Remove unused capabilities feature and cleanup
COMMIT SUMMARY
--------------
Removes the entire capabilities feature (apt-install, packet-capture) that
was unused and not actively maintained. This simplifies the codebase and
removes unnecessary complexity around capability trust, helper processes,
and pod-based capture infrastructure.
CHANGES
-------
sloptrap (main script):
- Removed SLOPTRAP_SUPPORTED_CAPABILITIES array
- Removed --trust-capabilities CLI flag
- Removed capability state path management functions
- Removed capability trust validation functions
- Removed packet capture helper infrastructure (pod creation, helperd)
- Removed capability-enabled container special handling
- Removed capability build stamp tracking
- Simplified prepare_container_runtime() - removed capability logic
- Simplified build_image/rebuild_image - removed capability trust checks
- Simplified run_runtime_container_cmd - removed helper process management
- Removed capability environment variables and flags
- Simplified dispatch_target - removed --trust-capabilities handling
Dockerfile.sloptrap (new):
- Added new embedded Dockerfile template
- Removed capability helper binaries from image
- Simplified entrypoint to just codex directly
- Removed sloptrap-entrypoint, sloptrap-helperd, slop-apt, slopcap
- Removed CAPABILITY_PACKAGES build argument
- Simplified RUN instructions
tests/run_tests.sh:
- Removed run_git_ignore_mask test (was testing capability trust)
- Updated runtime_context_prompt test (removed --trust-capabilities)
- Updated sh_reexec test (removed --trust-capabilities)
- Updated resume_omits_runtime_context test (removed --trust-capabilities)
tests/capability_repo/.sloptrap (deleted):
- Removed test manifest that required capabilities
tests/invalid_manifest_capabilities/.sloptrap (deleted):
- Removed test manifest for capability validation
REASON
------
The capabilities feature was identified as unused and unnecessary.
Maintaining it added complexity without providing value. Removing it:
- Reduces code complexity and maintenance burden
- Eliminates capability trust state management
- Removes helper process infrastructure
- Simplifies container build and runtime logic
- Removes pod-based capture infrastructure
VERIFICATION
------------
- All 14 regression tests pass
- shellcheck sloptrap passes with no warnings
- No regressions in core functionality (ignore mounts, session management,
network isolation, etc.)
BACKWARD COMPATIBILITY
----------------------
Breaking change: Any manifests with capabilities= entries will need to be
updated to remove the capabilities key. The --trust-capabilities flag is
no longer supported.
This commit is contained in:
Samuel Aubertin
28
Dockerfile.sloptrap
Normal file
28
Dockerfile.sloptrap
Normal file
@@ -0,0 +1,28 @@
|
||||
# Dockerfile.sloptrap
|
||||
ARG BASE_IMAGE=debian:trixie-slim
|
||||
FROM ${BASE_IMAGE}
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
ARG BASE_PACKAGES="curl bash ca-certificates libstdc++6 ripgrep xxd file procps util-linux"
|
||||
ARG EXTRA_PACKAGES=""
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends apt-utils ${BASE_PACKAGES} ${EXTRA_PACKAGES} \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ARG CODEX_UID=1337
|
||||
ARG CODEX_GID=1337
|
||||
RUN groupadd --gid ${CODEX_GID} sloptrap \
|
||||
&& useradd --create-home --home-dir /home/sloptrap \
|
||||
--gid sloptrap --uid ${CODEX_UID} --shell /bin/bash sloptrap
|
||||
|
||||
ARG CODEX_BIN=codex
|
||||
ARG CODEX_CONF=config/config.toml
|
||||
COPY ${CODEX_BIN} /usr/local/bin/codex
|
||||
RUN chmod 0755 /usr/local/bin/codex \
|
||||
&& chown -R sloptrap:sloptrap /home/sloptrap
|
||||
|
||||
WORKDIR /workspace
|
||||
|
||||
ENV SHELL=/bin/bash HOME=/home/sloptrap
|
||||
ENTRYPOINT ["/usr/local/bin/codex"]
|
||||
Reference in New Issue
Block a user