devenv: Add tmt and nushell (#103)

cgwalters · web-flow · commit 491e95073ec0 · 2026-02-13T10:04:17.000-05:00
Prep for #55 among others. Assisted-by: OpenCode (Sonnet 4.5) Signed-off-by: Colin Walters <walters@verbum.org>
diff --git a/devenv/.dockerignore b/devenv/.dockerignore
@@ -14,6 +14,7 @@
 !devenv-init.sh
 !fetch-tools.sh
 !install-rust.sh
+!install-uv.sh
 !install-kani.sh
 !devenv-selftest.sh
 !userns-setup
diff --git a/devenv/Containerfile.c10s b/devenv/Containerfile.c10s
@@ -30,8 +30,13 @@ FROM base as tools
 ARG bcvkversion=v0.9.0
 # renovate: datasource=github-releases depName=ossf/scorecard
 ARG scorecardversion=v5.1.1
-COPY fetch-tools.sh /run/src/
-RUN bcvkversion=$bcvkversion scorecardversion=$scorecardversion /run/src/fetch-tools.sh
+# renovate: datasource=github-releases depName=nushell/nushell
+ARG nushellversion=0.110.0
+# renovate: datasource=github-releases depName=astral-sh/uv
+ARG uvversion=0.10.2
+COPY fetch-tools.sh install-uv.sh /run/src/
+RUN bcvkversion=$bcvkversion scorecardversion=$scorecardversion nushellversion=$nushellversion /run/src/fetch-tools.sh
+RUN uvversion=$uvversion /run/src/install-uv.sh
 
 FROM base as rust
 COPY install-rust.sh /run/src/
@@ -73,6 +78,9 @@ COPY --from=kani /usr/local/kani /usr/local/kani
 ENV RUSTUP_HOME=/usr/local/rustup
 # Point Kani at the system-wide installation
 ENV KANI_HOME=/usr/local/kani
+# Configure uv for system-wide tool installation
+ENV UV_TOOL_DIR=/usr/local/uv-tools
+ENV UV_TOOL_BIN_DIR=/usr/local/bin
 # Setup for codespaces
 COPY devenv-init.sh /usr/local/bin/
 COPY userns-setup /usr/lib/devenv/userns-setup
diff --git a/devenv/Containerfile.debian b/devenv/Containerfile.debian
@@ -7,6 +7,9 @@ RUN ln -sfr /bin/bash /bin/sh
 RUN <<EORUN
 set -xeuo pipefail
 
+# Disable apt sandboxing for nested container environments
+echo 'APT::Sandbox::User "root";' > /etc/apt/apt.conf.d/99sandbox-disable
+
 # Initialize some basic packages
 apt -y update && apt -y install curl time bzip2
 
@@ -30,8 +33,13 @@ FROM base as tools
 ARG bcvkversion=v0.9.0
 # renovate: datasource=github-releases depName=ossf/scorecard
 ARG scorecardversion=v5.1.1
-COPY fetch-tools.sh /run/src/
-RUN bcvkversion=$bcvkversion scorecardversion=$scorecardversion /run/src/fetch-tools.sh
+# renovate: datasource=github-releases depName=nushell/nushell
+ARG nushellversion=0.110.0
+# renovate: datasource=github-releases depName=astral-sh/uv
+ARG uvversion=0.10.2
+COPY fetch-tools.sh install-uv.sh /run/src/
+RUN bcvkversion=$bcvkversion scorecardversion=$scorecardversion nushellversion=$nushellversion /run/src/fetch-tools.sh
+RUN uvversion=$uvversion /run/src/install-uv.sh
 
 FROM base as rust
 COPY install-rust.sh /run/src/
@@ -59,6 +67,14 @@ EORUN
 COPY npm.txt /run/src
 RUN grep -vEe '^#' npm.txt | /bin/time -f '%E %C' xargs npm i -g
 
+# Install tmt via uv tool install for isolated environment
+# UV_TOOL_DIR and UV_TOOL_BIN_DIR set to system-wide locations like rustup
+COPY --from=tools /usr/local/bin/uv /usr/local/bin/uv
+COPY --from=tools /usr/local/bin/uvx /usr/local/bin/uvx
+ENV UV_TOOL_DIR=/usr/local/uv-tools
+ENV UV_TOOL_BIN_DIR=/usr/local/bin
+RUN uv tool install 'tmt[provision-virtual]'
+
 # Copy in the binaries from our tools container image
 COPY --from=tools /usr/local/bin/* /usr/local/bin/
 COPY --from=kani /usr/local/bin/* /usr/local/bin/
diff --git a/devenv/README.md b/devenv/README.md
@@ -4,8 +4,16 @@ This container image is suitable for use on
 developing projects in the bootc-dev organization,
 especially bootc.
 
-It includes all tools used in the Justfile
-for relevant projects.
+The goal is to make this completely usable as a devcontainer
+with tools such as VSCode remote containers, Codespaces,
+[devpod](https://devpod.sh/) and others.
+
+Specifically this includes e.g.:
+
+- Rust and C/C++ toolchains
+- `nu`
+- [tmt](https://tmt.readthedocs.io/)
+- [Kani](https://model-checking.github.io/kani/usage.html) for system verification
 
 ## Base image
 
diff --git a/devenv/devenv-init.sh b/devenv/devenv-init.sh
@@ -1,3 +1,6 @@
 #!/bin/bash
-# Thin wrapper that calls the Python implementation
-exec python3 /usr/lib/devenv/userns-setup "$@"
+# Initialize development environment
+set -euo pipefail
+
+# Set up podman for nested containers
+python3 /usr/lib/devenv/userns-setup "$@"
diff --git a/devenv/fetch-tools.sh b/devenv/fetch-tools.sh
@@ -6,6 +6,7 @@ set -xeuo pipefail
 # Required environment variables (passed as build ARGs)
 : "${bcvkversion:?bcvkversion is required}"
 : "${scorecardversion:?scorecardversion is required}"
+: "${nushellversion:?nushellversion is required}"
 
 arch=$(arch)
 
@@ -42,3 +43,22 @@ td=$(mktemp -d)
   mv scorecard /usr/local/bin/scorecard
 )
 rm -rf $td
+
+# nushell - modern shell
+td=$(mktemp -d)
+(
+  cd $td
+  # Map arch to nushell naming convention
+  case "${arch}" in
+    x86_64) nuarch=x86_64 ;;
+    aarch64) nuarch=aarch64 ;;
+    *) echo "nushell unavailable for $arch"; return 0 ;;
+  esac
+  target=nu-${nushellversion}-${nuarch}-unknown-linux-gnu.tar.gz
+  /bin/time -f '%E %C' curl -fLO https://github.com/nushell/nushell/releases/download/$nushellversion/$target
+  tar xvzf $target
+  # The extracted directory has the same name as the archive without .tar.gz
+  extracted_dir=nu-${nushellversion}-${nuarch}-unknown-linux-gnu
+  mv $extracted_dir/nu /usr/local/bin/nu
+)
+rm -rf $td
diff --git a/devenv/install-uv.sh b/devenv/install-uv.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Install uv system-wide into /usr/local
+# This script is shared between c10s and debian container builds.
+# Similar to rustup, we install the binary to /usr/local/bin and configure
+# tools to be installed system-wide via environment variables.
+set -xeuo pipefail
+
+: "${uvversion:?uvversion is required}"
+
+arch=$(arch)
+
+# Map arch to uv naming convention
+case "${arch}" in
+  x86_64) uvarch=x86_64 ;;
+  aarch64) uvarch=aarch64 ;;
+  *) echo "uv unavailable for $arch"; exit 1 ;;
+esac
+
+target=uv-${uvarch}-unknown-linux-gnu.tar.gz
+
+td=$(mktemp -d)
+(
+  cd $td
+  /bin/time -f '%E %C' curl -fLO https://github.com/astral-sh/uv/releases/download/${uvversion}/$target
+  tar xvzf $target
+  # The extracted directory has the same name as the archive without .tar.gz
+  extracted_dir=uv-${uvarch}-unknown-linux-gnu
+  mv $extracted_dir/uv /usr/local/bin/uv
+  mv $extracted_dir/uvx /usr/local/bin/uvx
+)
+rm -rf $td
+
+# Verify installation
+/usr/local/bin/uv --version
diff --git a/devenv/packages-c10s.txt b/devenv/packages-c10s.txt
@@ -12,5 +12,8 @@ xorriso
 qemu-img
 libvirt-daemon-kvm
 
+# Testing framework
+tmt
+
 # TUI editors
 vim-enhanced
diff --git a/devenv/packages-debian.txt b/devenv/packages-debian.txt
@@ -7,6 +7,9 @@ libkrb5-dev
 libvirt-dev
 libostree-dev
 
+# Python dev headers (needed for uv to build libvirt-python from source for tmt)
+python3-dev
+
 # Runtime virt
 genisoimage
 qemu-utils
