diff --git a/.abf.yml b/.abf.yml index bb76b1f..8fea7f0 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,2 +1,5 @@ sources: - lxc-2.0.8.tar.gz: 65883786c24312ab36e53231e312d94851957516 + lua-lxc-3.0.2.tar.gz: bb958257c86b70f9bde90c604f7fbe7de971d61f + lxc-4.0.5.tar.gz: 357d13be8bbf6513b7db7fd55adf834944eff735 + lxc-templates-3.0.4.tar.gz: 8a726151ff3fe0e51950783cccee39608fb4ccac + python3-lxc-3.0.4.tar.gz: 1f1251146d7828d6d27080cd0730458c74fc6a34 diff --git a/dnsmasq-rule b/dnsmasq-rule new file mode 100644 index 0000000..2344426 --- /dev/null +++ b/dnsmasq-rule @@ -0,0 +1,7 @@ +# Tell any system-wide dnsmasq instance to make sure to bind to interfaces +# instead of listening on 0.0.0.0 +# WARNING: changes to this file will get lost if lxc is removed. +bind-interfaces +listen-address=10.0.3.1 +dhcp-range=10.0.3.2,10.0.3.254 +interface=lxcbr0 diff --git a/fix-systemd-path.patch b/fix-systemd-path.patch new file mode 100644 index 0000000..6eb86cd --- /dev/null +++ b/fix-systemd-path.patch @@ -0,0 +1,11 @@ +--- lxc-1.0.5/config/init/systemd/Makefile.am.0003~ 2014-08-29 10:25:23.586235868 +0200 ++++ lxc-1.0.5/config/init/systemd/Makefile.am 2014-08-29 10:26:47.246189975 +0200 +@@ -3,7 +3,7 @@ EXTRA_DIST = \ + lxc.service + + if INIT_SCRIPT_SYSTEMD +-SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system ++SYSTEMD_UNIT_DIR = /lib/systemd/system + + lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status + $(AM_V_GEN)sed \ diff --git a/ifcfg-lxcbr0 b/ifcfg-lxcbr0 new file mode 100644 index 0000000..e0f171f --- /dev/null +++ b/ifcfg-lxcbr0 @@ -0,0 +1,6 @@ +DEVICE="lxcbr0" +TYPE="Bridge" +BOOTPROTO="static" +IPADDR=10.0.3.1 +NETMASK=255.255.255.0 +ONBOOT="yes" diff --git a/lxc-3.1.0-python-linkage.patch b/lxc-3.1.0-python-linkage.patch new file mode 100644 index 0000000..87837ad --- /dev/null +++ b/lxc-3.1.0-python-linkage.patch @@ -0,0 +1,13 @@ +diff -up lxc-3.1.0/python3-lxc-3.0.4/setup.py.omv~ lxc-3.1.0/python3-lxc-3.0.4/setup.py +--- lxc-3.1.0/python3-lxc-3.0.4/setup.py.omv~ 2018-12-18 23:25:39.983905986 +0100 ++++ lxc-3.1.0/python3-lxc-3.0.4/setup.py 2018-12-18 23:26:45.824787110 +0100 +@@ -59,6 +59,9 @@ class LxcBuildExtCommand(BuildExtCommand + self.no_pkg_config = False + + def build_extensions(self): ++ self.compiler.add_include_dir('../src') ++ self.compiler.add_library_dir('../src/lxc') ++ self.compiler.add_library_dir('../src/lxc/.libs') + if not self.no_pkg_config: + pkg_config_executable = os.environ.get('PKG_CONFIG_EXECUTABLE', + 'pkg-config') diff --git a/lxc-templates-openmandriva.patch b/lxc-templates-openmandriva.patch new file mode 100644 index 0000000..048f549 --- /dev/null +++ b/lxc-templates-openmandriva.patch @@ -0,0 +1,677 @@ +diff -up lxc-4.0.4/lxc-templates-3.0.4/templates/lxc-openmandriva.in.omv~ lxc-4.0.4/lxc-templates-3.0.4/templates/lxc-openmandriva.in +--- lxc-4.0.4/lxc-templates-3.0.4/templates/lxc-openmandriva.in.omv~ 2020-09-05 04:53:14.855357587 +0200 ++++ lxc-4.0.4/lxc-templates-3.0.4/templates/lxc-openmandriva.in 2020-09-05 05:03:24.410757803 +0200 +@@ -10,6 +10,7 @@ + # Authors: + # Alexander Khryukin + # Vokhmin Alexey V ++# Bernhard Rosenkraenzer + + # This library is free software; you can redistribute it and/or + # modify it under the terms of the GNU Lesser General Public +@@ -28,12 +29,12 @@ + + # Detect use under userns (unsupported) + for arg in "$@"; do +- [ "$arg" = "--" ] && break +- if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then +- echo "This template can't be used for unprivileged containers." 1>&2 +- echo "You may want to try the \"download\" template instead." 1>&2 +- exit 1 +- fi ++ [ "$arg" = "--" ] && break ++ if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then ++ echo "This template can't be used for unprivileged containers." 1>&2 ++ echo "You may want to try the \"download\" template instead." 1>&2 ++ exit 1 ++ fi + done + + # Make sure the usual locations are in PATH +@@ -50,184 +51,183 @@ lxc_network_type=veth +-lxc_network_link=br0 ++lxc_network_link=lxcbr0 + + # is this openmandriva? +-[ -f /etc/mandriva-release ] && is_openmandriva=true ++grep -q OpenMandriva /etc/os-release && is_openmandriva=true + + configure_openmandriva() + { +-mkdir -p ${rootfs_path}/etc/sysconfig/network-scripts/ ++ # set the hostname ++ echo "${utsname}" > ${rootfs_path}/etc/hostname + +- # configure the network using the dhcp +- cat < ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 +-DEVICE=eth0 +-ONBOOT=yes +-BOOTPROTO=dhcp +-NM_CONTROLLED=no +-HOSTNAME=${utsname} +-EOF +- +- # set the hostname +- cat < ${rootfs_path}/etc/sysconfig/network +-NETWORKING=yes +-HOSTNAME=${utsname} +-EOF +- +-echo "${utsname}" > ${rootfs_path}/etc/hostname +- +- # set minimal hosts +- cat < $rootfs_path/etc/hosts ++ # set minimal hosts ++ cat < $rootfs_path/etc/hosts + 127.0.0.1 localhost.localdomain localhost $utsname +-::1 localhost6.localdomain6 localhost6 ++::1 localhost6.localdomain6 localhost6 + EOF + } + + populate_dev() + { +- echo -n "Create devices in /dev/" +- dev_path="${rootfs_path}/dev" +- rm -rf $dev_path +- mkdir -p $dev_path +- mknod -m 666 ${dev_path}/null c 1 3 +- mknod -m 666 ${dev_path}/zero c 1 5 +- mknod -m 666 ${dev_path}/random c 1 8 +- mknod -m 666 ${dev_path}/urandom c 1 9 +- mkdir -m 755 ${dev_path}/pts +- mkdir -m 1777 ${dev_path}/shm +- mknod -m 666 ${dev_path}/tty c 5 0 +- mknod -m 666 ${dev_path}/tty0 c 4 0 +- mknod -m 666 ${dev_path}/tty1 c 4 1 +- mknod -m 666 ${dev_path}/tty2 c 4 2 +- mknod -m 666 ${dev_path}/tty3 c 4 3 +- mknod -m 666 ${dev_path}/tty4 c 4 4 +- mknod -m 600 ${dev_path}/console c 5 1 +- mknod -m 666 ${dev_path}/full c 1 7 +- mknod -m 600 ${dev_path}/initctl p +- mknod -m 666 ${dev_path}/ptmx c 5 2 +- mkdir -m 755 ${dev_path}/net +- mknod -m 666 ${dev_path}/net/tun c 10 200 +- ++ echo -n "Create devices in /dev/" ++ dev_path="${rootfs_path}/dev" ++ rm -rf $dev_path ++ mkdir -p $dev_path ++ mknod -m 666 ${dev_path}/null c 1 3 ++ mknod -m 666 ${dev_path}/zero c 1 5 ++ mknod -m 666 ${dev_path}/random c 1 8 ++ mknod -m 666 ${dev_path}/urandom c 1 9 ++ mkdir -m 755 ${dev_path}/pts ++ mkdir -m 1777 ${dev_path}/shm ++ mknod -m 666 ${dev_path}/tty c 5 0 ++ mknod -m 666 ${dev_path}/tty0 c 4 0 ++ mknod -m 666 ${dev_path}/tty1 c 4 1 ++ mknod -m 666 ${dev_path}/tty2 c 4 2 ++ mknod -m 666 ${dev_path}/tty3 c 4 3 ++ mknod -m 666 ${dev_path}/tty4 c 4 4 ++ mknod -m 666 ${dev_path}/tty5 c 4 5 ++ mknod -m 666 ${dev_path}/tty6 c 4 6 ++ mknod -m 600 ${dev_path}/console c 5 1 ++ mknod -m 666 ${dev_path}/full c 1 7 ++ mknod -m 600 ${dev_path}/initctl p ++ mknod -m 666 ${dev_path}/ptmx c 5 2 ++ mkdir -m 755 ${dev_path}/net ++ mknod -m 666 ${dev_path}/net/tun c 10 200 + } + + set_guest_root_password() + { +- [ -z "$root_password" ] && return # pass is empty, abort ++ [ -z "$root_password" ] && return # pass is empty, abort + +- echo " - setting guest root password.." +- echo "root passwd is: $root_password" +- echo "root:$root_password" | chroot "$rootfs_path" chpasswd +- echo "done." ++ echo " - setting guest root password.." ++ echo "root passwd is: $root_password" ++ echo "root:$root_password" | chroot "$rootfs_path" chpasswd ++ echo "done." + } + + create_chroot_openmandriva() + { +- # check the mini openmandriva was not already downloaded +- INSTALL_ROOT=$cache/cache +- mkdir -p $INSTALL_ROOT +- if [ $? -ne 0 ]; then +- echo "Failed to create '$INSTALL_ROOT' directory" +- return 1 +- fi +- # package list to install +- PKG_LIST="basesystem-minimal locales locales-en initscripts urpmi cronie dhcp-client kbd" +- # download a mini openmandriva into a cache +- echo "Downloading openmandriva minimal ..." +- URPMI="/usr/sbin/urpmi.addmedia --urpmi-root $INSTALL_ROOT main http://abf.rosalinux.ru/downloads/$release/repository/$arch/main/release" +- echo $URPMI +- URPMI_BASE="/usr/sbin/urpmi --no-suggests --no-verify-rpm --ignorearch --root $INSTALL_ROOT --urpmi-root $INSTALL_ROOT --auto $PKG_LIST" +- $URPMI +- $URPMI_BASE +- # We're splitting the old loop into two loops plus a directory retrival. +- # First loop... Try and retrive a mirror list with retries and a slight +- # delay between attempts... +- if [ $? -ne 0 ]; then +- echo "Failed to download the rootfs, aborting." +- return 1 +- fi ++ # check the mini openmandriva was not already downloaded ++ INSTALL_ROOT=$cache/cache ++ mkdir -p $INSTALL_ROOT ++ if [ $? -ne 0 ]; then ++ echo "Failed to create '$INSTALL_ROOT' directory" ++ return 1 ++ fi ++ ++ # Poor man's version of "dnf install --installroot=" -- ++ # need to get the repository configs from rpm packages ++ # without having the repositories configured... ++ PKGS=http://abf-downloads.openmandriva.org/$release/repository/$arch/main/release/ ++ curl -s -L $PKGS |grep '^PACKAGES ++ PRE_PACKAGES="distro-release-repos" ++ for i in $PRE_PACKAGES; do ++ P=`grep "^$i-[0-9].*" PACKAGES` ++ if [ "$?" != "0" ]; then ++ echo "Can't find $i package for target" >&2 ++ exit 1 ++ fi ++ curl -O $PKGS/$P ++ rpm -r $INSTALL_ROOT -Uvh --ignorearch --nodeps $P ++ done ++ ++ # package list to install ++ PKG_LIST="basesystem-minimal locales locales-en systemd dnf networkmanager kbd" ++ # download a mini openmandriva into a cache ++ echo "Downloading openmandriva minimal ..." ++ DNF="/usr/bin/dnf -y install --nogpgcheck --installroot=$INSTALL_ROOT --releasever=$release --forcearch=arch $PKG_LIST" ++ echo $DNF ++ $DNF ++ # We're splitting the old loop into two loops plus a directory retrival. ++ # First loop... Try and retrive a mirror list with retries and a slight ++ # delay between attempts... ++ if [ $? -ne 0 ]; then ++ echo "Failed to download the rootfs, aborting." ++ return 1 ++ fi + +- mv "$INSTALL_ROOT" "$cache/rootfs" +- echo "Download complete." +- +- return 0 ++ mv "$INSTALL_ROOT" "$cache/rootfs" ++ echo "Download complete." + ++ return 0 + } + + copy_openmandriva() + { + +- echo -n "Copying rootfs to $rootfs_path ..." +- mkdir -p $rootfs_path +- rsync -SHaAX $cache/rootfs/ $rootfs_path/ +- return 0 ++ echo -n "Copying rootfs to $rootfs_path ..." ++ mkdir -p $rootfs_path ++ rsync -SHaAX $cache/rootfs/ $rootfs_path/ ++ return 0 + } + + update_openmandriva() + { +- echo "automated update in progress..." +- urpmi --root $cache/rootfs --urpmi-root $cache/rootfs --auto --auto-update --ignorearch ++ echo "automated update in progress..." ++ dnf -y distro-sync --installroot=$cache/rootfs + } + + configure_openmandriva_systemd() + { +- chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount +- chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd.service +- chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket +- chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket +- # remove numlock service +- # KDGKBLED: Inappropriate ioctl for device +- rm -f ${rootfs_path}/etc/systemd/system/getty@.service.d/enable-numlock.conf +- +- unlink ${rootfs_path}/etc/systemd/system/default.target +- chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target +- sed -i 's!ConditionPathExists=/dev/tty0!ConditionPathExists=|/dev/tty0\nConditionVirtualization=|lxc!' \ +- ${rootfs_path}/lib/systemd/system/getty\@.service ++ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount ++ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd.service ++ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket ++ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket ++ # remove numlock service ++ # KDGKBLED: Inappropriate ioctl for device ++ rm -f ${rootfs_path}/etc/systemd/system/getty@.service.d/enable-numlock.conf ++ ++ unlink ${rootfs_path}/etc/systemd/system/default.target ++ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target ++ sed -i 's!ConditionPathExists=/dev/tty0!ConditionPathExists=|/dev/tty0\nConditionVirtualization=|lxc!' \ ++ ${rootfs_path}/lib/systemd/system/getty\@.service + } + + + install_openmandriva() + { +- mkdir -p @LOCALSTATEDIR@/lock/subsys/ +- ( +- flock -x 9 +- if [ $? -ne 0 ]; then +- echo "Cache repository is busy." +- return 1 +- fi +- +- echo "Checking cache download in $cache/rootfs ... " +- if [ ! -e "$cache/rootfs" ]; then +- echo $cache/rootfs +- create_chroot_openmandriva +- if [ $? -ne 0 ]; then +- echo "Failed to download 'openmandriva basesystem-minimal'" +- return 1 +- fi +- else +- echo "Cache found. Updating..." +- update_openmandriva +- if [ $? -ne 0 ]; then +- echo "Failed to update 'openmandriva base', continuing with last known good cache" +- else +- echo "Update finished" +- fi +- fi +- +- echo "Copy $cache/rootfs to $rootfs_path ... " +- copy_openmandriva +- if [ $? -ne 0 ]; then +- echo "Failed to copy rootfs" +- return 1 +- fi +- return 0 +- ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-openmandriva ++ mkdir -p @LOCALSTATEDIR@/lock/subsys/ ++ ( ++ flock -x 9 ++ if [ $? -ne 0 ]; then ++ echo "Cache repository is busy." ++ return 1 ++ fi ++ ++ echo "Checking cache download in $cache/rootfs ... " ++ if [ ! -e "$cache/rootfs" ]; then ++ echo $cache/rootfs ++ create_chroot_openmandriva ++ if [ $? -ne 0 ]; then ++ echo "Failed to download 'openmandriva basesystem-minimal'" ++ return 1 ++ fi ++ else ++ echo "Cache found. Updating..." ++ update_openmandriva ++ if [ $? -ne 0 ]; then ++ echo "Failed to update 'openmandriva base', continuing with last known good cache" ++ else ++ echo "Update finished" ++ fi ++ fi ++ ++ echo "Copy $cache/rootfs to $rootfs_path ... " ++ copy_openmandriva ++ if [ $? -ne 0 ]; then ++ echo "Failed to copy rootfs" ++ return 1 ++ fi ++ return 0 ++ ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-openmandriva + +- return $? ++ return $? + } + + copy_configuration() + { + +- mkdir -p $config_path +- grep -q "^lxc.rootfs.path" $config_path/config 2>/dev/null || echo "lxc.rootfs.path = $rootfs_path" >> $config_path/config +- cat <> $config_path/config ++ mkdir -p $config_path ++ grep -q "^lxc.rootfs.path" $config_path/config 2>/dev/null || echo "lxc.rootfs.path = $rootfs_path" >> $config_path/config ++ cat <> $config_path/config + lxc.uts.name = $name + lxc.tty.max = 4 + lxc.pty.max = 1024 +@@ -245,26 +243,26 @@ lxc.net.0.name = eth0 + lxc.net.0.mtu = 1500 + EOF + if [ ! -z ${ipv4} ]; then +- cat <> $config_path/config ++ cat <> $config_path/config + lxc.net.0.ipv4.address = $ipv4 + EOF + fi + if [ ! -z ${gw} ]; then +- cat <> $config_path/config ++ cat <> $config_path/config + lxc.net.0.ipv4.gateway = $gw + EOF + fi + if [ ! -z ${ipv6} ]; then +- cat <> $config_path/config ++ cat <> $config_path/config + lxc.net.0.ipv6.address = $ipv6 + EOF + fi + if [ ! -z ${gw6} ]; then +- cat <> $config_path/config ++ cat <> $config_path/config + lxc.net.0.ipv6.gateway = $gw6 + EOF + fi +- cat <> $config_path/config ++ cat <> $config_path/config + #cgroups + lxc.cgroup.devices.deny = a + # /dev/null and zero +@@ -284,201 +282,190 @@ lxc.cgroup.devices.allow = c 5:2 rwm + lxc.cgroup.devices.allow = c 10:135 rwm + EOF + +- if [ $? -ne 0 ]; then +- echo "Failed to add configuration" +- return 1 +- fi ++ if [ $? -ne 0 ]; then ++ echo "Failed to add configuration" ++ return 1 ++ fi + +- return 0 ++ return 0 + } + + clean() + { + +- if [ ! -e $cache ]; then +- exit 0 +- fi +- +- # lock, so we won't purge while someone is creating a repository +- ( +- flock -x 9 +- if [ $? != 0 ]; then +- echo "Cache repository is busy." +- exit 1 +- fi +- +- echo -n "Purging the download cache for OpenMandriva-$release..." +- rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 +- exit 0 +- ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-openmandriva ++ if [ ! -e $cache ]; then ++ exit 0 ++ fi ++ ++ # lock, so we won't purge while someone is creating a repository ++ ( ++ flock -x 9 ++ if [ $? != 0 ]; then ++ echo "Cache repository is busy." ++ exit 1 ++ fi ++ ++ echo -n "Purging the download cache for OpenMandriva-$release..." ++ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 ++ exit 0 ++ ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-openmandriva + } + + usage() + { +- cat < +- [-p|--path=] [-c|--clean] [-R|--release=] +- [-4|--ipv4=] [-6|--ipv6=] +- [-g|--gw=] [-d|--dns=] +- [-P|--profile=] [--rootfs=] +- [-A|--arch=] +- [-h|--help] ++ $1 -n|--name= ++ [-p|--path=] [-c|--clean] [-R|--release=] ++ [-4|--ipv4=] [-6|--ipv6=] ++ [-g|--gw=] [-d|--dns=] ++ [-P|--profile=] [--rootfs=] ++ [-A|--arch=] ++ [-h|--help] + Mandatory args: +- -n,--name container name, used to as an identifier for that container from now on ++ -n,--name container name, used to as an identifier for that container from now on + Optional args: +- -p,--path path to where the container rootfs will be created, defaults to @LXCPATH@. The container config will go under @LXCPATH@ in that case +- -c,--clean clean the cache +- -R,--release openmandriva2013.0/cooker/rosa2012.1 release for the new container. if the host is OpenMandriva, then it will default to the host's release. +- -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24 +- -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64 +- -g,--gw specify the default gw, eg. 192.168.1.1 +- -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596 +- -d,--dns specify the DNS server, eg. 192.168.1.2 +- -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache. +- -A,--arch Define what arch the container will be [i586,x86_64,armv7l,armv7hl] +- ---rootfs rootfs path +- -h,--help print this help ++ -p,--path path to where the container rootfs will be created, defaults to @LXCPATH@. The container config will go under @LXCPATH@ in that case ++ -c,--clean clean the cache ++ -R,--release openmandriva2013.0/cooker/rosa2012.1 release for the new container. if the host is OpenMandriva, then it will default to the host's release. ++ -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24 ++ -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64 ++ -g,--gw specify the default gw, eg. 192.168.1.1 ++ -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596 ++ -d,--dns specify the DNS server, eg. 192.168.1.2 ++ -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache. ++ -A,--arch Define what arch the container will be [i586,x86_64,armv7l,armv7hl] ++ ---rootfs rootfs path ++ -h,--help print this help + EOF +- return 0 ++ return 0 + } + + options=$(getopt -o hp:n:P:cR:4:6:g:d:A -l help,rootfs:,path:,name:,profile:,clean:,release:,ipv4:,ipv6:,gw:,dns:,arch: -- "$@") + if [ $? -ne 0 ]; then +- usage $(basename $0) +- exit 1 ++ usage $(basename $0) ++ exit 1 + fi + eval set -- "$options" + + release=${release:-"cooker"} +-if [ -f /etc/lsb-release ]; then +- . /etc/lsb-release +- if [ "$DISTRIB_ID" = "OpenMandrivaLinux" ]; then +- release=openmandriva2013.0 +- elif [ "$DISTRIB_ID" = "RosaDesktop.Fresh" ]; then +- release=rosa2012.1 +- else +- echo "This is not an OpenMandriva or ROSA release" +- exit 1 +- fi +-fi + + while true + do +- case "$1" in +- -h|--help) usage $0 && exit 0;; +- -p|--path) path=$2; shift 2;; +- --rootfs) rootfs_path=$2; shift 2;; +- -n|--name) name=$2; shift 2;; +- -P|--profile) profile=$2; shift 2;; +- -c|--clean) clean=1; shift 1;; +- -R|--release) release=$2; shift 2;; +- -A|--arch) arch=$2; shift 2;; +- -4|--ipv4) ipv4=$2; shift 2;; +- -6|--ipv6) ipv6=$2; shift 2;; +- -g|--gw) gw=$2; shift 2;; +- -d|--dns) dns=$2; shift 2;; +- --) shift 1; break ;; +- *) break ;; +- esac ++ case "$1" in ++ -h|--help) usage $0 && exit 0;; ++ -p|--path) path=$2; shift 2;; ++ --rootfs) rootfs_path=$2; shift 2;; ++ -n|--name) name=$2; shift 2;; ++ -P|--profile) profile=$2; shift 2;; ++ -c|--clean) clean=1; shift 1;; ++ -R|--release) release=$2; shift 2;; ++ -A|--arch) arch=$2; shift 2;; ++ -4|--ipv4) ipv4=$2; shift 2;; ++ -6|--ipv6) ipv6=$2; shift 2;; ++ -g|--gw) gw=$2; shift 2;; ++ -d|--dns) dns=$2; shift 2;; ++ --) shift 1; break ;; ++ *) break ;; ++ esac + done + + arch=${arch:-$hostarch} + + if [ ! -z "$clean" -a -z "$path" ]; then +- clean || exit 1 +- exit 0 ++ clean || exit 1 ++ exit 0 + fi + + if [ -z "${utsname}" ]; then +- utsname=${name} ++ utsname=${name} + fi + + type urpmi >/dev/null 2>&1 + if [ $? -ne 0 ]; then +- echo "'urpmi' command is missing" +- exit 1 ++ echo "'urpmi' command is missing" ++ exit 1 + fi + + if [ -z "$path" ]; then +- path=$default_path ++ path=$default_path + fi + + if [ -z "$profile" ]; then +- profile=$default_profile ++ profile=$default_profile + fi + +-if [ $hostarch = "i586" -a $arch = "x86_64" ]; then +- echo "can't create x86_64 container on i586" +- exit 1 ++if [ $hostarch = "i686" -a $arch = "x86_64" ]; then ++ echo "can't create x86_64 container on i686" ++ exit 1 + fi + + if [ -z "$ipv4" -a -z "$ipv6" ]; then +- BOOTPROTO="dhcp" ++ BOOTPROTO="dhcp" + else +- BOOTPROTO="static" ++ BOOTPROTO="static" + fi + + if [ "$(id -u)" != "0" ]; then +- echo "This script should be run as 'root'" +- exit 1 ++ echo "This script should be run as 'root'" ++ exit 1 + fi + + # check for 'lxc.rootfs.path' passed in through default config by lxc-create + if [ -z "$rootfs_path" ]; then +- if grep -q '^lxc.rootfs.path' $path/config 2>/dev/null ; then +- rootfs_path=$(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $path/config) +- else +- rootfs_path=$path/$name/rootfs +- fi ++ if grep -q '^lxc.rootfs.path' $path/config 2>/dev/null ; then ++ rootfs_path=$(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $path/config) ++ else ++ rootfs_path=$path/$name/rootfs ++ fi + fi + + config_path=$default_path/$name + cache=$cache_base/$release/$arch/$profile + + if [ ! -f $config_path/config ]; then +- echo "A container with that name exists, chose a different name" +- exit 1 ++ echo "A container with that name exists, chose a different name" ++ exit 1 + fi + + install_openmandriva + if [ $? -ne 0 ]; then +- echo "failed to install openmandriva" +- exit 1 ++ echo "failed to install openmandriva" ++ exit 1 + fi + + configure_openmandriva + if [ $? -ne 0 ]; then +- echo "failed to configure openmandriva for a container" +- exit 1 ++ echo "failed to configure openmandriva for a container" ++ exit 1 + fi + + # If the systemd configuration directory exists - set it up for what we need. + if [ -d ${rootfs_path}/etc/systemd/system ] + then +- configure_openmandriva_systemd ++ configure_openmandriva_systemd + fi + + populate_dev + if [ $? -ne 0 ]; then +- echo "failed to populated /dev/ devices" +- exit 1 ++ echo "failed to populated /dev/ devices" ++ exit 1 + fi + + set_guest_root_password + if [ $? -ne 0 ]; then +- echo "failed to configure password for chroot" +- exit 1 ++ echo "failed to configure password for chroot" ++ exit 1 + fi + + copy_configuration + if [ $? -ne 0 ]; then +- echo "failed write configuration file" +- exit 1 ++ echo "failed write configuration file" ++ exit 1 + fi + + if [ ! -z "$clean" ]; then +- clean || exit 1 +- exit 0 ++ clean || exit 1 ++ exit 0 + fi + echo "container rootfs and config created" diff --git a/lxc.rpmlintrc b/lxc.rpmlintrc new file mode 100644 index 0000000..aa09e58 --- /dev/null +++ b/lxc.rpmlintrc @@ -0,0 +1 @@ +addFilter("E: devel-file-in-non-devel-package") diff --git a/lxc.sh b/lxc.sh new file mode 100644 index 0000000..418cc68 --- /dev/null +++ b/lxc.sh @@ -0,0 +1,293 @@ +#!bash + +# bash completion for lxc +### v1.1 20111211 +# +# CHANGE LOG: +# v1.1: +# added basic completion for 'lxc $command $container' next syntax +# v1.0: +# initial kork + +have lxc-start && { + +_lxc_names() +{ + COMPREPLY=( $( compgen -W "$( /usr/bin/lxc-ls )" "$cur" ) ) +} + +_lxc_status() +{ + COMPREPLY=( $( compgen -W "RUNNING STOPPED" "$cur" ) ) +} + +_lxc_templates() +{ + COMPREPLY=( $( compgen -W "$( /bin/ls /usr/share/lxc/templates/ | sed -e 's|^lxc-||' )" "$cur" ) ) +} + +_lxc-start() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -d -f -c -s -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-start lxc-start + +_lxc-generic() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-generic lxc-stop +complete -F _lxc-generic lxc-halt +complete -F _lxc-generic lxc-shutdown +complete -F _lxc-generic lxc-kill +complete -F _lxc-generic lxc-monitor +complete -F _lxc-generic lxc-cgroup +complete -F _lxc-generic lxc-unfreeze + +_lxc-info() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -s -p -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-info lxc-info + +_lxc-wait() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + + -s) + _lxc_status "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -s -p -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-wait lxc-wait + +_lxc-create() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -t) + _lxc_templates "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -t -f' -- "$cur" ) ) + fi +} +complete -F _lxc-create lxc-create + +_lxc-console() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -t -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-console lxc-console + +_lxc-destroy() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n' -- "$cur" ) ) + fi +} +complete -F _lxc-destroy lxc-destroy + +_lxc-execute() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -f -s -- -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-execute lxc-execute + +_lxc-ps() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -- -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-ps lxc-ps + +_lxc-restart() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -S -d -p -f -s -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-restart lxc-restart + +_lxc-checkpoint() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + if [[ "$cur" == -* ]] + then + COMPREPLY=( $( compgen -W '-n -S -d -p -k -q -o -l' -- "$cur" ) ) + fi +} +complete -F _lxc-checkpoint lxc-checkpoint + +# next lxc command usage +_lxc-cmd() +{ + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + lxc) + COMPREPLY=( $( compgen -W 'attach cgroup checkconfig checkpoint clone console create destroy execute freeze halt shutdown info kill ls monitor netstat ps restart setcap setuid start stop unfreeze unshare version wait' -- "$cur" ) ) + return 0 + ;; + + attach|cgroup|checkconfig|checkpoint|clone|console|create|destroy|execute|freeze|halt|shutdown|info|kill|monitor|netstat|ps|restart|start|stop|unfreeze|unshare|wait) + _lxc_names "$cur" + return 0 + ;; + esac +} +complete -F _lxc-cmd lxc + +} diff --git a/lxc.spec b/lxc.spec index 1afcad3..f7bb8ca 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,62 +1,76 @@ +### XXX This package was mostly copypasted from OpenMandriva +# when upgrading very old lxc v2 to lxc v4 in ROSA 2019.1 (urpmi -> dnf) +# https://github.com/OpenMandrivaAssociation/lxc +# TODO: +# - get rid of network scripts crap +# - try to get rid of dnsmasq +# - rename distro from OpenMandriva to ROSA +# - check if distro script requires fixing +# - check if python bindings from an older version are needed and remove them +# - check what to do with templates from older version + +%global _disable_rebuild_configure 0 +# The python module doesn't link to libpython +%global _disable_ld_no_undefined 1 + %define major 1 %define libname %mklibname lxc %{major} -%define devname %mklibname lxc -d - -%define debugcflags %{nil} -%define debug_package %{nil} +%define develname %mklibname lxc -d %define luaver 5.3 + %define lualibdir %{_libdir}/lua/%{luaver} %define luapkgdir %{_datadir}/lua/%{luaver} +%bcond_with lua +%bcond_without python -%bcond_without lua -%bcond_without python3 - -Summary: Linux Containers Name: lxc -Version: 2.0.8 -Release: 6 -Epoch: 1 -License: LGPLv2+ +Version: 4.0.5 +Release: 1 +Summary: Linux Containers Group: System/Kernel and hardware -Url: http://lxc.sourceforge.net -Source0: https://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz -Patch1: rosa-template.patch -Patch2: rosa-template-make.patch -#Patch3: python-api-build.patch +License: LGPLv2 +Epoch: 1 +URL: http://lxc.sourceforge.net +Source0: http://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz +Source1: http://linuxcontainers.org/downloads/%{name}-templates-3.0.4.tar.gz +Source2: http://linuxcontainers.org/downloads/lua-%{name}-3.0.2.tar.gz +Source3: http://linuxcontainers.org/downloads/python3-%{name}-3.0.4.tar.gz +Source4: %{name}.sh +Source5: dnsmasq-rule +Source6: ifcfg-lxcbr0 +Source7: sysctl-rule +Source100: lxc.rpmlintrc +Patch0: lxc-templates-openmandriva.patch +Patch4: lxc-3.1.0-python-linkage.patch BuildRequires: docbook-utils -BuildRequires: docbook2x -BuildRequires: doxygen BuildRequires: kernel-headers -BuildRequires: locales-en BuildRequires: cap-devel -BuildRequires: seccomp-devel -BuildRequires: selinux-devel -BuildRequires: pkgconfig(dbus-1) -BuildRequires: pkgconfig(libcgmanager) -BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(libsystemd) +Buildrequires: docbook-dtd30-sgml +Buildrequires: docbook2x +BuildRequires: pkgconfig(bash-completion) %if %{with lua} -BuildRequires: pkgconfig(lua) +Buildrequires: lua-devel %endif -%if %{with python3} -BuildRequires: pkgconfig(python3) -Requires: python3 -Requires: python3-lxc +%if %{with python} +Buildrequires: pkgconfig(python3) +Buildrequires: python3-setuptools %endif # needed for lxc-busybox -Recommends: busybox +#Requires: busybox # needed for lxc-debian -Recommends: dpkg +#Requires: dpkg # needed for lxc-debian, lxc-ubuntu: -Recommends: debootstrap -Recommends: rsync +#Requires: debootstrap +Requires: rsync # needed for lxc-sshd -Requires: openssh-server +Recommends: openssh-server # bridge Requires: bridge-utils - -Conflicts: lxc-doc < 0.7.5 -Obsoletes: lxc-doc < 0.7.5 +# for lxcbr0, but allow to create it in other ways +Recommends: iptables +Recommends: dnsmasq %description The package "%{name}" provides the command lines to create and manage @@ -69,30 +83,45 @@ or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd. -%files -f %{name}.lang -%doc README MAINTAINERS AUTHORS CONTRIBUTING COPYING -%doc %{_docdir}/%{name}/examples/*.conf +%files +%doc %{_docdir}/%{name} %{_datadir}/%{name}/config/common.conf.d/README -%{_datadir}/%{name}/config/common.seccomp -%{_datadir}/%{name}/selinux/lxc.if -%{_datadir}/%{name}/selinux/lxc.te -%{_sysconfdir}/lxc/default.conf -%{_sysconfdir}/default/lxc -%{_sysconfdir}/bash_completion.d/lxc +%{_sysconfdir}/default/%{name} %{_bindir}/lxc-* -%{_datadir}/%{name}/%{name}.functions -%{_datadir}/%{name}/config/*.conf -%{_datadir}/lxc/hooks/* -%{_datadir}/lxc/templates/* -%{_libexecdir}/lxc/rootfs/README -%{_libexecdir}/lxc/lxc-* -%{_libexecdir}/lxc/hooks -%{_localstatedir}/lib/%{name} -%{_mandir}/man*/%{name}* %{_sbindir}/init.lxc -%{_unitdir}/* +%dir %{_libexecdir}/lxc +%{_libexecdir}/lxc/lxc-* +%dir %{_libexecdir}/lxc/hooks +%{_libexecdir}/lxc/hooks/unmount-namespace +%dir %{_datadir}/lxc +%dir %{_datadir}/lxc/config +%dir %{_datadir}/lxc/hooks +%dir %{_datadir}/lxc/templates +%dir %{_datadir}/lxc/selinux +%dir %{_datadir}/lxc/config/common.conf.d +%{_datadir}/lxc/templates/* +%{_datadir}/lxc/hooks/* +%{_datadir}/lxc/selinux/lxc.* +%{_datadir}/lxc/__pycache__ +%{_libdir}/lxc/rootfs/README +%{_mandir}/man*/%{name}* +%{_mandir}/ja/man*/* +%{_datadir}/%{name}/config/*.seccomp +%{_datadir}/%{name}/config/*.conf +%{_datadir}/lxc/lxc-patch.py +/var/lib/%{name} +%{_datadir}/%{name}/%{name}.functions +%{_sysconfdir}/dnsmasq.d/lxc +%{_sysconfdir}/sysconfig/network-scripts/ifcfg-lxcbr0 +%{_unitdir}/lxc.service +%{_unitdir}/lxc-net.service +%{_sysconfdir}/sysctl.d/99-lxc-oom.conf +%{_sysconfdir}/lxc +%{_unitdir}/lxc@.service +%{_datadir}/bash-completion/completions/lxc +%lang(ko) %{_mandir}/ko/*/* -#---------------------------------------------------------------------------- +#----------------------------------------------------------------------- %package -n %{libname} Summary: Library for LXC @@ -105,23 +134,22 @@ Library for the Linux Kernel Containers. %{_libdir}/lib%{name}.so.%{major} %{_libdir}/lib%{name}.so.%{major}.* -#---------------------------------------------------------------------------- +#----------------------------------------------------------------------- -%package -n %{devname} +%package -n %{develname} Summary: Development files for LXC Group: Development/C -Requires: %{libname}%{?_isa} = %{EVRD} +Requires: %{libname} = %{EVRD} -%description -n %{devname} +%description -n %{develname} Developement files for the Linux Kernel Containers. -%files -n %{devname} -%doc COPYING -%{_includedir}/%{name}/*.h +%files -n %{develname} +%{_includedir}/%{name} %{_libdir}/lib%{name}.so %{_libdir}/pkgconfig/%{name}.pc -#---------------------------------------------------------------------------- +#----------------------------------------------------------------------- %if %{with lua} %package -n lua-%{name} @@ -140,10 +168,10 @@ The lua-%{name} package contains the Lua binding for %{name}. %{luapkgdir}/%{name}.lua %endif -#---------------------------------------------------------------------------- +#----------------------------------------------------------------------- -%if %{with python3} -%package -n python3-%{name} +%if %{with python} +%package -n python3-%{name} Summary: Python binding for %{name} Group: System/Libraries @@ -154,58 +182,99 @@ overhead of full virtualization. The python3-%{name} package contains the Python3 binding for %{name}. %files -n python3-%{name} -%{py3_platsitedir}/* +%{python3_sitearch}/* %endif -#---------------------------------------------------------------------------- +#----------------------------------------------------------------------- %prep -%setup -q -%apply_patches +%setup -q -a 1 %{?_with_lua:-a 2} -a 3 +%autopatch -p1 + +# Some adaptation of OMV script +# TODO: name it as ROSA and test it properly +sed -i lxc-templates-*/templates/lxc-openmandriva.in \ + -e 's,openmandriva.org,rosalinux.ru,g' \ + -e 's,distro-release-repos,rosa-repos,g' + +# Clang spews a few more warnings than gcc... +sed -i -e 's,-Werror,,g' configure* %build -autoreconf -fi -export LC_ALL=en_US.utf8 -export LDFLAGS="$LDFLAGS -llua" -%configure F77=no \ - --disable-apparmor \ - --with-distro=mandriva \ - --with-init-script=systemd \ - --enable-doc \ - --enable-api-docs \ - --enable-selinux \ - --enable-seccomp \ - --enable-capabilities \ - --enable-cgmanager \ - --enable-examples \ - --enable-bash \ - --disable-werror \ - --with-systemdsystemunitdir=%{_unitdir} \ +dir0="$PWD" + +[ -e autogen.sh ] && ./autogen.sh || autoreconf -fi +cd "${dir0}"/lxc-templates-* +[ -e autogen.sh ] && ./autogen.sh || autoreconf -fi + %if %{with lua} - --enable-lua \ -%else - --disable-lua \ -%endif -%if %{with python3} - --enable-python \ -%else - --disable-python \ +cd "${dir0}"/lua-lxc-* +[ -e autogen.sh ] && ./autogen.sh || autoreconf -fi %endif -# remove rpath ( rpmlint error ) -#sed -i '/AM_LDFLAGS = -Wl,-E -Wl,-rpath -Wl,$(libdir)/d' src/lxc/Makefile.in -%make +cd "$dir0" + +%configure \ + --disable-apparmor \ + --with-init-script=systemd \ + --with-distro=openmandriva \ +%if %{with lua} + --enable-lua \ +%else + --disable-lua \ +%endif +%if %{with python} + --enable-python \ +%endif + +%make_build + +cd "${dir0}"/lxc-templates-* +%configure +%make_build + +%if %{with lua} +cd "${dir0}"/lua-lxc-* +%configure +%make_build +cd .. +%endif + +%if %{with python} +export PKG_CONFIG_PATH=`pwd` +cd "${dir0}"/python3-lxc-* +%__python3 setup.py build +cd .. +%endif %install -%makeinstall_std templatesdir=%{_datadir}/lxc/templates READMEdir=%{_libexecdir}/lxc/rootfs + +dir0="$PWD" + +%make_install templatesdir=%{_datadir}/lxc/templates READMEdir=%{_libdir}/lxc/rootfs +cd "${dir0}"/lxc-templates-* +%make_install templatesdir=%{_datadir}/lxc/templates READMEdir=%{_libdir}/lxc/rootfs +cd .. + +%if %{with lua} +cd "${dir0}"/lua-lxc-* +%make_install templatesdir=%{_datadir}/lxc/templates READMEdir=%{_libdir}/lxc/rootfs +cd .. +%endif + +%if %{with python} +cd "${dir0}"/python3-lxc-* +%__python3 setup.py install --skip-build --root=%{buildroot} --single-version-externally-managed --record=INSTALLED_FILES --optimize=1 +cd .. +%endif mkdir -p %{buildroot}/var/lib/%{name} +mkdir -p %{buildroot}%{_sysconfdir}/dnsmasq.d/ +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ +mkdir -p %{buildroot}%{_sysconfdir}/sysctl.d/ +install %{SOURCE4} %{buildroot}%{_sysconfdir}/dnsmasq.d/lxc +install %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifcfg-lxcbr0 +install %{SOURCE6} %{buildroot}%{_sysconfdir}/sysctl.d/99-lxc-oom.conf -rm -f %{buildroot}%{_datadir}/%{name}/%{name}-patch.py* - -# These doc files are empty: -rm -f %{buildroot}%{_docdir}/%{name}/{NEWS,ChangeLog} - -%find_lang %{name} --with-man --all-name - -sed -i s'#//#/#' %{buildroot}%{_libdir}/pkgconfig/%{name}.pc +# Fix up bogus pkgconfig files +sed -i -e 's,\${prefix}//,/,g' %{buildroot}%{_libdir}/pkgconfig/* diff --git a/rosa-template-make.patch b/rosa-template-make.patch deleted file mode 100644 index 06d4e69..0000000 --- a/rosa-template-make.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -Naur lxc-2.0.8.orig/configure.ac lxc-2.0.8/configure.ac ---- lxc-2.0.8.orig/configure.ac 2018-06-14 00:15:06.732247216 +0300 -+++ lxc-2.0.8/configure.ac 2018-06-14 00:15:06.751247645 +0300 -@@ -880,6 +880,7 @@ - templates/lxc-fedora - templates/lxc-gentoo - templates/lxc-openmandriva -+ templates/lxc-rosa - templates/lxc-opensuse - templates/lxc-oracle - templates/lxc-plamo -diff -Naur lxc-2.0.8.orig/templates/Makefile.am lxc-2.0.8/templates/Makefile.am ---- lxc-2.0.8.orig/templates/Makefile.am 2018-06-14 00:15:06.738247352 +0300 -+++ lxc-2.0.8/templates/Makefile.am 2018-06-14 00:15:06.751247645 +0300 -@@ -12,6 +12,7 @@ - lxc-fedora \ - lxc-gentoo \ - lxc-openmandriva \ -+ lxc-rosa \ - lxc-opensuse \ - lxc-oracle \ - lxc-plamo \ -diff -Naur lxc-2.0.8.orig/templates/Makefile.in lxc-2.0.8/templates/Makefile.in ---- lxc-2.0.8.orig/templates/Makefile.in 2018-06-14 00:15:06.738247352 +0300 -+++ lxc-2.0.8/templates/Makefile.in 2018-06-14 00:15:55.017336528 +0300 -@@ -106,7 +106,7 @@ - lxc-centos lxc-cirros lxc-debian lxc-download lxc-fedora \ - lxc-gentoo lxc-openmandriva lxc-opensuse lxc-oracle lxc-plamo \ - lxc-slackware lxc-sshd lxc-ubuntu lxc-ubuntu-cloud \ -- lxc-sparclinux -+ lxc-sparclinux lxc-rosa - CONFIG_CLEAN_VPATH_FILES = - am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; - am__vpath_adj = case $$p in \ -@@ -166,7 +166,8 @@ - $(srcdir)/lxc-opensuse.in $(srcdir)/lxc-oracle.in \ - $(srcdir)/lxc-plamo.in $(srcdir)/lxc-slackware.in \ - $(srcdir)/lxc-sparclinux.in $(srcdir)/lxc-sshd.in \ -- $(srcdir)/lxc-ubuntu-cloud.in $(srcdir)/lxc-ubuntu.in -+ $(srcdir)/lxc-ubuntu-cloud.in $(srcdir)/lxc-ubuntu.in \ -+ $(srcdir)/lxc-rosa.in $(srcdir)/lxc-rosa.in - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -@@ -373,6 +374,7 @@ - lxc-fedora \ - lxc-gentoo \ - lxc-openmandriva \ -+ lxc-rosa \ - lxc-opensuse \ - lxc-oracle \ - lxc-plamo \ -@@ -436,6 +438,8 @@ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ - lxc-openmandriva: $(top_builddir)/config.status $(srcdir)/lxc-openmandriva.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -+lxc-rosa: $(top_builddir)/config.status $(srcdir)/lxc-rosa.in -+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ - lxc-opensuse: $(top_builddir)/config.status $(srcdir)/lxc-opensuse.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ - lxc-oracle: $(top_builddir)/config.status $(srcdir)/lxc-oracle.in diff --git a/rosa-template.patch b/rosa-template.patch deleted file mode 100644 index 45744bd..0000000 --- a/rosa-template.patch +++ /dev/null @@ -1,501 +0,0 @@ -diff --git a/templates/lxc-rosa.in b/templates/lxc-rosa.in -new file mode 100644 -index 0000000..e0a6459 ---- /dev/null -+++ b/templates/lxc-rosa.in -@@ -0,0 +1,495 @@ -+#!/bin/bash -+ -+# -+# template script for generating Rosa container for LXC -+# -+ -+# -+# lxc: linux Container library -+ -+# This library is free software; you can redistribute it and/or -+# modify it under the terms of the GNU Lesser General Public -+# License as published by the Free Software Foundation; either -+# version 2.1 of the License, or (at your option) any later version. -+ -+# This library is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# Lesser General Public License for more details. -+ -+# You should have received a copy of the GNU Lesser General Public -+# License along with this library; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+# -+ -+# Detect use under userns (unsupported) -+for arg in "$@"; do -+ [ "$arg" = "--" ] && break -+ if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then -+ echo "This template can't be used for unprivileged containers." 1>&2 -+ echo "You may want to try the \"download\" template instead." 1>&2 -+ exit 1 -+ fi -+done -+ -+# Make sure the usual locations are in PATH -+export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin -+ -+hostarch=$(uname -m) -+cache_base=@LOCALSTATEDIR@/cache/lxc/rosa/$arch -+default_path=@LXCPATH@ -+default_profile=default -+root_password=root -+lxc_network_type=none -+# lxc_network_link=br0 -+ -+# is this Rosa? -+[ -f /etc/rosa-release ] && is_rosa=true -+ -+configure_rosa() -+{ -+mkdir -p ${rootfs_path}/etc/sysconfig/network-scripts/ -+ -+ # configure the network using the dhcp -+ cat < ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 -+DEVICE=eth0 -+ONBOOT=no -+BOOTPROTO=dhcp -+NM_CONTROLLED=no -+HOSTNAME=${utsname} -+EOF -+ -+ # set the hostname -+ cat < ${rootfs_path}/etc/sysconfig/network -+NETWORKING=yes -+HOSTNAME=${utsname} -+EOF -+ -+echo "${utsname}" > ${rootfs_path}/etc/hostname -+ -+ # set minimal hosts -+ cat < $rootfs_path/etc/hosts -+127.0.0.1 localhost.localdomain localhost $utsname -+::1 localhost6.localdomain6 localhost6 -+EOF -+ -+ # populate resolv.conf for non-dhcp-enabled guests -+ cp -f /etc/resolv.conf ${rootfs_path}/etc/ -+} -+ -+populate_dev() -+{ -+ echo -n "Create devices in /dev/" -+ dev_path="${rootfs_path}/dev" -+ rm -rf $dev_path -+ mkdir -p $dev_path -+ mknod -m 666 ${dev_path}/null c 1 3 -+ mknod -m 666 ${dev_path}/zero c 1 5 -+ mknod -m 666 ${dev_path}/random c 1 8 -+ mknod -m 666 ${dev_path}/urandom c 1 9 -+ mkdir -m 755 ${dev_path}/pts -+ mkdir -m 1777 ${dev_path}/shm -+ mknod -m 666 ${dev_path}/tty c 5 0 -+ mknod -m 666 ${dev_path}/tty0 c 4 0 -+ mknod -m 666 ${dev_path}/tty1 c 4 1 -+ mknod -m 666 ${dev_path}/tty2 c 4 2 -+ mknod -m 666 ${dev_path}/tty3 c 4 3 -+ mknod -m 666 ${dev_path}/tty4 c 4 4 -+ mknod -m 600 ${dev_path}/console c 5 1 -+ mknod -m 666 ${dev_path}/full c 1 7 -+ mknod -m 600 ${dev_path}/initctl p -+ mknod -m 666 ${dev_path}/ptmx c 5 2 -+ mkdir -m 755 ${dev_path}/net -+ mknod -m 666 ${dev_path}/net/tun c 10 200 -+ -+} -+ -+set_guest_root_password() -+{ -+ [ -z "$root_password" ] && return # pass is empty, abort -+ -+ echo " - setting guest root password.." -+ echo "root passwd is: $root_password" -+ echo "root:$root_password" | chroot "$rootfs_path" chpasswd -+ echo "done." -+} -+ -+create_chroot_rosa() -+{ -+ # check the mini Rosa was not already downloaded -+ INSTALL_ROOT=$cache/cache -+ mkdir -p $INSTALL_ROOT -+ if [ $? -ne 0 ]; then -+ echo "Failed to create '$INSTALL_ROOT' directory" -+ return 1 -+ fi -+ # package list to install -+ PKG_LIST="basesystem locales locales-en initscripts urpmi cronie dhcp-client kbd man" -+ # download a mini Rosa into a cache -+ echo "Downloading Rosa minimal ..." -+ URPMI="/usr/sbin/urpmi.addmedia --urpmi-root $INSTALL_ROOT main http://abf.rosalinux.ru/downloads/$release/repository/$arch/main/release" -+ URPMI2="/usr/sbin/urpmi.addmedia --urpmi-root $INSTALL_ROOT main_updates http://abf.rosalinux.ru/downloads/$release/repository/$arch/main/updates" -+ echo $URPMI -+ echo $URPMI2 -+ URPMI_BASE="/usr/sbin/urpmi --no-suggests --no-verify-rpm --ignorearch --root $INSTALL_ROOT --urpmi-root $INSTALL_ROOT --auto $PKG_LIST" -+ $URPMI -+ $URPMI2 -+ $URPMI_BASE -+ # We're splitting the old loop into two loops plus a directory retrival. -+ # First loop... Try and retrive a mirror list with retries and a slight -+ # delay between attempts... -+ if [ $? -ne 0 ]; then -+ echo "Failed to download the rootfs, aborting." -+ return 1 -+ fi -+ -+ mv "$INSTALL_ROOT" "$cache/rootfs" -+ echo "Download complete." -+ -+ return 0 -+ -+} -+ -+copy_rosa() -+{ -+ -+ echo -n "Copying rootfs to $rootfs_path ..." -+ mkdir -p $rootfs_path -+ rsync -Ha $cache/rootfs/ $rootfs_path/ -+ return 0 -+} -+ -+update_rosa() -+{ -+ echo "automated update in progress..." -+ urpmi --root $cache/rootfs --urpmi-root $cache/rootfs --auto --auto-update --ignorearch -+} -+ -+configure_rosa_systemd() -+{ -+ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount -+ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd.service -+ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket -+ chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket -+ # remove numlock service -+ # KDGKBLED: Inappropriate ioctl for device -+ rm -f ${rootfs_path}/etc/systemd/system/getty@.service.d/enable-numlock.conf -+ -+ unlink ${rootfs_path}/etc/systemd/system/default.target -+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target -+ sed -i 's!ConditionPathExists=/dev/tty0!ConditionPathExists=|/dev/tty0\nConditionVirtualization=|lxc!' \ -+ ${rootfs_path}/lib/systemd/system/getty\@.service -+} -+ -+configure_rosa_network_service() -+{ -+chroot ${rootfs_path} chkconfig network --level 01234567 on -+} -+ -+ -+install_rosa() -+{ -+ mkdir -p @LOCALSTATEDIR@/lock/subsys/ -+ ( -+ flock -x 9 -+ if [ $? -ne 0 ]; then -+ echo "Cache repository is busy." -+ return 1 -+ fi -+ -+ echo "Checking cache download in $cache/rootfs ... " -+ if [ ! -e "$cache/rootfs" ]; then -+ echo $cache/rootfs -+ create_chroot_rosa -+ if [ $? -ne 0 ]; then -+ echo "Failed to download 'Rosa basesystem-minimal'" -+ return 1 -+ fi -+ else -+ echo "Cache found. Updating..." -+ update_rosa -+ if [ $? -ne 0 ]; then -+ echo "Failed to update 'Rosa base', continuing with last known good cache" -+ else -+ echo "Update finished" -+ fi -+ fi -+ -+ echo "Copy $cache/rootfs to $rootfs_path ... " -+ copy_rosa -+ if [ $? -ne 0 ]; then -+ echo "Failed to copy rootfs" -+ return 1 -+ fi -+ return 0 -+ ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-rosa -+ -+ return $? -+} -+ -+copy_configuration() -+{ -+ -+ mkdir -p $config_path -+ grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config -+ sed -i '/lxc.network.type = empty/d' $config_path/config -+ cat <> $config_path/config -+lxc.utsname = $name -+lxc.tty = 4 -+lxc.pts = 1024 -+lxc.cap.drop = sys_module mac_admin mac_override sys_time -+lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed -+ -+# When using LXC with apparmor, uncomment the next line to run unconfined: -+#lxc.aa_profile = unconfined -+ -+#networking -+lxc.network.type = $lxc_network_type -+lxc.network.flags = up -+#lxc.network.link = $lxc_network_link -+#lxc.network.name = eth0 -+#lxc.network.mtu = 1500 -+EOF -+if [ ! -z ${ipv4} ]; then -+ cat <> $config_path/config -+lxc.network.ipv4 = $ipv4 -+EOF -+fi -+if [ ! -z ${gw} ]; then -+ cat <> $config_path/config -+lxc.network.ipv4.gateway = $gw -+EOF -+fi -+if [ ! -z ${ipv6} ]; then -+ cat <> $config_path/config -+lxc.network.ipv6 = $ipv6 -+EOF -+fi -+if [ ! -z ${gw6} ]; then -+ cat <> $config_path/config -+lxc.network.ipv6.gateway = $gw6 -+EOF -+fi -+ cat <> $config_path/config -+#cgroups -+lxc.cgroup.devices.deny = a -+# /dev/null and zero -+lxc.cgroup.devices.allow = c 1:3 rwm -+lxc.cgroup.devices.allow = c 1:5 rwm -+# consoles -+lxc.cgroup.devices.allow = c 5:1 rwm -+lxc.cgroup.devices.allow = c 5:0 rwm -+lxc.cgroup.devices.allow = c 4:0 rwm -+lxc.cgroup.devices.allow = c 4:1 rwm -+# /dev/{,u}random -+lxc.cgroup.devices.allow = c 1:9 rwm -+lxc.cgroup.devices.allow = c 1:8 rwm -+lxc.cgroup.devices.allow = c 136:* rwm -+lxc.cgroup.devices.allow = c 5:2 rwm -+# rtc -+lxc.cgroup.devices.allow = c 10:135 rwm -+EOF -+ -+ if [ $? -ne 0 ]; then -+ echo "Failed to add configuration" -+ return 1 -+ fi -+ -+ return 0 -+} -+ -+clean() -+{ -+ -+ if [ ! -e $cache ]; then -+ exit 0 -+ fi -+ -+ # lock, so we won't purge while someone is creating a repository -+ ( -+ flock -x 9 -+ if [ $? != 0 ]; then -+ echo "Cache repository is busy." -+ exit 1 -+ fi -+ -+ echo -n "Purging the download cache for Rosa $release..." -+ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 -+ exit 0 -+ ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-rosa -+} -+ -+usage() -+{ -+ cat < -+ [-p|--path=] [-c|--clean] [-R|--release=] -+ [-4|--ipv4=] [-6|--ipv6=] -+ [-g|--gw=] [-d|--dns=] -+ [-P|--profile=] [--rootfs=] -+ [-A|--arch=] -+ [-h|--help] -+Mandatory args: -+ -n,--name container name, used to as an identifier for that container from now on -+Optional args: -+ -p,--path path to where the container rootfs will be created, defaults to @LXCPATH@. The container config will go under @LXCPATH@ in that case -+ -c,--clean clean the cache -+ -R,--release rosa2014.1/rosa2016.1 release for the new container, defaults to the same as of host machine -+ -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24 -+ -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64 -+ -g,--gw specify the default gw, eg. 192.168.1.1 -+ -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596 -+ -d,--dns specify the DNS server, eg. 192.168.1.2 -+ -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache. -+ -A,--arch Define what arch the container will be [i586,x86_64,armv7l,armv7hl] -+ ---rootfs rootfs path -+ -h,--help print this help -+EOF -+ return 0 -+} -+ -+options=$(getopt -o hp:n:P:cR:4:6:g:d:A -l help,rootfs:,path:,name:,profile:,clean:,release:,ipv4:,ipv6:,gw:,dns:,arch: -- "$@") -+if [ $? -ne 0 ]; then -+ usage $(basename $0) -+ exit 1 -+fi -+eval set -- "$options" -+ -+release=${release:-"cooker"} -+if [ -f /etc/lsb-release ]; then -+ . /etc/lsb-release -+ if [ "$DISTRIB_ID" = "RosaDesktopFresh" ]; then -+ echo "Choosing $DISTRIB_DESCRIPTION" -+ release=rosa2016.1 -+ else -+ echo "Cannot reliably determine running distribution, will default to Rosa Fresh" -+ release=rosa2016.1 -+ fi -+fi -+ -+while true -+do -+ case "$1" in -+ -h|--help) usage $0 && exit 0;; -+ -p|--path) path=$2; shift 2;; -+ --rootfs) rootfs_path=$2; shift 2;; -+ -n|--name) name=$2; shift 2;; -+ -P|--profile) profile=$2; shift 2;; -+ -c|--clean) clean=1; shift 1;; -+ -R|--release) release=$2; shift 2;; -+ -A|--arch) arch=$2; shift 2;; -+ -4|--ipv4) ipv4=$2; shift 2;; -+ -6|--ipv6) ipv6=$2; shift 2;; -+ -g|--gw) gw=$2; shift 2;; -+ -d|--dns) dns=$2; shift 2;; -+ --) shift 1; break ;; -+ *) break ;; -+ esac -+done -+ -+arch=${arch:-$hostarch} -+ -+if [ ! -z "$clean" -a -z "$path" ]; then -+ clean || exit 1 -+ exit 0 -+fi -+ -+if [ -z "${utsname}" ]; then -+ utsname=${name} -+fi -+ -+type urpmi >/dev/null 2>&1 -+if [ $? -ne 0 ]; then -+ echo "'urpmi' command is missing" -+ exit 1 -+fi -+ -+if [ -z "$path" ]; then -+ path=$default_path -+fi -+ -+if [ -z "$profile" ]; then -+ profile=$default_profile -+fi -+ -+if [ $hostarch = "i586" -a $arch = "x86_64" ]; then -+ echo "can't create x86_64 container on i586" -+ exit 1 -+fi -+ -+if [ -z "$ipv4" -a -z "$ipv6" ]; then -+ BOOTPROTO="dhcp" -+else -+ BOOTPROTO="static" -+fi -+ -+if [ "$(id -u)" != "0" ]; then -+ echo "This script should be run as 'root'" -+ exit 1 -+fi -+ -+# check for 'lxc.rootfs' passed in through default config by lxc-create -+if [ -z "$rootfs_path" ]; then -+ if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then -+ rootfs_path=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $path/config) -+ else -+ rootfs_path=$path/$name/rootfs -+ fi -+fi -+ -+config_path=$default_path/$name -+cache=$cache_base/$release/$arch/$profile -+ -+if [ ! -f $config_path/config ]; then -+ echo "A container with that name exists, chose a different name" -+ exit 1 -+fi -+ -+install_rosa -+if [ $? -ne 0 ]; then -+ echo "failed to install Rosa" -+ exit 1 -+fi -+ -+configure_rosa -+if [ $? -ne 0 ]; then -+ echo "failed to configure Rosa for a container" -+ exit 1 -+fi -+ -+# If the systemd configuration directory exists - set it up for what we need. -+if [ -d ${rootfs_path}/etc/systemd/system ] -+then -+ configure_rosa_systemd -+fi -+ -+#for ROSA currently it is required to setup network explicitly, chckconfig is used -+if [ "$release" = "rosa2012.1" ] -+then -+ configure_rosa_network_service -+fi -+ -+populate_dev -+if [ $? -ne 0 ]; then -+ echo "failed to populated /dev/ devices" -+ exit 1 -+fi -+ -+set_guest_root_password -+if [ $? -ne 0 ]; then -+ echo "failed to configure password for chroot" -+ exit 1 -+fi -+ -+copy_configuration -+if [ $? -ne 0 ]; then -+ echo "failed write configuration file" -+ exit 1 -+fi -+ -+if [ ! -z "$clean" ]; then -+ clean || exit 1 -+ exit 0 -+fi -+echo "container rootfs and config created" diff --git a/sysctl-rule b/sysctl-rule new file mode 100644 index 0000000..aaa9e8c --- /dev/null +++ b/sysctl-rule @@ -0,0 +1,4 @@ +# LXC sysctl rule + +# enable IP forwarding for LXC +net.ipv4.ip_forward = 1