Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • develop protected
  • v2.10.17
  • v2.10.16
  • v2.10.15
  • v2.10.14
  • v2.10.13
  • v2.10.12
  • v2.10.11
  • v2.10.10
  • v2.10.9
  • v2.10.8
  • v2.10.7
  • v2.10.6
  • v2.10.5
  • v2.10.4
  • v2.10.3
  • v2.10.2
  • v2.10.1
  • v2.10.0
  • test3
  • test2
22 results
Blame Permalink
prepareMac4L3d 3.36 KiB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89 






#!/usr/bin/env bash

# Credit: https://github.com/mariusgrigaitis/docker-mac-ssh-auth-sock

SOCATID=$(docker container ls --all -q -f name=l3d_socat)
if [[ -n ${SOCATID} ]]; then
  exit 0
fi

if ! which socat >/dev/null; then
    echo "socat is missing. Install it and make sure the executable is in the local search path."
    echo "For help see https://stackoverflow.com/questions/16808543/install-socat-on-mac"
    exit 1
fi

if ! docker ps >/dev/null; then
    echo "Docker for Mac is not running. Make sure it's running."
    exit 1
fi

if [[ -z "${SSH_AUTH_SOCK}" ]]; then
    echo "SSH_AUTH_SOCK is missing. Is ssh-agent running?"
    exit 1
fi

if ! test -S ${SSH_AUTH_SOCK}; then
    echo "$SSH_AUTH_SOCK is not a socket. Check agent?"
    exit 1
fi

TTY_FILE=~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
TTY_FILE_NEW=~/Library/Containers/com.docker.docker/Data/vms/0/tty

if ! test -c $TTY_FILE; then
    echo "$TTY_FILE is not available. Docker for Mac setup has changed? Trying newer file..."
    if ! test -c $TTY_FILE_NEW; then
        echo "$TTY_FILE_NEW is not available. Docker for Mac setup has changed? Giving up."
        exit 1
    else
        TTY_FILE=$TTY_FILE_NEW
    fi
fi

# This is where the UGLY hack starts
#
# Problem: if you do: docker run -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK container
# you get a socket file which is mounted over osxfs from Mac host.
# This socket file can't be reused or removed because it would make ssh commands on
# host machine to not work
#
# Solution:
# 1. connect to VM over special tty channel
# 2. create an empty directory
# 3. bind mount that empty directory over $SSH_AUTH_SOCK directory
# 4. Profit
#
# This makes other docker containers see the created directory instead of osxfs mounted one.
# It also allows to create socket file under same path that does not collide with host one.
# Command is sent over special tty channel to Docker for Mac VM and does not check for errors, etc
# meaning it could be very "unreliable"
COMMAND="mkdir -p /ssh-auth-sock-hack && mount -o bind /ssh-auth-sock-hack $(dirname $SSH_AUTH_SOCK) && rmdir $SSH_AUTH_SOCK"

echo ctr -n services.linuxkit tasks exec --exec-id 'ssh-$(hostname)-$$' '$(ctr -n services.linuxkit tasks ls -q | grep docker)' sh -c \"$COMMAND\" > $TTY_FILE
# give some time for command to execute.
sleep 1

echo "Docker for Mac is now prepared."

echo "Starting socket proxy."
# This is where the proxying magic happens
# On host machine it connects to $SSH_AUTH_SOCK socket and pipes output to stdout, takes input from stdin
# On docker VM it launches a container running socat, which creates a socket file under $SSH_AUTH_SOCK path, accepts
# input and forwards it to stdout/stdin
# socat running on host machine connects stdin/stdout between those two sockets can communicate over stdin/stdout
#
# This is not really reliable because forwarding input/output over stdin/stdout does not allow for multiple communications
# at the same time. It fails when doing multiple connections to $SSH_AUTH_SOCK at the same time.
exec socat "EXEC:\"docker run -i --rm --name l3d_socat -v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) alpine/socat UNIX-LISTEN:$SSH_AUTH_SOCK,reuseaddr,fork -\"" "EXEC:\"socat - UNIX:${SSH_AUTH_SOCK}\"" &

echo "Waiting ..."
sleep 2
SOCATID=$(docker container ls --all -q -f name=l3d_socat)
if [[ -n ${SOCATID} ]]; then
  ssh-add
  echo "All set!"
  exit 0
fi
exit 1