diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/.profile | 32 | ||||
| -rwxr-xr-x | scripts/dev.sh | 63 |
2 files changed, 95 insertions, 0 deletions
diff --git a/scripts/.profile b/scripts/.profile new file mode 100644 index 0000000..bff260d --- /dev/null +++ b/scripts/.profile @@ -0,0 +1,32 @@ +nsjpy() { + local MEM_MAX=52428800 + + # All arguments except the last are considered to be for NsJail, not Python. + local nsj_args="" + while [ "$#" -gt 1 ]; do + nsj_args="${nsj_args:+${nsj_args} }$1" + shift + done + + # Set up cgroups and disable memory swapping. + mkdir -p /sys/fs/cgroup/pids/NSJAIL + mkdir -p /sys/fs/cgroup/memory/NSJAIL + echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.limit_in_bytes + echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.memsw.limit_in_bytes + + nsjail \ + -Mo \ + --rlimit_as 700 \ + --chroot / \ + -E LANG=en_US.UTF-8 \ + -R/usr -R/lib -R/lib64 \ + --user nobody \ + --group nogroup \ + --time_limit 2 \ + --disable_proc \ + --iface_no_lo \ + --cgroup_pids_max=1 \ + --cgroup_mem_max="${MEM_MAX}" \ + $nsj_args -- \ + /snekbox/.venv/bin/python3 -Iq -c "$@" +} diff --git a/scripts/dev.sh b/scripts/dev.sh new file mode 100755 index 0000000..097690b --- /dev/null +++ b/scripts/dev.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env sh + +# Sets up a development environment and runs a shell in a docker container. +# Usage: dev.sh [--build [--clean]] [ash_args ...] + +if [ "$1" = "--build" ]; then + shift + printf "Building pythondiscord/snekbox-venv:dev..." + + docker build \ + -t pythondiscord/snekbox-venv:dev \ + -f docker/venv.Dockerfile \ + --build-arg DEV=1 \ + -q \ + . \ + >/dev/null \ + && printf " done!\n" || exit "$?" + + if [ "$1" = "--clean" ]; then + shift + dangling_imgs=$(docker images -f "dangling=true" -q) + + if [ -n "${dangling_imgs}" ]; then + printf "Removing dangling images..." + + docker rmi $dangling_imgs >/dev/null \ + && printf " done!\n" || exit "$?" + fi + fi +fi + +# Keep the container up in the background so it doesn't have to be restarted +# for the ownership fix. +# The volume is mounted to same the path in the container as the source +# directory on the host to ensure coverage can find the source files. +docker run \ + -td \ + --name snekbox_test \ + --privileged \ + --network host \ + -h pdsnk-dev \ + -e PYTHONDONTWRITEBYTECODE=1 \ + -e PIPENV_PIPFILE="/snekbox/Pipfile" \ + -e ENV="${PWD}/scripts/.profile" \ + -v "${PWD}":"${PWD}" \ + -w "${PWD}"\ + --entrypoint /bin/ash \ + pythondiscord/snekbox-venv:dev \ + >/dev/null \ + +# Execute the given command(s) +docker exec -it snekbox_test /bin/ash "$@" + +# Fix ownership of coverage file +# BusyBox doesn't support --reference for chown +docker exec \ + -it \ + -e CWD="${PWD}" \ + snekbox_test \ + /bin/ash \ + -c 'chown "$(stat -c "%u:%g" "${CWD}")" "${CWD}/.coverage"' + +docker rm -f snekbox_test >/dev/null # Stop and remove the container |