired up a normal blackbox terminal and got into ubuntu. The UX is awesome.

sudo doesn't accept my password and there's probably a bunch of other stuff, but at least we can get more people messing with it! Thanks Jeff!

[bketelsen]

@jeefy are you using this still? can you update status/notes here when you have a minute?

[jeefy]

I am, but I haven't really been doing much dev-work the last 3 weeks (vacation into work travel). So I don't have any other updates with it yet, or any fixes for encountered friction. :\

[jeefy]

A thing that really bothered me was that vscode could never open the right folder when starting a new terminal. I created a custom terminal profile for it and fixed it that way. I updated the output of just podmansh to provide instructions on what to add.

I've also opted for a less-permissive podmansh container. I think any actions where you need elevated permissions should probably be done using konsole and be on the host. That's just my day-to-day opinions though.

[castrojo]

Ok we talked about this at KubeCon, @jeefy is going to push his latest updates to the repo.

[bketelsen]

anxiously awaiting these updates

[jeefy]

Ask and ye shall receive #651

[castrojo]

Thanks Jeff! I told @rhatdan that we'd ping him with the latest we have:

• bluefin/just/custom.just

  Line 171 in 5f3b17e

  # Enable podmansh as user shell (EXPERIMENTAL)

• https://github.com/ublue-os/bluefin/blob/main/usr/share/ublue-os/quadlets/podmansh.container

[rhatdan]

@lsm5 FYI.

[jeefy]

FYI this breaks xorg, you have to use Wayland. That'll be the next thing I try to debug 🙃