From a5ac6f0224e7a289053a3ea7e6f535ae945a3089 Mon Sep 17 00:00:00 2001
From: Rantanen Ville <ville.rantanen@helsinki.fi>
Date: Thu, 27 Apr 2017 12:00:07 +0300
Subject: [PATCH] initial

---
 Dockerfile           | 16 ++++++++
 README.md            | 17 +++++++++
 bootstuff.sh         |  8 ++++
 build-run            | 91 ++++++++++++++++++++++++++++++++++++++++++++
 userinit.sh.template | 82 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 214 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100755 bootstuff.sh
 create mode 100755 build-run
 create mode 100755 userinit.sh.template

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e987ea7
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM ubuntu:16.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+    apt-get install -y --allow-unauthenticated vim openssh-server mc \ 
+       less mercurial wget boxes firefox chromium-browser sudo netcat \
+       lxde vnc4server net-tools terminator lxappearance figlet && apt-get clean
+RUN hg clone https://bitbucket.org/MoonQ/tools /usr/local/share/q-tools
+
+ADD bootstuff.sh /
+ADD userinit.sh /
+ADD vnc_passwd /
+RUN /userinit.sh
+
+
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2ddbede
--- /dev/null
+++ b/README.md
@@ -0,0 +1,17 @@
+# Sandbox X environment in Docker
+
+This setup creates a VNC server running LXDE with two browsers installed
+(chromium and firefox). 
+The executable connects to the container with SSH. Once SSH session exits,
+the container is destroyed. The executable automatically starts `vncviewer`
+after starting the container if --vnc passed.
+
+Run the `build-run` script to build and run the container.
+Following arguments may be passed:
+
+* `--vnc`        Starts vncviewer
+* `--geometry`   Default geometry for VNC server, e.g. `1024x768`
+* `--new-passwd` Generates a new random `vnc_passwd` file used
+  for authenticating the VNC client.
+
+
diff --git a/bootstuff.sh b/bootstuff.sh
new file mode 100755
index 0000000..f6a8889
--- /dev/null
+++ b/bootstuff.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+
+service ssh start
+while true; do 
+  MSG=$( nc -l -p 1515 127.0.0.1 < /dev/null )
+  [[ "$MSG" = "exit" ]] && exit
+done
diff --git a/build-run b/build-run
new file mode 100755
index 0000000..842d0e8
--- /dev/null
+++ b/build-run
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+function helpexit() {
+    echo "Start a Docker session with LXDE and VNC server."
+    echo "NOTE: Docker image is stopped and destroyed when ssh shell exits!"
+    echo "  --vnc            Start VNC viewer"
+    echo "  --geometry WxY   VNC Default screen size"
+    echo "  --new-passwd     Generate new random VNC password file"
+    echo "  --help   This help"
+    exit
+}
+function pwgen() {
+  dd if=/dev/random of=vnc_passwd bs=1 count=8
+}
+function rsagen() {
+  rm -f .id_rsa .id_rsa.pub
+  ssh-keygen -t rsa -b 1024 -N "" -f .id_rsa
+}
+
+for (( i=1; i<=$#; i++ )); do
+  j=$(( $i + 1 ))
+  [[ "${!i}" = "--help" ]] && helpexit                                            
+  [[ "${!i}" = "-h" ]] && helpexit                                            
+  [[ "${!i}" = "--vnc" ]] && { VNC=1; continue; }
+  [[ "${!i}" = "--new-passwd" ]] && { pwgen; continue; }
+  [[ "${!i}" = "--geometry" ]] && { 
+      VNCSIZE="-geometry ${!j}"; 
+      [[ "$VNCSIZE" = *x* ]] || {
+        echo "VNC geometry must be of format WxH, e.g. 1024x768"
+        exit 1
+      }
+      continue; 
+  }
+done
+set -e
+[[ -f vnc_passwd ]] || pwgen
+[[ -f .id_rsa.pub ]] || rsagen
+[[ -f .id_rsa ]] || rsagen
+
+
+cd $( dirname $( readlink -f $0 ) )
+
+export USER=$( id -u -n )
+export USERID=$( id -u )
+export USERGID=$( id -u )
+cat userinit.sh.template | \
+  sed 's,--USER--,'$USER',g' | \
+  sed 's,--USERID--,'$USERID',g' | \
+  sed 's,--USERGID--,'$USERGID',g' | \
+  sed 's,--PUBKEY--,'"$( cat .id_rsa.pub )"',' > userinit.sh
+
+chmod 755 userinit.sh
+
+image=$( basename $( dirname $( readlink -f $0 ) ) )
+echo $image
+
+docker build -t $image . 
+nname=$image$$
+
+docker run --rm -v /mnt:/mnt -v /media:/media -v $HOME/:/host_home  \
+    --privileged \
+    -h $nname --name $nname $image \
+    bash /bootstuff.sh $USER &
+    
+echo $nname    
+while :; do
+  sleep 3
+  IP=$( docker inspect --format '{{ .NetworkSettings.IPAddress }}' $nname )
+  [[ -z "$IP" ]] || break
+done
+echo $IP
+while :; do
+  sleep 3
+  ssh-keyscan $IP && break
+done
+
+[[ "$VNC" -eq 1 ]] && {
+  ssh -i .id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $USER@$IP /home/$USER/bin/vncs "$VNCSIZE"
+  while :; do
+    wget -qO- ${IP}:5900 && break
+    sleep 5
+  done
+  vncviewer -passwd vnc_passwd ${IP}:5900 &> /dev/null &
+}
+ssh -i .id_rsa -XY -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $USER@$IP #&& break
+echo "Shutting down $nname"
+sleep 1
+docker stop $nname >/dev/null &
+
+
+
diff --git a/userinit.sh.template b/userinit.sh.template
new file mode 100755
index 0000000..bbccfaf
--- /dev/null
+++ b/userinit.sh.template
@@ -0,0 +1,82 @@
+#!/bin/bash
+
+## THIS FILE gets overwritten! 
+
+
+USR=--USER--
+addgroup  --gid --USERGID-- $USR
+useradd --uid --USERID-- --gid --USERGID-- -m $USR
+echo "$USR ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+mkdir /home/$USR/.ssh /home/$USR/.vnc /home/$USR/bin
+echo '--PUBKEY--' > /home/$USR/.ssh/authorized_keys
+chmod 700 /home/$USR/.ssh
+chmod 600 /home/$USR/.ssh/authorized_keys
+chsh -s /bin/bash $USR
+cp /vnc_passwd /home/$USR/.vnc/passwd
+chmod 600 /home/$USR/.vnc/passwd
+echo '#!/bin/sh
+[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
+[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
+
+xsetroot -solid grey
+vncconfig -iconic &
+terminator &
+openbox &
+lxpanel -p LXDE &
+pcmanfm --desktop --profile LXDE &
+/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 *
+' > /home/$USR/.vnc/xstartup
+
+echo "#!/bin/bash
+
+vncserver :0 -depth 24 \$1 \
+ -geometry 1680x1050 \
+ -geometry 800x600 \
+ -geometry 1024x768 \
+ -geometry 1280x1024 \
+ -geometry 1600x1200 \
+ -geometry 1280x720
+" > /home/$USR/bin/vncs
+
+echo "#!/bin/bash
+
+echo exit | nc -w 1 127.0.0.1 1515
+" > /home/$USR/bin/exit-safe
+chmod 755 /home/$USR/bin/*
+
+
+cat <<'EOF' > /tools-install.sh
+#!/bin/bash
+
+test -f $HOME/.bashrc || sed 's,#force_color_prompt=yes,force_color_prompt=yes,' /etc/skel/.bashrc > $HOME/.bashrc
+test -f $HOME/.profile || cp /etc/skel/.profile $HOME/.profile
+echo "echo \$HOSTNAME | figlet" >> $HOME/.profile
+echo "echo To exit and shutdown properly, type \'exit-safe\'" >> $HOME/.profile
+
+mkdir -p $HOME/lib
+mkdir -p $HOME/bin
+mkdir -p $HOME/.config/autostart
+pushd $HOME/lib > /dev/null
+echo "Getting Tools repository"
+ln -s /usr/local/share/q-tools tools
+echo "Checking and adding tools/bin"
+touch $HOME/.bash_cdhistory  $HOME/.qcd
+grep /lib/tools/rc $HOME/.bashrc > /dev/null || ( echo '. $HOME/lib/tools/rc' >> ~/.bashrc )
+[[ -f $HOME/bin/xsessionrc ]] || {
+    cp $HOME/lib/tools/skel/xsessionrc $HOME/bin/xsessionrc
+    chmod 755 $HOME/bin/xsessionrc
+}
+[[ -f $HOME/.config/autostart/xsessionrc.desktop ]] || {
+    $HOME/lib/tools/bin/fimplate -e $HOME/lib/tools/skel/xsessionrc.desktop > $HOME/.config/autostart/xsessionrc.desktop
+}
+
+popd > /dev/null
+EOF
+chown -R $USR:$USR /home/$USR/ 
+runuser -u $USR -- bash /tools-install.sh
+
+echo "alias ff='firefox -no-remote &> /dev/null &'" >> /home/$USR/.bashrc
+echo "alias cb='chromium-browser &> /dev/null &'" >> /home/$USR/.bashrc
+
+chown -R $USR:$USR /home/$USR/
+