Modifies container.sh and x11.yaml to automatically check for stale cookies (#558)

# Description NOTE: This is a redo of https://github.com/isaac-orbit/IsaacLab/pull/524, only rebased onto new main and with changes to work with Isaac Lab. Copied from other PR: Modifies container.sh and x11.yaml to automatically check if a tmp.***.xauth file has a stale MIT-MAGIC-COOKIE-1, and refreshes it if so. In the instance where an xsession ends after a `tmp.***.xauth` file has been created, but the system is not rebooted (thus deleting `tmp.***.xauth`) then attempting to use the container causes errors. This is a feature to correct for this upon `container.sh enter` by: 1. Mounting an entire `/tmp` subdirectory so that we can swap files 2. Checking for stale cookies by comparing against the current user's cookie 3. If stale, replacing the old `tmp.***.xauth` with a new `tmp.***.xauth` of the same name but a new cookie, in order to preserve functionality of envars. ## Type of change  - New feature (non-breaking change which adds functionality) ## Checklist - [x] I have run the [`pre-commit` checks](https://pre-commit.com/) with `./orbit.sh --format` - [ ] I have made corresponding changes to the documentation - [x] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] I have run all the tests with `./orbit.sh --test` and they pass - [ ] I have updated the changelog and the corresponding version in the extension's `config/extension.toml` file - [x] I have added my name to the `CONTRIBUTORS.md` or my name already exists there --------- Signed-off-by: James Smith <142246516+jsmith-bdai@users.noreply.github.com> Co-authored-by: Hunter Hansen <50837800+hhansen-bdai@users.noreply.github.com>

Modifies container.sh and x11.yaml to automatically check for stale cookies (#558)
# Description NOTE: This is a redo of https://github.com/isaac-orbit/IsaacLab/pull/524, only rebased onto new main and with changes to work with Isaac Lab. Copied from other PR: Modifies container.sh and x11.yaml to automatically check if a tmp.***.xauth file has a stale MIT-MAGIC-COOKIE-1, and refreshes it if so. In the instance where an xsession ends after a `tmp.***.xauth` file has been created, but the system is not rebooted (thus deleting `tmp.***.xauth`) then attempting to use the container causes errors. This is a feature to correct for this upon `container.sh enter` by: 1. Mounting an entire `/tmp` subdirectory so that we can swap files 2. Checking for stale cookies by comparing against the current user's cookie 3. If stale, replacing the old `tmp.***.xauth` with a new `tmp.***.xauth` of the same name but a new cookie, in order to preserve functionality of envars. ## Type of change  - New feature (non-breaking change which adds functionality) ## Checklist - [x] I have run the [`pre-commit` checks](https://pre-commit.com/) with `./orbit.sh --format` - [ ] I have made corresponding changes to the documentation - [x] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] I have run all the tests with `./orbit.sh --test` and they pass - [ ] I have updated the changelog and the corresponding version in the extension's `config/extension.toml` file - [x] I have added my name to the `CONTRIBUTORS.md` or my name already exists there --------- Signed-off-by: James Smith <142246516+jsmith-bdai@users.noreply.github.com> Co-authored-by: Hunter Hansen <50837800+hhansen-bdai@users.noreply.github.com>
e6446929 · James Smith · Mayank Mittal · 7b92c575 · e6446929 · e6446929
Commit e6446929 authored Jul 17, 2024 by James Smith Committed by Mayank Mittal Aug 02, 2024
Show whitespace changes
Inline Side-by-side

Showing with 29 additions and 7 deletions

container.sh docker/container.sh +25 -3

x11.yaml docker/x11.yaml +4 -4

No files found.
--- a/docker/container.sh
+++ b/docker/container.sh
@@ -192,16 +192,19 @@ configure_x11() {
        install_xauth
    fi
    load_statefile_variable __ISAACLAB_TMP_XAUTH
+    __ISAACLAB_TMP_DIR=/tmp/isaaclab_tmp_xauth/
    # Create temp .xauth file to be mounted in the container
    if [ "$__ISAACLAB_TMP_XAUTH" = "null" ] || [ ! -f "$__ISAACLAB_TMP_XAUTH" ]; then
-        __ISAACLAB_TMP_XAUTH=$(mktemp --suffix=".xauth")
+        mkdir -p "${__ISAACLAB_TMP_DIR}"
+        __ISAACLAB_TMP_XAUTH=$(mktemp --suffix=".xauth" --tmpdir="${__ISAACLAB_TMP_DIR}")
        set_statefile_variable __ISAACLAB_TMP_XAUTH $__ISAACLAB_TMP_XAUTH
        # Extract MIT-MAGIC-COOKIE for current display | Change the 'connection family' to FamilyWild (ffff) | merge into tmp .xauth file
        # https://www.x.org/archive/X11R6.8.1/doc/Xsecurity.7.html#toc3
-        xauth_cookie= xauth nlist ${DISPLAY} | sed -e s/^..../ffff/ | xauth -f $__ISAACLAB_TMP_XAUTH nmerge -
+        xauth nlist ${DISPLAY} | sed -e s/^..../ffff/ | xauth -f $__ISAACLAB_TMP_XAUTH nmerge -
    fi
    # Export here so it's an envvar for the called Docker commands
    export __ISAACLAB_TMP_XAUTH
+    export __ISAACLAB_TMP_DIR
    add_yamls="$add_yamls --file x11.yaml "
    # TODO: Add check to make sure Xauth file is correct
 }
@@ -235,6 +238,24 @@ x11_check() {
    fi
 }

+x11_update() {
+    # Check if the MIT-MAGIC-COOKIE-1 in __ISAACLAB_TMP_XAUTH
+    # is the same as the current DISPLAY's. If not, generate
+    # a new .xauth file with the current MIT-MAGIC-COOKIE-1,
+    # using the same filename so that the bind-mount and
+    # XAUTHORITY var from build-time still work
+    load_statefile_variable __ISAACLAB_TMP_XAUTH
+    if ! [ "$__ISAACLAB_TMP_XAUTH" = "null" ] && [ -f "$__ISAACLAB_TMP_XAUTH" ]; then
+        tmp_cookie=$(xauth -f "$__ISAACLAB_TMP_XAUTH" list | awk '$2 == "MIT-MAGIC-COOKIE-1" {print $3; exit}')
+        current_cookie=$(xauth list "${DISPLAY}" | awk '$2 == "MIT-MAGIC-COOKIE-1" {print $3; exit}')
+        if ! [ "${tmp_cookie}" = "{$current_cookie}" ]; then
+            rm "$__ISAACLAB_TMP_XAUTH"
+            touch "$__ISAACLAB_TMP_XAUTH"
+            xauth nlist ${DISPLAY} | sed -e s/^..../ffff/ | xauth -f $__ISAACLAB_TMP_XAUTH nmerge -
+        fi
+    fi
+}
+
 x11_cleanup() {
    load_statefile_variable __ISAACLAB_TMP_XAUTH
    if ! [ "$__ISAACLAB_TMP_XAUTH" = "null" ] && [ -f "$__ISAACLAB_TMP_XAUTH" ]; then
@@ -323,9 +344,10 @@ case $mode in
    enter)
        # Check that desired container is running, exit if it isn't
        is_container_running isaac-lab-$container_profile
+        x11_update
        echo "[INFO] Entering the existing 'isaac-lab-$container_profile' container in a bash session..."
        pushd ${SCRIPT_DIR} > /dev/null 2>&1
-        docker exec --interactive --tty isaac-lab-$container_profile bash
+        docker exec --interactive --tty -e DISPLAY=$DISPLAY isaac-lab-$container_profile bash
        popd > /dev/null 2>&1
        ;;
    copy)

--- a/docker/x11.yaml
+++ b/docker/x11.yaml
@@ -7,8 +7,8 @@ services:
      - XAUTHORITY=${__ISAACLAB_TMP_XAUTH}
    volumes:
    - type: bind
-      source: ${__ISAACLAB_TMP_XAUTH}
-      target: ${__ISAACLAB_TMP_XAUTH}
+      source: ${__ISAACLAB_TMP_DIR}
+      target: ${__ISAACLAB_TMP_DIR}
    - type: bind
      source: /tmp/.X11-unix
      target: /tmp/.X11-unix
@@ -25,8 +25,8 @@ services:
      - XAUTHORITY=${__ISAACLAB_TMP_XAUTH}
    volumes:
    - type: bind
-      source: ${__ISAACLAB_TMP_XAUTH}
-      target: ${__ISAACLAB_TMP_XAUTH}
+      source: ${__ISAACLAB_TMP_DIR}
+      target: ${__ISAACLAB_TMP_DIR}
    - type: bind
      source: /tmp/.X11-unix
      target: /tmp/.X11-unix