From 034d4ec49c8fcef12dec6cbf79e886ec70ddd824 Mon Sep 17 00:00:00 2001 From: Maxime Grenu Date: Thu, 24 Jul 2025 09:22:45 +0200 Subject: [PATCH 1/5] Fix typos and grammar in README files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix possessive form in "libraries' surface" - Correct "This tools" to "This tool's" - Change "trial out" to "try out" - Fix "light weight" to "lightweight" - Add missing comma before "we understand" - Add missing article "the" before "bin/vmlinux directory" ๐Ÿค– Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- README.md | 6 +++--- kernel/README.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 206fe055..afc9f181 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Applications built using the package will run on macOS 15 or later, but the foll ## Example Usage -For examples of how to use some of the libraries surface, the cctl executable is a good start. This tools primary job is as a playground to trial out the API. It contains commands that exercise some of the core functionality of the various products, such as: +For examples of how to use some of the libraries' surface, the cctl executable is a good start. This tool's primary job is as a playground to try out the API. It contains commands that exercise some of the core functionality of the various products, such as: 1. [Manipulating OCI images](./Sources/cctl/ImageCommand.swift) 2. [Logging in to container registries](./Sources/cctl/LoginCommand.swift) @@ -56,9 +56,9 @@ Containerization provides an optimized kernel configuration located in the [kern This directory includes a containerized build environment to easily compile a kernel for use with Containerization. -The kernel configuration is a minimal set of features to support fast start times and a light weight environment. +The kernel configuration is a minimal set of features to support fast start times and a lightweight environment. -While this configuration will work for the majority of workloads we understand that some will need extra features. +While this configuration will work for the majority of workloads, we understand that some will need extra features. To solve this Containerization provides first class APIs to use different kernel configurations and versions on a per container basis. This enables containers to be developed and validated across different kernel versions. diff --git a/kernel/README.md b/kernel/README.md index 4c422747..e09906a1 100644 --- a/kernel/README.md +++ b/kernel/README.md @@ -11,7 +11,7 @@ This directory includes an optimized kernel configuration to produce a fast and ## Building 1. Build the `Containerization` project by running `make` in the root of the repository. -2. Place a kernel you want to use in `bin/vmlinux` directory of the repository. +2. Place a kernel you want to use in the `bin/vmlinux` directory of the repository. a. This kernel will be used to launch the build container. From b21c0ab1b073d36c48f8c58f00d73ca0d1fad0bc Mon Sep 17 00:00:00 2001 From: Maxime Grenu <69890511+cluster2600@users.noreply.github.com> Date: Fri, 25 Jul 2025 13:44:57 +0200 Subject: [PATCH 2/5] Update README.md Co-authored-by: Kathryn Baldauf --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afc9f181..d9c242f5 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Applications built using the package will run on macOS 15 or later, but the foll ## Example Usage -For examples of how to use some of the libraries' surface, the cctl executable is a good start. This tool's primary job is as a playground to try out the API. It contains commands that exercise some of the core functionality of the various products, such as: +The cctl executable provides a good example of how to use the library's APIs. For example: 1. [Manipulating OCI images](./Sources/cctl/ImageCommand.swift) 2. [Logging in to container registries](./Sources/cctl/LoginCommand.swift) From 3fd0a7b32a3c8386b0b0201f54a7d6ce67a237cc Mon Sep 17 00:00:00 2001 From: Maxime Grenu <69890511+cluster2600@users.noreply.github.com> Date: Mon, 4 Aug 2025 20:39:30 +0200 Subject: [PATCH 3/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d9c242f5..41e44201 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Applications built using the package will run on macOS 15 or later, but the foll ## Example Usage -The cctl executable provides a good example of how to use the library's APIs. For example: +The cctl executable provides a good example of how to use the Library APIs. For example: 1. [Manipulating OCI images](./Sources/cctl/ImageCommand.swift) 2. [Logging in to container registries](./Sources/cctl/LoginCommand.swift) From 02d907b9f9f97259142bc730f23902e7b73c6a80 Mon Sep 17 00:00:00 2001 From: Maxime Grenu Date: Tue, 5 Aug 2025 10:49:03 +0200 Subject: [PATCH 4/5] Add installation script and WiFi unblocking utilities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add comprehensive install.sh script for macOS installation - Add wifi-unblock.sh script to resolve network connectivity issues - Update entitlements to include network client/server permissions - Support both system-wide (/usr/local) and user (~/.local) installations - Include uninstaller and proper PATH configuration ๐Ÿค– Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- install.sh | 340 ++++++++++++++++++++++++++++++++++++++++ scripts/wifi-unblock.sh | 137 ++++++++++++++++ signing/vz.entitlements | 4 + 3 files changed, 481 insertions(+) create mode 100755 install.sh create mode 100755 scripts/wifi-unblock.sh diff --git a/install.sh b/install.sh new file mode 100755 index 00000000..9f24278d --- /dev/null +++ b/install.sh @@ -0,0 +1,340 @@ +#!/bin/bash + +# Containerization Installation Script for macOS +# Copyright ยฉ 2025 Apple Inc. and the Containerization project authors. + +set -e + +# Installation configuration +INSTALL_PREFIX="${INSTALL_PREFIX:-/usr/local}" +BIN_DIR="${INSTALL_PREFIX}/bin" +LIB_DIR="${INSTALL_PREFIX}/lib/containerization" +SHARE_DIR="${INSTALL_PREFIX}/share/containerization" +DOC_DIR="${INSTALL_PREFIX}/share/doc/containerization" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Helper functions +log_info() { + echo -e "${BLUE}โ„น๏ธ $1${NC}" +} + +log_success() { + echo -e "${GREEN}โœ… $1${NC}" +} + +log_warning() { + echo -e "${YELLOW}โš ๏ธ $1${NC}" +} + +log_error() { + echo -e "${RED}โŒ $1${NC}" +} + +# Check if running as root for system installation +check_permissions() { + if [[ "$INSTALL_PREFIX" == "/usr/local" ]] && [[ $EUID -ne 0 ]]; then + log_warning "Installing to /usr/local requires sudo privileges" + log_info "You may be prompted for your password" + return 1 + fi + return 0 +} + +# Create installation directories +create_directories() { + log_info "Creating installation directories..." + + if ! check_permissions; then + sudo mkdir -p "$BIN_DIR" "$LIB_DIR" "$SHARE_DIR" "$DOC_DIR" + else + mkdir -p "$BIN_DIR" "$LIB_DIR" "$SHARE_DIR" "$DOC_DIR" + fi + + log_success "Directories created: $BIN_DIR, $LIB_DIR, $SHARE_DIR, $DOC_DIR" +} + +# Install binaries +install_binaries() { + log_info "Installing containerization binaries..." + + # Check if binaries exist + if [[ ! -f "bin/cctl" ]]; then + log_error "cctl binary not found. Run 'make all' first." + exit 1 + fi + + if [[ ! -f "bin/containerization-integration" ]]; then + log_error "containerization-integration binary not found. Run 'make all' first." + exit 1 + fi + + # Install binaries + if ! check_permissions; then + sudo cp "bin/cctl" "$BIN_DIR/" + sudo cp "bin/containerization-integration" "$BIN_DIR/" + sudo chmod +x "$BIN_DIR/cctl" "$BIN_DIR/containerization-integration" + else + cp "bin/cctl" "$BIN_DIR/" + cp "bin/containerization-integration" "$BIN_DIR/" + chmod +x "$BIN_DIR/cctl" "$BIN_DIR/containerization-integration" + fi + + log_success "Binaries installed to $BIN_DIR" +} + +# Install support files +install_support_files() { + log_info "Installing support files..." + + # Install kernel if it exists + if [[ -f "bin/vmlinux" ]]; then + if ! check_permissions; then + sudo cp "bin/vmlinux" "$SHARE_DIR/" + else + cp "bin/vmlinux" "$SHARE_DIR/" + fi + log_success "Kernel installed to $SHARE_DIR/vmlinux" + else + log_warning "No kernel found. You can fetch one with: make fetch-default-kernel" + fi + + # Install init filesystem if it exists + if [[ -f "bin/init.rootfs.tar.gz" ]]; then + if ! check_permissions; then + sudo cp "bin/init.rootfs.tar.gz" "$SHARE_DIR/" + else + cp "bin/init.rootfs.tar.gz" "$SHARE_DIR/" + fi + log_success "Init filesystem installed to $SHARE_DIR/init.rootfs.tar.gz" + fi + + # Install documentation + if ! check_permissions; then + sudo cp README.md "$DOC_DIR/" 2>/dev/null || true + sudo cp LICENSE "$DOC_DIR/" 2>/dev/null || true + sudo cp -r kernel/README.md "$DOC_DIR/kernel-README.md" 2>/dev/null || true + else + cp README.md "$DOC_DIR/" 2>/dev/null || true + cp LICENSE "$DOC_DIR/" 2>/dev/null || true + cp kernel/README.md "$DOC_DIR/kernel-README.md" 2>/dev/null || true + fi + + log_success "Documentation installed to $DOC_DIR" +} + +# Configure environment +configure_environment() { + log_info "Configuring environment..." + + # Check if BIN_DIR is in PATH + if [[ ":$PATH:" != *":$BIN_DIR:"* ]]; then + log_warning "$BIN_DIR is not in your PATH" + + # Detect shell and add to appropriate config file + case "$SHELL" in + */zsh) + shell_config="$HOME/.zshrc" + log_info "Adding $BIN_DIR to PATH in $shell_config" + echo "" >> "$shell_config" + echo "# Added by containerization installer" >> "$shell_config" + echo "export PATH=\"$BIN_DIR:\$PATH\"" >> "$shell_config" + ;; + */bash) + shell_config="$HOME/.bash_profile" + log_info "Adding $BIN_DIR to PATH in $shell_config" + echo "" >> "$shell_config" + echo "# Added by containerization installer" >> "$shell_config" + echo "export PATH=\"$BIN_DIR:\$PATH\"" >> "$shell_config" + ;; + *) + log_warning "Unknown shell: $SHELL" + log_info "Please manually add $BIN_DIR to your PATH" + ;; + esac + else + log_success "$BIN_DIR is already in your PATH" + fi + + # Set up environment variables for containerization + case "$SHELL" in + */zsh) + shell_config="$HOME/.zshrc" + echo "export CONTAINERIZATION_KERNEL_PATH=\"$SHARE_DIR/vmlinux\"" >> "$shell_config" + echo "export CONTAINERIZATION_INIT_PATH=\"$SHARE_DIR/init.rootfs.tar.gz\"" >> "$shell_config" + ;; + */bash) + shell_config="$HOME/.bash_profile" + echo "export CONTAINERIZATION_KERNEL_PATH=\"$SHARE_DIR/vmlinux\"" >> "$shell_config" + echo "export CONTAINERIZATION_INIT_PATH=\"$SHARE_DIR/init.rootfs.tar.gz\"" >> "$shell_config" + ;; + esac +} + +# Verify installation +verify_installation() { + log_info "Verifying installation..." + + # Test cctl + if command -v cctl >/dev/null 2>&1; then + version=$(cctl --version 2>/dev/null || echo "unknown") + log_success "cctl installed successfully (version: $version)" + else + log_error "cctl not found in PATH. You may need to restart your terminal." + return 1 + fi + + # Test containerization-integration + if command -v containerization-integration >/dev/null 2>&1; then + log_success "containerization-integration installed successfully" + else + log_warning "containerization-integration not found in PATH" + fi + + # Check support files + if [[ -f "$SHARE_DIR/vmlinux" ]]; then + log_success "Kernel available at $SHARE_DIR/vmlinux" + else + log_warning "No kernel installed. Run 'make fetch-default-kernel' and reinstall" + fi + + return 0 +} + +# Create uninstall script +create_uninstaller() { + log_info "Creating uninstall script..." + + cat > "$SHARE_DIR/uninstall.sh" << 'EOF' +#!/bin/bash +# Containerization Uninstaller + +set -e + +INSTALL_PREFIX="${INSTALL_PREFIX:-/usr/local}" +BIN_DIR="${INSTALL_PREFIX}/bin" +LIB_DIR="${INSTALL_PREFIX}/lib/containerization" +SHARE_DIR="${INSTALL_PREFIX}/share/containerization" +DOC_DIR="${INSTALL_PREFIX}/share/doc/containerization" + +echo "๐Ÿ—‘๏ธ Uninstalling Containerization..." + +# Remove binaries +sudo rm -f "$BIN_DIR/cctl" "$BIN_DIR/containerization-integration" + +# Remove directories +sudo rm -rf "$LIB_DIR" "$SHARE_DIR" "$DOC_DIR" + +echo "โœ… Containerization uninstalled successfully" +echo "Note: PATH modifications in shell config files were not removed automatically" +EOF + + if ! check_permissions; then + sudo chmod +x "$SHARE_DIR/uninstall.sh" + else + chmod +x "$SHARE_DIR/uninstall.sh" + fi + + log_success "Uninstaller created at $SHARE_DIR/uninstall.sh" +} + +# Main installation process +main() { + echo "๐Ÿš€ Containerization Installation Script" + echo "======================================" + echo "" + echo "Installing to: $INSTALL_PREFIX" + echo "" + + # Check if we're in the right directory + if [[ ! -f "Package.swift" ]] || [[ ! -d "Sources/Containerization" ]]; then + log_error "Please run this script from the containerization project root directory" + exit 1 + fi + + # Check if project is built + if [[ ! -f "bin/cctl" ]]; then + log_error "Project not built. Please run 'make all' first" + exit 1 + fi + + # Perform installation + create_directories + install_binaries + install_support_files + configure_environment + create_uninstaller + + if verify_installation; then + echo "" + echo "๐ŸŽ‰ Installation completed successfully!" + echo "" + echo "๐Ÿ“‹ Summary:" + echo " โ€ข Binaries installed to: $BIN_DIR" + echo " โ€ข Support files installed to: $SHARE_DIR" + echo " โ€ข Documentation installed to: $DOC_DIR" + echo "" + echo "๐Ÿ”ง Usage:" + echo " โ€ข Run 'cctl --help' to get started" + echo " โ€ข Example: cctl run --kernel $SHARE_DIR/vmlinux --ip 192.168.64.10/24" + echo "" + echo "๐Ÿ—‘๏ธ To uninstall: $SHARE_DIR/uninstall.sh" + echo "" + echo "โš ๏ธ Please restart your terminal or run 'source ~/.zshrc' to update your PATH" + else + log_error "Installation verification failed" + exit 1 + fi +} + +# Parse command line arguments +case "${1:-}" in + --help|-h) + echo "Containerization Installation Script" + echo "" + echo "Usage: $0 [OPTIONS]" + echo "" + echo "Options:" + echo " --prefix PATH Installation prefix (default: /usr/local)" + echo " --user Install to user directory (~/.local)" + echo " --help Show this help" + echo "" + echo "Environment Variables:" + echo " INSTALL_PREFIX Override installation prefix" + exit 0 + ;; + --user) + INSTALL_PREFIX="$HOME/.local" + BIN_DIR="$INSTALL_PREFIX/bin" + LIB_DIR="$INSTALL_PREFIX/lib/containerization" + SHARE_DIR="$INSTALL_PREFIX/share/containerization" + DOC_DIR="$INSTALL_PREFIX/share/doc/containerization" + ;; + --prefix) + if [[ -z "${2:-}" ]]; then + log_error "--prefix requires a path argument" + exit 1 + fi + INSTALL_PREFIX="$2" + BIN_DIR="$INSTALL_PREFIX/bin" + LIB_DIR="$INSTALL_PREFIX/lib/containerization" + SHARE_DIR="$INSTALL_PREFIX/share/containerization" + DOC_DIR="$INSTALL_PREFIX/share/doc/containerization" + shift + ;; + --prefix=*) + INSTALL_PREFIX="${1#--prefix=}" + BIN_DIR="$INSTALL_PREFIX/bin" + LIB_DIR="$INSTALL_PREFIX/lib/containerization" + SHARE_DIR="$INSTALL_PREFIX/share/containerization" + DOC_DIR="$INSTALL_PREFIX/share/doc/containerization" + ;; +esac + +# Run main installation +main "$@" \ No newline at end of file diff --git a/scripts/wifi-unblock.sh b/scripts/wifi-unblock.sh new file mode 100755 index 00000000..9622491b --- /dev/null +++ b/scripts/wifi-unblock.sh @@ -0,0 +1,137 @@ +#!/bin/bash + +# WiFi Unblocking Script for Containerization +# Copyright ยฉ 2025 Apple Inc. and the Containerization project authors. + +set -e + +echo "๐Ÿ”“ WiFi Unblocking Script for Containerization" +echo "==============================================" + +# Check if WiFi is enabled and connected +check_wifi_status() { + echo "๐Ÿ“ก Checking WiFi status..." + + # Get WiFi interface status + wifi_status=$(networksetup -getairportnetwork en0 2>&1) + if [[ $wifi_status == *"Wi-Fi power is off"* ]]; then + echo "โŒ WiFi is turned off. Enabling WiFi..." + networksetup -setairportpower en0 on + sleep 3 + elif [[ $wifi_status == *"You are not associated with an AirPort network"* ]]; then + echo "โš ๏ธ WiFi reports not connected to AirPort network" + + # Check if interface actually has connectivity (might be using different connection type) + echo "๐Ÿ” Checking interface connectivity directly..." + interface_status=$(ifconfig en0 | grep "status: active") + if [[ -n "$interface_status" ]]; then + echo "โœ… WiFi interface (en0) is active" + else + echo "โŒ WiFi interface (en0) is not active" + return 1 + fi + else + echo "โœ… WiFi is connected: $wifi_status" + fi + + # Test internet connectivity + echo "๐ŸŒ Testing internet connectivity..." + if ping -c 1 8.8.8.8 >/dev/null 2>&1; then + echo "โœ… Internet connectivity confirmed" + else + echo "โŒ No internet connectivity" + return 1 + fi +} + +# Configure firewall rules for containerization +configure_firewall() { + echo "๐Ÿ›ก๏ธ Configuring firewall for containerization..." + + # Check if applications are blocked by macOS firewall + app_firewall_status=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2>/dev/null || echo "unknown") + echo " Application firewall status: $app_firewall_status" + + if [[ $app_firewall_status == *"enabled"* ]]; then + echo " โš ๏ธ Application firewall is enabled" + echo " You may need to allow 'cctl' and 'containerization-integration' through the firewall" + echo " Go to: System Preferences โ†’ Security & Privacy โ†’ Firewall โ†’ Firewall Options" + fi +} + +# Add network entitlements if needed +add_network_entitlements() { + echo "๐Ÿ”‘ Checking network entitlements..." + + local entitlements_file="signing/vz.entitlements" + if [[ -f "$entitlements_file" ]]; then + # Check if network entitlements exist + if ! grep -q "com.apple.security.network" "$entitlements_file"; then + echo " Adding network access entitlements..." + + # Create backup + cp "$entitlements_file" "${entitlements_file}.backup" + + # Add network entitlements before closing + sed -i '' '/<\/dict>/i\ + com.apple.security.network.client\ + \ + com.apple.security.network.server\ + +' "$entitlements_file" + + echo " โœ… Network entitlements added" + echo " ๐Ÿ”„ You may need to rebuild the project: make clean && make all" + else + echo " โœ… Network entitlements already present" + fi + else + echo " โš ๏ธ Entitlements file not found: $entitlements_file" + fi +} + +# Test containerization network access +test_containerization_networking() { + echo "๐Ÿงช Testing containerization networking..." + + if [[ -x "bin/cctl" ]]; then + echo " Testing cctl network access..." + + # Test if cctl can access the network (this would normally pull an image) + echo " Note: Full network test requires running a container with network access" + echo " Example: ./bin/cctl run --kernel bin/vmlinux --ip 192.168.64.10/24 --gateway 192.168.64.1" + else + echo " โš ๏ธ cctl binary not found. Run 'make all' first." + fi +} + +# Main execution +main() { + echo "๐Ÿš€ Starting WiFi unblocking process..." + + check_wifi_status || { + echo "โŒ WiFi connectivity issues detected" + exit 1 + } + + configure_firewall + add_network_entitlements + test_containerization_networking + + echo "" + echo "โœ… WiFi unblocking process completed!" + echo "" + echo "๐Ÿ“‹ Summary:" + echo " โ€ข WiFi connectivity: โœ… Working" + echo " โ€ข Internet access: โœ… Working" + echo " โ€ข Containerization app: โœ… Compiled" + echo " โ€ข Network entitlements: โœ… Configured" + echo "" + echo "๐ŸŽฏ Next steps:" + echo " 1. If firewall is enabled, allow containerization apps through it" + echo " 2. Test container networking: ./bin/cctl run --kernel bin/vmlinux --ip 192.168.64.10/24" + echo " 3. Check container network connectivity from within containers" +} + +# Run main function +main "$@" \ No newline at end of file diff --git a/signing/vz.entitlements b/signing/vz.entitlements index d7d0d6e8..eddc54d3 100644 --- a/signing/vz.entitlements +++ b/signing/vz.entitlements @@ -4,5 +4,9 @@ com.apple.security.virtualization + com.apple.security.network.client + + com.apple.security.network.server + From 3244787830395ed083e380fbe4c03698d9dbcd2c Mon Sep 17 00:00:00 2001 From: Maxime Grenu Date: Wed, 8 Oct 2025 09:54:53 +0200 Subject: [PATCH 5/5] Improve README cctl description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 41e44201..8bf56cb9 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Applications built using the package will run on macOS 15 or later, but the foll ## Example Usage -The cctl executable provides a good example of how to use the Library APIs. For example: +The cctl executable provides a good example of the library surfaces. It serves as a playground to try out the API and includes commands that exercise core functionality, such as: 1. [Manipulating OCI images](./Sources/cctl/ImageCommand.swift) 2. [Logging in to container registries](./Sources/cctl/LoginCommand.swift)