Toolbx

Fedora Silverblue 作为不可变操作系统,是非常适合用于进行容器相关的开发的。我们也非常欢迎你在 Fedora Silverblue 使用 buildahpodman 完成容器相关的工作。

Fedora Silverblue also comes with the toolbx utility, which uses containers to provide an environment where development tools and libraries can be installed and used.

Why use toolbx?

Toolbx makes it easy to use a containerized environment for everyday software development and debugging. On immutable operating systems, like Fedora Silverblue, it provides a familiar package-based environment in which tools and libraries can be installed and used. However, toolbx can also be used on package-based systems.

Using Toolbx for running your workflows in a containerized manner brings you several advantages:

  • 它使得宿主系统干净且稳定,也有效避免了安装大量开发工具和软件包之后可能发生的混乱。

  • 不管你运行的哪个版本的 Fedora,所有受支持的发行版都在 toolbox 中可用。

  • 容器是隔离和组织不同项目依赖的好方法。

  • 容器是做实验的好地方:一旦出了问题,只需要删除容器重新开始就行了。

However, it is very important to note that toolbx containers are still integrated with your host system, so you should not attempt to do things or run software you otherwise wouldn’t on your host system. Toolbx containers are not completely isolated environments like virtual machines.

工作原理

Toolbx takes the work out of using containers, by providing a small number of simple commands to create, enter, list and remove containers. It also integrates toolbx containers into your regular working environment, to make it easy for you to use them as an everyday development space.

Containers are created from images and those are usually a very stripped down version of distributions. In such images there are almost no tools and documentation available. The team behind Toolbx maintains a Fedora image where such tools and documentation are available, providing a good out of the box experience.

Each toolbx container is an environment that you can enter from the command line. Inside each one, you will find:

  • 已有的账户及其权限

  • 用户目录以及其他几个目录的访问能力

  • 对于系统以及会话的 D-Bus,系统日志以及 Kerberos 认证信息的访问权限

  • 常见命令行工具,包括软件包管理器(例如 Fedora 附带的 DNF)

In other words, toolbx containers look, feel and behave like a standard Linux command line environment. By connecting all this information, toolbx containers lose a certain amount of security gained by using the containers technology. Therefore, you should not treat toolbx containers as a sandbox where you can execute any script you would never run on any other system.

In most cases, when a command is run inside a container, the program from inside the container is used. However, there are a few special cases where the program on the host is used instead (using flatpak-spawn). One example of this is the toolbox command itself; this makes it possible to use toolbx from inside toolbx containers.

安装

Fedora Silverblue

Toolbx is preinstalled on Fedora Silverblue.

Fedora Workstation

Toolbx can be installed on Fedora Workstation (or any package-based version of Fedora) with the following command:

$ sudo dnf install toolbox

创建第一个 Toolbox 实例

Once toolbx is installed, two simple commands are required to get started:

$ toolbox create

This will download an OCI image and create a toolbx container from it. Once this is complete, run:

$ toolbox enter

在进入 Toolbox 容器后,你就可以访问常见的命令行工具,并使用软件包管理器(例如 Fedora 的 DNF)安装更多新的工具。

When the prompt is inside a toolbox, it is prepended with a diamond: this indicates that the prompt is inside a toolbx container. The diamond symbol may not be present if you use a custom shell theme.

命令与用法

toolbox create [options] <name>

Creates a toolbx container. This will download an OCI image if one isn’t available (this is required to create the container). By default an image matching the version of the host is used. If the host system does not have a matching image, a Fedora image is used instead.

如果不添加任何参数, toolbox create 会自动为容器命名。如果需要创建多个容器,使用 <name> 参数为容器命名。

如果你希望指定映像搭载发行版的版本(例如你希望在 Fedora 34 上获取 Fedora 32 的映像),使用 --release <release> | -r <release> 选项。

To use a different distribution to create a toolbx container (e.g., RHEL on Fedora), use the --distro <distro> | -d <distro> option.

要使用不同的映像文件,使用 --image <name> | -i <name> 选项。

toolbox enter [options] <name>

进入容器以作交互使用。如果不添加任何参数, toolbox enter 会打开默认的 Toolbox 容器。

如果你有多个容器,可以使用 name 指定你需要进入的容器。

要想指定你要进入容器的发行版(例如在 RHEL 使用 Fedora 的 Toolbox),使用 --distro <distro> |-d <distro> 选项。

要想指定你要进入容器的版本(例如在 RHEL 8.3 使用 RHEL 8.1 的 Toolbox),使用 --release <release> | -r <release> 选项。

toolbox run [options] <cmd> <arg …​>

在容器环境中执行特定命令,但不进入容器。如果不添加任何参数, toolbox run 会在默认的 Toolbox 容器执行你的命令。

如果你有多个容器,可以使用 --container <name> | -c <name> 指定你需要使用的容器。

要想指定执行命令所用容器的发行版(例如在 RHEL 使用 Fedora 的 Toolbox),使用 --distro <distro> |-d <distro> 选项。

要想指定执行命令所用版本(例如在 RHEL 8.3 使用 RHEL 8.1 的 Toolbox),使用 --release <release> | -r <release> 选项。

toolbox list [options]

Lists local toolbx images and containers.

如果希望只列出容器,使用 --containers | -c 选项。

如果希望只列出映像,使用 --images | -i 选项。

toolbox rm [options] <name …​>

Removes one or more toolbx containers.

使用 --force | -f 参数以强制删除正在运行的容器。

The --all | -a option removes all toolbx containers.

toolbox rmi [options] <name …​>

Removes one or more toolbx images.

如果需要移除指定映像的同时移除所有使用该映像创建的容器,使用 --force | -f 选项。

The --all | -a option removes all toolbx images.

toolbox --help

Shows Toolbx’s manual page.

离开 Toolbox 环境

要回到宿主环境,可以执行 exit 或者退出当前 Shell(也就是按下 Ctrl+D)。

背后实现

Toolbx uses the following technologies:

交流与沟通

To report issues, make suggestions, or contribute fixes, see toolbx’s GitHub project.

To get in touch with toolbx users and developers, use Fedora’s Discourse instance, or join the #silverblue IRC channel on Libera.

Want to help? Learn how to contribute to Fedora Docs