diff --git a/xfce4-panel.xml b/post_installation_script/xfce4-panel.xml similarity index 100% rename from xfce4-panel.xml rename to post_installation_script/xfce4-panel.xml diff --git a/post_installation_script_test/02_start_container_with_image.sh b/post_installation_script_test/02_start_container_with_image.sh index 20c9303..861a518 100755 --- a/post_installation_script_test/02_start_container_with_image.sh +++ b/post_installation_script_test/02_start_container_with_image.sh @@ -2,6 +2,6 @@ # Start container with the test image (interactive shell) docker run -it --rm \ - --cap-drop ALL --security-opt no-new-privileges --tmpfs /tmp:rw \ - -v "$(pwd)/../post_installation_script/20251212_Nachinstallationsarbeiten_LC_Esslingen_XFCE_v8.sh":/workspace/script.sh:ro \ + --tmpfs /tmp:rw \ + -v "$(pwd)/../post_installation_script/":/workspace/:ro \ mint-script-test diff --git a/post_installation_script_test/Dockerfile b/post_installation_script_test/Dockerfile index 771c9a3..d4908da 100644 --- a/post_installation_script_test/Dockerfile +++ b/post_installation_script_test/Dockerfile @@ -1,41 +1,12 @@ FROM ubuntu:22.04 -# Minimal image for safe simulation of apt installs. +# Install required utilities including sudo RUN apt-get update && apt-get install -y --no-install-recommends \ - bash wget tar curl gnupg ca-certificates apt-utils apt coreutils file procps && \ + bash wget tar curl gnupg ca-certificates apt-utils apt coreutils file procps sudo && \ apt-get clean && rm -rf /var/lib/apt/lists/* -# sudo wrapper: simulate apt installs and avoid making changes to the image -RUN cat > /usr/local/bin/sudo <<'EOF' -#!/bin/sh -# sudo wrapper for simulation: -# - simulate installs with `apt-get -s install ...` -# - run `apt-get update` quietly (needed so apt -s has metadata) -# - otherwise echo the command (no-op) -cmd="$1" -arg2="${2:-}" -if [ "$cmd" = "apt" ] || [ "$cmd" = "apt-get" ]; then - if [ "$arg2" = "install" ]; then - shift 2 - echo "[sudo-wrapper] simulating: apt-get -s install $@" - apt-get -s install "$@" - exit $? - elif [ "$arg2" = "update" ]; then - # do not run update at runtime (may require extra privileges); simulate instead - echo "[sudo-wrapper] simulating: apt-get update (no-op in container)" - exit 0 - else - echo "[sudo-wrapper] would run: $@" - exit 0 - fi -else - echo "[sudo-wrapper] would run: $@" - exit 0 -fi -EOF -RUN chmod +x /usr/local/bin/sudo - -ENV PATH=/usr/local/bin:$PATH +# Configure passwordless sudo for all users (needed for script) +RUN echo 'ALL ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers WORKDIR /workspace ENTRYPOINT ["/bin/bash"] diff --git a/post_installation_script_test/README.md b/post_installation_script_test/README.md index f1df0af..ff41e8b 100644 --- a/post_installation_script_test/README.md +++ b/post_installation_script_test/README.md @@ -13,7 +13,7 @@ This directory contains everything needed to test the post-installation script i Provides a reproducible testing environment that allows: - Running the post-installation script without affecting the host system -- Simulating `apt` installations (safe, no real package changes) +- Real `apt` installations (isolated in container) - Testing script logic, prompts, and error handling - Validating syntax and tracing execution @@ -22,8 +22,8 @@ Provides a reproducible testing environment that allows: The Dockerfile includes: - Ubuntu 22.04 base image -- Simulated `sudo` wrapper that runs `apt-get -s install` (simulates installs without making changes) -- Useful utilities: `bash`, `wget`, `tar`, `curl`, `gnupg`, `ca-certificates`, `file`, `procps` +- Passwordless sudo for real apt installations +- Useful utilities: `bash`, `wget`, `tar`, `curl`, `gnupg`, `ca-certificates`, `file`, `procps`, `sudo` ## Usage @@ -49,12 +49,13 @@ sh 02_start_container_with_image.sh After container is started an interactive session was started in the container and the script can be started for testing ```bash -sh script.sh +ls -al +sh .sh ``` ## Security Notes - The script is mounted read-only (`:ro` flag) to prevent container from modifying host files -- Container runs with reduced privileges (`--cap-drop ALL --security-opt no-new-privileges`) -- The `sudo` wrapper simulates apt operations, so no packages are actually installed +- All apt installations are real but isolated in the container - Use `--tmpfs /tmp:rw` for any temporary writes inside the container +- Container is automatically removed after exit (`--rm` flag)