lxc: 2.0.7 -> 3.2.1

author: Tim Biermann <tbier@posteo.de> 2019-10-05 07:42:07 +0200
committer: Tim Biermann <tbier@posteo.de> 2019-10-05 07:42:07 +0200
commit: dea790adab378bcdff2ab194d66aadb890c5188a (patch)
tree: 06dc5980ac72fca8f33254a39fb72101c53c691b /lxc
parent: a2474a33a35ee7ceb18e2d9b6681033bf163219d (diff)
download: contrib-dea790adab378bcdff2ab194d66aadb890c5188a.tar.gz
contrib-dea790adab378bcdff2ab194d66aadb890c5188a.tar.xz
8 files changed, 196 insertions, 15 deletions
diff --git a/lxc/.signature b/lxc/.signature
index 54901c257..137620f1c 100644
--- a/lxc/.signature
+++ b/lxc/.signature
@@ -1,6 +1,12 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF3zfHrAz0MlSoLWAhiHW4QVOEFHIY9BkuwCCIkqT8umk3z8olUUEW/O7qeI6MhwxaLIpQo6TUqEoCMuPL1BkJ7gE=
-SHA256 (Pkgfile) = e066b66764b6887df2f529b324fb85dc6be711e40c782bb6843a9d3f7c5e8791
+RWSagIOpLGJF313PwTwnUheHG/tJ/HxNhGvF+DucRdJyivB4ObzGU1FKWGpBgsQVo6fYbeCQD9GPi0wNU0kSe/6NEy53Pk+sdQU=
+SHA256 (Pkgfile) = 54c1895e84fb203b10441f88ac3d857fbc438dbced5abbce8781d790aed0c47e
 SHA256 (.footprint) = 920a21cb890fc0f44d0be2dc845217917692948036a9f984a5eea3c00aaa2e47
-SHA256 (lxc-2.0.7.tar.gz) = 1c09c075f06ec029f86fa6370c7d379494ff4c66a129eda17af7b7b41e055f5d
+SHA256 (lxc-3.2.1.tar.gz) = 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4
 SHA256 (man-pages.tar.xz) = 9c78897c8057cf8be5873382d6d03bf54fb3e032279126560552166c0ea7481a
+SHA256 (default.conf) = 6739fe54ffe7924a63fd47d8ff4b453e08b78bbd1b08e4426504b8f740e8b55f
+SHA256 (lxc-usernet) = 83c30e9489fffd7bf815e312860e2c9b3022a0f422570d35a19eb021b433fe0f
+SHA256 (lxc-users-setup) = 995f72d2284334ab84790951cfbf91d9b7016f4a93a3c51d774dea0e04e8000b
+SHA256 (lxc-users) = 7b58fae4b1551c63d7839560875e4f8461aade852f33611a8a8319957f23b0eb
+SHA256 (lxc-cgroups) = 6cdc6b76c438dfbcacf7ccd20ae9190ca5d12bad9fba60c5d77052c0e3f9258b
+SHA256 (lxc-net) = 4e597a3ebb896ff852d54d4add562945bcf91e1005f3963ee7cbfc82606fcf2c
diff --git a/lxc/Pkgfile b/lxc/Pkgfile
index 1e85852c4..2e44a9f80 100644
--- a/lxc/Pkgfile
+++ b/lxc/Pkgfile
@@ -1,26 +1,52 @@
 # Description: container namespace cgroup virtualisation for linux guests
-# URL:         https://linuxcontainers.org/lxc
-# Maintainer:  Thomas Penteker, tek at serverop dot de
+# URL: https://linuxcontainers.org/lxc
+# Maintainer: Thomas Penteker, tek at serverop dot de
+# Depends: libseccomp
+# Optional: gnupg dnsmasq
 
 name=lxc
-version=2.0.7
+version=3.2.1
 release=1
-source=(http://lxc.sourceforge.net/download/lxc-$version.tar.gz
-        man-pages.tar.xz)
+source=(https://linuxcontainers.org/downloads/$name/$name-$version.tar.gz
+        man-pages.tar.xz
+        default.conf
+        lxc-usernet
+        lxc-users-setup
+        lxc-users
+        lxc-cgroups
+        lxc-net)
 
 build() {
   cd $name-$version
   ./configure --prefix=/usr \
-              --mandir=/usr/man \
-              --libexecdir=/usr/lib \
-              --sysconfdir=/etc
+    --mandir=/usr/share/man \
+    --libexecdir=/usr/lib \
+    --localstatedir=/var \
+    --sysconfdir=/etc \
+    --enable-pam \
+    --with-pamdir=/lib/security \
+    --disable-apparmor \
+    --with-init-script=sysvinit
 
   make
   make DESTDIR=$PKG install
-  
-  install -d $PKG/usr/man 
 
-  mv $SRC/man* $PKG/usr/man
+  install -d $PKG/usr/share/man
+  install -d $PKG/var/lib/misc
+
+  install -m 0755 $SRC/lxc-users-setup $PKG/usr/sbin/
+  mv $SRC/man* $PKG/usr/share/man
   rm -rf $PKG/usr/lib/lxc/rootfs/README $PKG/usr/share/doc
-  rm -rf $PKG/etc/default $PKG/usr/share/lxc/config/common.conf.d/README
+  rm -rf $PKG/usr/share/lxc/config/common.conf.d/README
+  mv $PKG/etc/rc.d/init.d/* $PKG/etc/rc.d/
+  install -m755 $SRC/lxc-cgroups $PKG/etc/rc.d/
+  install -m755 $SRC/lxc-users $PKG/etc/rc.d/
+  rmdir $PKG/etc/rc.d/init.d/
+  install -m644 $SRC/lxc-net $PKG/etc/default/
+  rm $PKG/etc/lxc/default.conf
+  install -m644 $SRC/default.conf $PKG/etc/lxc/
+  install -m644 $SRC/lxc-usernet $PKG/etc/lxc/
+  if [ "$(prt-get isinst bash-completion)" = 'package bash-completion is not installed' ]; then
+    rm -fr $PKG/etc/bash_completion.d;
+  fi
 }
diff --git a/lxc/default.conf b/lxc/default.conf
new file mode 100644
index 000000000..7a0971a7d
--- /dev/null
+++ b/lxc/default.conf
@@ -0,0 +1,7 @@
+# Uncomment to create unprivileged containers
+#lxc.idmap = u 0 100000 65536
+#lxc.idmap = g 0 100000 65536
+
+# Network configuration
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
diff --git a/lxc/lxc-cgroups b/lxc/lxc-cgroups
new file mode 100644
index 000000000..c920d44cc
--- /dev/null
+++ b/lxc/lxc-cgroups
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# /etc/rc.d/lxc-cgroups: setup lxc cgroups
+#
+
+if test ! -f /proc/cgroups
+then
+    echo 'cgroups are not enabled on this kernel.'
+    exit 1
+fi
+
+case $1 in
+    start)
+        # Mount system cgroups.
+        mount -t tmpfs -o nosuid,nodev,noexec,mode=0755 tmpfs /sys/fs/cgroup
+        for i in $(awk '!/^#/{if($4==1){print$1}}' /proc/cgroups)
+        do
+            mkdir /sys/fs/cgroup/$i
+            mount -t cgroup -o nosuid,nodev,noexec,$i cgroup /sys/fs/cgroup/$i
+        done
+        mkdir /sys/fs/cgroup/systemd
+        mount -t cgroup -o nosuid,nodev,noexec,none,name=systemd cgroup /sys/fs/cgroup/systemd
+        mkdir /sys/fs/cgroup/unified
+        mount -t cgroup2 -o nosuid,nodev,noexec cgroup /sys/fs/cgroup/unified
+        mount -o ro,remount /sys/fs/cgroup
+        # Setup user cgroups.
+        if test -f /etc/lxc/lxc-usernet
+        then
+            test -f /sys/fs/cgroup/cpuset/cgroup.clone_children && echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children
+            test -f /sys/fs/cgroup/memory/memory.use_hierarchy  && echo 1 > /sys/fs/cgroup/memory/memory.use_hierarchy
+            for i in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet)
+            do
+                for j in /sys/fs/cgroup/*
+                do
+                    test $j = /sys/fs/cgroup/unified && continue
+                    mkdir -m 0755 -p $j/$i
+                    chown -R $i $j/$i
+                done
+            done
+        fi
+        ;;
+    stop)
+        umount -R /sys/fs/cgroup
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
+        echo "Usage: $0 [start|stop|restart]"
+        ;;
+esac
+
+# End of file
diff --git a/lxc/lxc-net b/lxc/lxc-net
new file mode 100644
index 000000000..5d52f62e1
--- /dev/null
+++ b/lxc/lxc-net
@@ -0,0 +1 @@
+USE_LXC_BRIDGE="true"
diff --git a/lxc/lxc-usernet b/lxc/lxc-usernet
new file mode 100644
index 000000000..64e336f14
--- /dev/null
+++ b/lxc/lxc-usernet
@@ -0,0 +1,3 @@
+# Edit this file to allow unprivileged users to create network devices for LXC containers.
+# Example Entry:
+# $USER veth lxcbr0 8
diff --git a/lxc/lxc-users b/lxc/lxc-users
new file mode 100644
index 000000000..275db7eea
--- /dev/null
+++ b/lxc/lxc-users
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# /etc/rc.d/lxc-users: start/stop LXC user containers
+#
+
+if test ! -f /etc/lxc/lxc-usernet
+then
+    echo 'LXC not configured for user containers.'
+    exit 1
+fi
+
+[ -f /etc/default/lxc ] && . /etc/default/lxc
+
+case $1 in
+    start)
+        [ "$LXC_AUTO" = true ] || exit 0
+        [ ! -f /var/lock/lxc-users ] || exit 0
+        [ -n "$BOOTGROUPS" ] && BOOTGROUPS="-g $BOOTGROUPS"
+        touch /var/lock/lxc-users
+        for user in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet)
+        do
+            sudo -u $user -i -- lxc-autostart $OPTIONS $BOOTGROUPS
+        done
+        rm -f /var/lock/lxc-users
+        ;;
+    stop)
+        [ -n "$SHUTDOWNDELAY" ] && SHUTDOWNDELAY="-t SHUTDOWNDELAY"
+        for user in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet)
+        do
+            sudo -u $user -i -- lxc-autostart $STOPOPTS $SHUTDOWNDELAY
+        done
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
+        echo "Usage: $0 [start|stop|restart]"
+        ;;
+esac
+
+# End of file
diff --git a/lxc/lxc-users-setup b/lxc/lxc-users-setup
new file mode 100644
index 000000000..1fc248677
--- /dev/null
+++ b/lxc/lxc-users-setup
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+if test $(id -u) -ne 0
+then
+    echo 'This must be run as root.'
+    exit 1
+fi
+
+write_profile() {
+    test -f $1 || touch $1 && chown $uid:$gid $1
+    if ! grep -q '# lxc-users-setup' $1
+    then
+        echo 'for i in /sys/fs/cgroup/*/$USER/tasks; do test -w $i && echo $$ > $i; done # lxc-users-setup' >> $1
+    fi
+}
+
+for i in $(awk '!/^#/{if($1!~"@"){print$1}}' /etc/lxc/lxc-usernet)
+do
+    passwd=$(getent passwd $i)
+    user=$(echo $passwd | cut -d : -f 1)
+    uid=$(echo $passwd | cut -d : -f 3)
+    gid=$(echo $passwd | cut -d : -f 4)
+    home=$(echo $passwd | cut -d : -f 6)
+    test -f '/etc/subuid' || touch '/etc/subuid'
+    if ! grep -qE "^($user|$uid):100000:65536\$" '/etc/subuid'
+    then
+        usermod -V 0-4294967295 -v 100000-165535 $user
+    fi
+    test -f '/etc/subgid' || touch '/etc/subgid'
+    if ! grep -qE "^($user|$uid):100000:65536\$" '/etc/subgid'
+    then
+        usermod -W 0-4294967295 -w 100000-165535 $user
+    fi
+    write_profile $home/.bash_profile
+    write_profile $home/.zprofile
+    if ! test -f $home/.config/lxc/default.conf
+    then
+        mkdir -p $home/.config/lxc
+        echo 'lxc.include = /etc/lxc/default.conf' > $home/.config/lxc/default.conf
+        chown $uid:$gid $home/.config $home/.config/lxc $home/.config/lxc/default.conf
+    fi
+done
author	Tim Biermann <tbier@posteo.de>	2019-10-05 07:42:07 +0200
committer	Tim Biermann <tbier@posteo.de>	2019-10-05 07:42:07 +0200
commit	dea790adab378bcdff2ab194d66aadb890c5188a (patch)
tree	06dc5980ac72fca8f33254a39fb72101c53c691b /lxc
parent	a2474a33a35ee7ceb18e2d9b6681033bf163219d (diff)
download	contrib-dea790adab378bcdff2ab194d66aadb890c5188a.tar.gz contrib-dea790adab378bcdff2ab194d66aadb890c5188a.tar.xz