Issue 18 (#20)

* Be smarter about using sudo.  #18

* Cosmetic fix

* Added 'drain' command

---------

Co-authored-by: Mark Feit <[email protected]>

README.md

@@ -12,9 +12,15 @@ consistent user experience.
 DDB is intended for use in expendable development systems.  **It is
 not for use in production.**
 
-Because DDB depends on a user's ability to become the superuser,
-containers being run by one user are accessible to any other user with
-the same rights.  The separation between users provided is for
+DDB will run Docker as the invoking user if that user is the superuser
+or is in the `docker` group.  Otherwise, it will attempt to escalate
+to the superuser using `sudo(8)`.  If you have containers and images
+built as the superuser with older versions of DDB, it can be forced
+into the old behavior by setting the environment variable
+`DDB_FORCE_ROOT` to any non-empty value.
+
+Containers being run as the superuser are accessible to any other user
+with the same rights.  The separation between users provided is for
 convenience, not security.
 
 
@@ -261,6 +267,13 @@ Aliases:
   * `ddbh` = `ddb halt`
 
 
+### `drain` - Remove all DDB images and containers
+
+This command will remove all DDB-created images and containers and
+will prune all dangling Docker resources if the `--prune` switch is
+present.  Note that pruning may remove non-DDB resources.
+
+
 ## Everything Else
 
 Some of the ideas for docker-devbox came from Akihiro Suda's

libexec/commands/drain

@@ -0,0 +1,110 @@
+#!/bin/sh -e
+#
+# Remove all DDB containers and images and optionally prune
+#
+#BEGIN-HELP
+#
+# Usage:  drain [ OPTIONS ]
+#
+# Options:
+#    --prune     Do a docker system prune at the end
+#    --help      This help
+#
+#END-HELP
+#
+
+
+. "$(dirname $0)/../common"
+
+CONTAINER_LIST="${TMPBASE}/containers"
+${WHEREAMI}/ps > "${CONTAINER_LIST}"
+
+IMAGE_LIST="${TMPBASE}/images"
+${WHEREAMI}/images > "${IMAGE_LIST}"
+
+if [ ! -s "${CONTAINER_LIST}" -a ! -s "${IMAGE_LIST}" ]
+then
+    echo "Nothing to remove."
+    exit 0
+fi
+
+PRUNE=false
+
+while echo "$1" | egrep -qe '^--'
+do
+    case "$1" in
+	--help)
+	    self_help
+	    ;;
+
+	--prune)
+	    PRUNE=true
+	    shift
+	    ;;
+
+	*)
+	    echo "Unknown option $1" 1>&2
+	    exit 1
+    esac
+done
+
+[ $# -eq 0 ] || self_help 1
+
+
+#
+# Main Program
+#
+
+if [ -t 0 ]
+then
+    if [ -s "${CONTAINER_LIST}" ]
+    then
+	echo
+	echo "The following containers will be removed:"
+	sed -e "s/^/    /" "${CONTAINER_LIST}"
+    fi
+
+    if [ -s "${IMAGE_LIST}" ]
+    then
+	echo
+	echo "The following images will be removed:"
+	sed -e "s/^/    /" "${IMAGE_LIST}"
+    fi
+
+    if ${PRUNE}
+    then
+	echo
+	echo "All dangling resources (even those not DDB-related) will be pruned."
+    fi	
+
+    echo
+    echo "Press Enter to continue or ^C to abort."
+    read
+fi
+
+
+if [ -s "${CONTAINER_LIST}" ]
+then
+    echo
+    echo Removing containers:
+    sed -e "s/^/${DDB_CONTAINER_PREFIX}/" "${CONTAINER_LIST}" \
+	| xargs ${DOCKER} rm -f
+fi
+
+if [ -s "${IMAGE_LIST}" ]
+then
+    echo
+    echo Removing images:
+    sed -e "s/^/${DDB_CONTAINER_PREFIX}/" "${IMAGE_LIST}" \
+	| xargs ${DOCKER} image rm -f
+fi
+
+
+if ${PRUNE}
+then
+    echo
+    echo Pruning:
+    ${DOCKER} system prune -f
+fi
+
+exit 0

libexec/commands/ps

@@ -7,4 +7,4 @@
 . "$(dirname $0)/../common"
 
 $DOCKER container list  --format "{{.Names}}\n" --all --filter "name=^${DDB_CONTAINER_PREFIX}" \
-	| sed -e "s/^${DDB_CONTAINER_PREFIX}//"
+	| sed -e "s/^${DDB_CONTAINER_PREFIX}//; /^\$/d"

libexec/common

@@ -38,12 +38,21 @@ export DDB_COMMANDS="${DDB}/commands"
 
 TMPBASE=$(mktemp -d)
 
-
-if [ "$(id -u)" = 0 -o "$(uname -s)" = "Darwin" ]
+# Run docker without root if:
+#  - The user is root
+#  - The user is on macOS (TODO: This may not be necessary)
+#  - The user is in the docker group
+#  - DDB_FORCE_ROOT isn't set
+
+if [ "$(id -u)" -eq 0 \
+		-o "$(uname -s)" = 'Darwin' \
+		-o "$(id -Gn | tr ' ' '\n' | fgrep -x docker | wc -l)" -eq 1 \
+		-a -z "${DDB_FORCE_ROOT}" \
+   ]
 then
-    DOCKER="docker"
+    DOCKER=docker
 else
-    DOCKER="sudo docker"
+    DOCKER='sudo docker'
 fi