diff --git a/README.md b/README.md
index 5f4589f..e39bf8a 100644
--- a/README.md
+++ b/README.md
@@ -8,74 +8,80 @@
+# WARNING:
+```
+* Your warranty is void.
+* I am not responsible for anything that may happen to your device by using this program.
+* You do it at your own risk and take the responsibility upon yourself.
+* This project is open source, you can make your own fork/rewrite but not to blame the author.
+* Docker is a registered trademark of Docker, Inc. This program has no relationship with it.
+* This program has no Super Cow Powers.
+```
+This project does not follow OCI standard and can only be a `PARTIAL` replacement of docker, this project is still under development.
+For Android users, You might need to root your phone before using rurima, some container might not work properly with proot.
+# Features:
+- Get rootfs images from dockerhub or LXC mirror.
+- Automatic parse docker image config and convert to ruri cmdline.
+- Unpack rootfs images with or without root privileges.
+- Backup/Restore rootfs with tar.
+- Built-in container runtime by ruri.
+- Static binary for multiple architectures.
+- Built-in OTA(upgrade) feature.
+
+In a word, rurima is a lightweight container implementation, it tries to get the most features of docker with the least dependencies, even when your kernel does not support cgroups or namespaces.
+
+# Terms of Use:
+See [TERMS_OF_USE.md](TERMS_OF_USE.md)
+# Full usage doc:
+For a full usage documentation,
+See [USAGE.md](doc/USAGE.md).
# Send us your feedback!
-Your use case, your suggestions, and some ideas, anyway, we would love to hear from you!
+Your use case, your suggestions, anyway, we would love to hear from you!
[Discussions](https://github.com/RuriOSS/rurima/discussions/16)
# Also, keep up to date:
Some updates and news will be posted on:
[Twitter(X)](https://x.com/RuriOSS)
-And, dont forget to `rurima ota` to get the latest build!
+And, don't forget to `rurima ota` to get the latest build!
# What's new:
-- Some other OCI compatible registry support like ghcr.io could work with `-f/--fallback` option enabled now.
-# The first release:
-v0.9.0 is the first release of rurima, some feature are still WIP, but it is already usable as the extended version of ruri.
+- We have a unified `pull` command to get images from dockerhub or LXC mirror now.
+- Some other OCI compatible registry like ghcr.io could work with `-f/--fallback` option enabled now.
# Backward compatibility:
We promise that rurima has backward compatibility of documented parts since v0.9.x, all unstable parts will be explicitly marked as WIP or unstable, and ruri has already been backward compatible. Users can always keep `rurima ota` to get the latest build.
For any issue, please notify us, and we will fix it ASAP.
# About:
So, what is rurima?
The enhanced version of ruri.
-ruri only focus on running container, but rurima can also provide the function of getting rootfs image and backup/restore.
+[ruri](https://github.com/Moe-hacker/ruri) only focus on running container, but rurima can also provide the function of getting rootfs image and backup/restore.
And it will be a more powerful container manager in the fulture.
With the `docker` and `lxc` subcommand of rurima, you can search & get & unpack images from dockerhub or LXC mirror easily.
-## Not Only Ruri Container Manager:
-Rurima was planned to be the ruri container manager, but as rurima has a full integration of ruri now, you can just use it as a more powerful version of ruri, although the container manager function is still WIP.
-For more info about ruri, see [ruri](https://github.com/Moe-hacker/ruri)
-## Note & WIP:
-This project does not follow OCI and can only be a `PARTIAL` replacement of docker, this project is still under development.
-## Terms of Use:
-See [TERMS_OF_USE.md](TERMS_OF_USE.md)
-## For Android user:
-You might need to root your phone before using rurima, some container might not work properly with proot.
-# Full usage doc:
-For a full usage documentation,
-See [USAGE.md](doc/USAGE.md)
-# WARNING:
-```
-* Your warranty is void.
-* I am not responsible for anything that may happen to your device by using this program.
-* You do it at your own risk and take the responsibility upon yourself.
-* This project is open source, you can make your own fork/rewrite but not to blame the author.
-* Docker is a registered trademark of Docker, Inc. This program has no relationship with it.
-* This program has no Super Cow Powers.
-```
# Download:
You can get rurima binary (staticly linked) for arm64, armv7, armhf, riscv64, i386, loong64, s390x, ppc64le and x86_64 from the release page.
Or run the follwing command to get rurima to ./rurima and ./rurima-dbg(debug version):
```sh
. <(curl -sL https://get.ruri.zip/rurima)
```
-# The new pull subcommand:
-It's a wrap of docker/lxc pull subcommand.
-For example:
-```sh
-rurima pull alpine:edge ./test
+# Install dependencies:
+For termux, run:
```
-```sh
-rurima pull whyour/qinglong ./test
+pkg install wget curl jq coreutils file proot tar xz-utils gzip
```
-```sh
-rurima pull ubuntu ./test
+For Debian/Ubuntu based system, run:
+```
+apt install wget curl jq coreutils file proot tar xz-utils gzip
+```
+For RedHat/CentOS/Fedora based system, run:
+```
+dnf install wget curl jq coreutils file proot tar xz gzip
+```
+For Alpine based system, run:
+```
+apk add wget curl jq coreutils file proot tar xz gzip
```
-It will search lxc image first, if not found, it will auto try to pull rootfs from dockerhub.
# About suid or caps:
Rurima does not allow to set any suid/sgid (with root) or capability on it, it will check it in main() and error() if detected these unsafe settings.
So, please always use sudo instead.
# Reporting bugs:
Please use the debug version(rurima-dbg) in release to get debug logs, and please tell me the command you run to cause the unexpected behavior you think!
-# NOTICE:
-This program is not official tool of docker or dockerhub, you can report bugs here, but this program has no relation with docker.
-Docker is a registered trademark of Docker, Inc.
# Dependent:
rurima needs tar, xz, gzip, file, you can find these static binary for aarch64, armv7, x86_64, i386 or riscv64 in:
[tar-static](https://github.com/Moe-sushi/tar-static)
@@ -100,9 +106,15 @@ https://mirrors.tuna.tsinghua.edu.cn/alpine/edge/testing/aarch64/proot-static-5.
```
and finally, tar -xvf *.apk to unpack it. So you got proot.static, rename it to proot and put it in your $PATH.
# TODO:
-Manage ruri containers and configs.
-Config support, a bit like Dockerfile.
+
+Manage ruri containers and configs.
+sfx pack for container images.
....
+
+# License:
+Licensed under the MIT License.
+Copyright (c) 2024-2025 Moe-hacker.
+
---------
「僕らタイムフライヤー
diff --git a/net_wrapper.sh b/blob/net_wrapper.sh
similarity index 100%
rename from net_wrapper.sh
rename to blob/net_wrapper.sh
diff --git a/build.c b/build.c
index c56e1a9..f7a384d 100644
--- a/build.c
+++ b/build.c
@@ -748,6 +748,9 @@ void default_cflags(void)
check_and_add_cflag("-Wl,--strip-all", false);
check_and_add_cflag("-U_FORTIFY_SOURCE", false);
check_and_add_cflag("-D_FORTIFY_SOURCE=3", false);
+ check_and_add_cflag("-fvisibility=hidden", false);
+ check_and_add_cflag("-fsanitize=cfi", false);
+ check_and_add_cflag("-fsanitize=safe-stack", false);
}
// Dev cflags
void dev_cflags(void)
@@ -804,7 +807,10 @@ int main(int argc, char **argv)
error("Error: Invalid number of jobs: %s", argv[i]);
}
} else if (strcmp(argv[i], "--static") == 0 || strcmp(argv[i], "-s") == 0) {
- check_and_add_cflag("-static", true);
+ check_and_add_cflag("-static-pie", false);
+ if (!check_c_flag("-static-pie")) {
+ check_and_add_cflag("-static", true);
+ }
} else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) {
show_help();
exit(0);
diff --git a/doc/USAGE.md b/doc/USAGE.md
index 50c0549..0aec268 100644
--- a/doc/USAGE.md
+++ b/doc/USAGE.md
@@ -1,7 +1,5 @@
-# Warning:
-Since rurima has not released v1.0, some usage/features may change in the future.
# Undocumented part:
-The `run` and `netns` subcommand is WIP, it should not be used by users.
+The `load`, `run`, `sfx` and `netns` subcommand is WIP, it should not be used by users.
# Image source:
rurima currently supports both lxc-mirror and dockerhub as container image source.
# Unified image puller:
@@ -13,7 +11,7 @@ rurima pull alpine:edge ./test
# pull hello-world to ./hello:
rurima pull hello-world ./hello
```
-it's a bit like cmdline of docker, but, it will try lxc-mirror first if it found that the image is available there.
+it's a bit like cmdline of docker, but, it will try lxc-mirror first, and auto switch to dockerhub if the image is not in lxc-mirror.
## Full options:
```
Usage: rurima pull [image]:[version] [savedir]
@@ -96,7 +94,7 @@ You can add your perfered mirrors for `-T` option to try them first, for example
`-i` and `-t` is required options for `config` and `pull` subcommand.
`-i` is also used for `search` subcommand for image name.
# lxc subcommand:
-# Full usage:
+## Full usage:
```
Usage: rurima lxc [subcommand] [options]
Subcommands:
@@ -117,5 +115,5 @@ Options:
Note: please remove `https://` prefix from mirror url.
For example: `-m images.linuxcontainers.org`
```
-# Note:
+## Note:
`-o`, `-s` and `-v` is required options for `pull` subcommand.
\ No newline at end of file
diff --git a/src/catsh b/src/catsh
index 9aff401..de9c525 160000
--- a/src/catsh
+++ b/src/catsh
@@ -1 +1 @@
-Subproject commit 9aff401e13a96664563c8e1d3b2c1e48d969ab57
+Subproject commit de9c525c0a375c7177fd05c9643bc11ba03bab09
diff --git a/src/ssfx b/src/ssfx
index 2c58626..5a7028f 160000
--- a/src/ssfx
+++ b/src/ssfx
@@ -1 +1 @@
-Subproject commit 2c5862681e5109a3cb4b214ab095faa14586d90a
+Subproject commit 5a7028f72493c28e282bb752dd74884e48219e01
diff --git a/src/subcommand.c b/src/subcommand.c
index ae4d8fe..f91c3e7 100644
--- a/src/subcommand.c
+++ b/src/subcommand.c
@@ -872,35 +872,5 @@ void rurima_load_rootfs(int argc, char **argv)
}
void rurima_sfx(int argc, char **_Nonnull argv)
{
- //
- if (self_is_valid_ssfx_master()) {
- rurima_log("{base}This is a valid rurima sfx master executable.\n");
- } else if (self_is_valid_ssfx_pack()) {
- rurima_log("{base}This is a valid rurima sfx packed executable.\n");
- } else if (self_is_valid_ssfx_other()) {
- rurima_log("{base}This is a valid rurima sfx other executable.\n");
- } else {
- rurima_log("{base}This is not a valid rurima sfx executable.\n");
- }
- cprintf("{red}Warning: rurima sfx feature is in development, do not use it anyway!\n");
- //
- if (argc == 0) {
- rurima_error("{red}No subcommand specified!\n");
- }
- if (strcmp(argv[0], "pack-self") == 0) {
- if (argc < 3) {
- rurima_error("{red}Usage: rurima sfx pack-self \n");
- }
- char *tar_exe_path = argv[1];
- char *output_file = argv[2];
- rurima_check_dir_deny_list(output_file);
- pack_ssfx_master(tar_exe_path, output_file);
- cprintf("{yellow}Warning: this feature is only for developers!\n");
- cprintf("{yellow}Warning: make sure that tar and rurima executable are compatible with target system!\n");
- cprintf("{yellow}Warning: make sure that tar and rurima executable are statically linked!\n");
- exit(0);
- }
- if (!self_is_valid_ssfx_master()) {
- rurima_error("{red}This executable is not a valid rurima sfx master!\n");
- }
+ rurima_error("{red}Not implemented yet!\n");
}
\ No newline at end of file