1 |
commit: 181fa35d157157f02add732e0b338c6127b51338 |
2 |
Author: Erik Mackdanz <stasibear <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jul 14 02:31:33 2016 +0000 |
4 |
Commit: Erik Mackdanz <stasibear <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jul 14 02:31:33 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=181fa35d |
7 |
|
8 |
app-emulation/lxc: Revbump to repair unit file |
9 |
|
10 |
Gentoo-bug: 588740 |
11 |
|
12 |
Package-Manager: portage-2.3.0 |
13 |
|
14 |
app-emulation/lxc/files/lxc.initd.5 | 119 +++++++++++++++++++ |
15 |
app-emulation/lxc/files/lxc_at.service.4 | 14 +++ |
16 |
app-emulation/lxc/lxc-2.0.3-r1.ebuild | 197 +++++++++++++++++++++++++++++++ |
17 |
3 files changed, 330 insertions(+) |
18 |
|
19 |
diff --git a/app-emulation/lxc/files/lxc.initd.5 b/app-emulation/lxc/files/lxc.initd.5 |
20 |
new file mode 100644 |
21 |
index 0000000..e5a5236 |
22 |
--- /dev/null |
23 |
+++ b/app-emulation/lxc/files/lxc.initd.5 |
24 |
@@ -0,0 +1,119 @@ |
25 |
+#!/sbin/openrc-run |
26 |
+# Copyright 1999-2016 Gentoo Foundation |
27 |
+# Distributed under the terms of the GNU General Public License v2 |
28 |
+# $Id$ |
29 |
+ |
30 |
+CONTAINER=${SVCNAME#*.} |
31 |
+ |
32 |
+LXC_PATH=`lxc-config lxc.lxcpath` |
33 |
+ |
34 |
+lxc_get_configfile() { |
35 |
+ if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then |
36 |
+ echo "${LXC_PATH}/${CONTAINER}.conf" |
37 |
+ elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then |
38 |
+ echo "${LXC_PATH}/${CONTAINER}/config" |
39 |
+ else |
40 |
+ eerror "Unable to find a suitable configuration file." |
41 |
+ eerror "If you set up the container in a non-standard" |
42 |
+ eerror "location, please set the CONFIGFILE variable." |
43 |
+ return 1 |
44 |
+ fi |
45 |
+} |
46 |
+ |
47 |
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)} |
48 |
+ |
49 |
+lxc_get_var() { |
50 |
+ awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} |
51 |
+} |
52 |
+ |
53 |
+lxc_get_net_link_type() { |
54 |
+ awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" } |
55 |
+ $1 == "lxc.network.type" {_type=$2;} |
56 |
+ $1 == "lxc.network.link" {_link=$2;} |
57 |
+ {if(_link != "" && _type != ""){ |
58 |
+ printf("%s:%s\n", _link, _type ); |
59 |
+ _link=""; _type=""; |
60 |
+ }; }' <${CONFIGFILE} |
61 |
+} |
62 |
+ |
63 |
+checkconfig() { |
64 |
+ if [ ${CONTAINER} = ${SVCNAME} ]; then |
65 |
+ eerror "You have to create an init script for each container:" |
66 |
+ eerror " ln -s lxc /etc/init.d/lxc.container" |
67 |
+ return 1 |
68 |
+ fi |
69 |
+ |
70 |
+ # no need to output anything, the function takes care of that. |
71 |
+ [ -z "${CONFIGFILE}" ] && return 1 |
72 |
+ |
73 |
+ utsname=$(lxc_get_var lxc.utsname) |
74 |
+ if [ ${CONTAINER} != ${utsname} ]; then |
75 |
+ eerror "You should use the same name for the service and the" |
76 |
+ eerror "container. Right now the container is called ${utsname}" |
77 |
+ return 1 |
78 |
+ fi |
79 |
+} |
80 |
+ |
81 |
+depend() { |
82 |
+ # be quiet, since we have to run depend() also for the |
83 |
+ # non-muxed init script, unfortunately. |
84 |
+ checkconfig 2>/dev/null || return 0 |
85 |
+ |
86 |
+ config ${CONFIGFILE} |
87 |
+ need localmount |
88 |
+ use lxcfs |
89 |
+ |
90 |
+ local _x _if |
91 |
+ for _x in $(lxc_get_net_link_type); do |
92 |
+ _if=${_x%:*} |
93 |
+ case "${_x##*:}" in |
94 |
+ # when the network type is set to phys, we can make use of a |
95 |
+ # network service (for instance to set it up before we disable |
96 |
+ # the net_admin capability), but we might also not set it up |
97 |
+ # at all on the host and leave the net_admin capable service |
98 |
+ # to take care of it. |
99 |
+ phys) use net.${_if} ;; |
100 |
+ *) need net.${_if} ;; |
101 |
+ esac |
102 |
+ done |
103 |
+} |
104 |
+ |
105 |
+start() { |
106 |
+ checkconfig || return 1 |
107 |
+ rm -f /var/log/lxc/${CONTAINER}.log |
108 |
+ |
109 |
+ rootpath=$(lxc_get_var lxc.rootfs) |
110 |
+ |
111 |
+ # Check the format of our init and the chroot's init, to see |
112 |
+ # if we have to use linux32 or linux64; always use setarch |
113 |
+ # when required, as that makes it easier to deal with |
114 |
+ # x32-based containers. |
115 |
+ case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in |
116 |
+ EM_X86_64) setarch=linux64;; |
117 |
+ EM_386) setarch=linux32;; |
118 |
+ esac |
119 |
+ |
120 |
+ ebegin "Starting ${CONTAINER}" |
121 |
+ env -i ${setarch} $(which lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log |
122 |
+ sleep 0.5 |
123 |
+ |
124 |
+ # lxc-start -d will _always_ report a correct startup, even if it |
125 |
+ # failed, so rather than trust that, check that the cgroup exists. |
126 |
+ [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ] |
127 |
+ eend $? |
128 |
+} |
129 |
+ |
130 |
+stop() { |
131 |
+ checkconfig || return 1 |
132 |
+ |
133 |
+ |
134 |
+ if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then |
135 |
+ ewarn "${CONTAINER} doesn't seem to be started." |
136 |
+ return 0 |
137 |
+ fi |
138 |
+ |
139 |
+ # 10s should be enough to shut everything down |
140 |
+ ebegin "Stopping ${CONTAINER}" |
141 |
+ lxc-stop -t 10 -n ${CONTAINER} |
142 |
+ eend $? |
143 |
+} |
144 |
|
145 |
diff --git a/app-emulation/lxc/files/lxc_at.service.4 b/app-emulation/lxc/files/lxc_at.service.4 |
146 |
new file mode 100644 |
147 |
index 0000000..64ae745 |
148 |
--- /dev/null |
149 |
+++ b/app-emulation/lxc/files/lxc_at.service.4 |
150 |
@@ -0,0 +1,14 @@ |
151 |
+[Unit] |
152 |
+Description=Linux Container %I |
153 |
+After=network.target |
154 |
+Wants=lxcfs.service |
155 |
+ |
156 |
+[Service] |
157 |
+Restart=always |
158 |
+ExecStart=/usr/bin/lxc-start -n %i -F |
159 |
+ExecReload=/usr/bin/lxc-restart -n %i |
160 |
+ExecStop=/usr/bin/lxc-stop -n %i |
161 |
+Delegate=yes |
162 |
+ |
163 |
+[Install] |
164 |
+WantedBy=multi-user.target |
165 |
|
166 |
diff --git a/app-emulation/lxc/lxc-2.0.3-r1.ebuild b/app-emulation/lxc/lxc-2.0.3-r1.ebuild |
167 |
new file mode 100644 |
168 |
index 0000000..17805be |
169 |
--- /dev/null |
170 |
+++ b/app-emulation/lxc/lxc-2.0.3-r1.ebuild |
171 |
@@ -0,0 +1,197 @@ |
172 |
+# Copyright 1999-2016 Gentoo Foundation |
173 |
+# Distributed under the terms of the GNU General Public License v2 |
174 |
+# $Id$ |
175 |
+ |
176 |
+EAPI="5" |
177 |
+ |
178 |
+MY_P="${P/_/-}" |
179 |
+PYTHON_COMPAT=( python{3_3,3_4,3_5} ) |
180 |
+DISTUTILS_OPTIONAL=1 |
181 |
+ |
182 |
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd |
183 |
+ |
184 |
+DESCRIPTION="LinuX Containers userspace utilities" |
185 |
+HOMEPAGE="https://linuxcontainers.org/" |
186 |
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz" |
187 |
+ |
188 |
+KEYWORDS="~amd64 ~arm ~arm64" |
189 |
+ |
190 |
+LICENSE="LGPL-3" |
191 |
+SLOT="0" |
192 |
+IUSE="cgmanager doc examples lua python seccomp" |
193 |
+ |
194 |
+RDEPEND="net-libs/gnutls |
195 |
+ sys-libs/libcap |
196 |
+ cgmanager? ( app-admin/cgmanager ) |
197 |
+ lua? ( >=dev-lang/lua-5.1:= ) |
198 |
+ python? ( ${PYTHON_DEPS} ) |
199 |
+ seccomp? ( sys-libs/libseccomp )" |
200 |
+ |
201 |
+DEPEND="${RDEPEND} |
202 |
+ doc? ( app-text/docbook-sgml-utils ) |
203 |
+ >=sys-kernel/linux-headers-3.2" |
204 |
+ |
205 |
+RDEPEND="${RDEPEND} |
206 |
+ sys-process/criu |
207 |
+ sys-apps/util-linux |
208 |
+ app-misc/pax-utils |
209 |
+ virtual/awk" |
210 |
+ |
211 |
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE |
212 |
+ ~CPUSETS ~CGROUP_CPUACCT |
213 |
+ ~CGROUP_SCHED |
214 |
+ |
215 |
+ ~NAMESPACES |
216 |
+ ~IPC_NS ~USER_NS ~PID_NS |
217 |
+ |
218 |
+ ~NETLINK_DIAG ~PACKET_DIAG |
219 |
+ ~INET_UDP_DIAG ~INET_TCP_DIAG |
220 |
+ ~UNIX_DIAG ~CHECKPOINT_RESTORE |
221 |
+ |
222 |
+ ~DEVPTS_MULTIPLE_INSTANCES |
223 |
+ ~CGROUP_FREEZER |
224 |
+ ~UTS_NS ~NET_NS |
225 |
+ ~VETH ~MACVLAN |
226 |
+ |
227 |
+ ~POSIX_MQUEUE |
228 |
+ ~!NETPRIO_CGROUP |
229 |
+ |
230 |
+ ~!GRKERNSEC_CHROOT_MOUNT |
231 |
+ ~!GRKERNSEC_CHROOT_DOUBLE |
232 |
+ ~!GRKERNSEC_CHROOT_PIVOT |
233 |
+ ~!GRKERNSEC_CHROOT_CHMOD |
234 |
+ ~!GRKERNSEC_CHROOT_CAPS |
235 |
+ ~!GRKERNSEC_PROC |
236 |
+ ~!GRKERNSEC_SYSFS_RESTRICT |
237 |
+" |
238 |
+ |
239 |
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" |
240 |
+ |
241 |
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" |
242 |
+ |
243 |
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" |
244 |
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" |
245 |
+ |
246 |
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" |
247 |
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" |
248 |
+ |
249 |
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG: needed for lxc-checkpoint" |
250 |
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG: needed for lxc-checkpoint" |
251 |
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG: needed for lxc-checkpoint" |
252 |
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG: needed for lxc-checkpoint" |
253 |
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG: needed for lxc-checkpoint" |
254 |
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE: needed for lxc-checkpoint" |
255 |
+ |
256 |
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" |
257 |
+ |
258 |
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP: as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting." |
259 |
+ |
260 |
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT: some GRSEC features make LXC unusable see postinst notes" |
261 |
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC features make LXC unusable see postinst notes" |
262 |
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" |
263 |
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" |
264 |
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" |
265 |
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" |
266 |
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers" |
267 |
+ |
268 |
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) |
269 |
+ |
270 |
+S="${WORKDIR}/${PN}-${MY_P}" |
271 |
+ |
272 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
273 |
+ |
274 |
+src_prepare() { |
275 |
+ epatch "${FILESDIR}"/${P}-bash-completion.patch |
276 |
+ #558854 |
277 |
+ epatch "${FILESDIR}"/${P}-omit-sysconfig.patch |
278 |
+ eautoreconf |
279 |
+} |
280 |
+ |
281 |
+src_configure() { |
282 |
+ append-flags -fno-strict-aliasing |
283 |
+ |
284 |
+ if use python; then |
285 |
+ #541932 |
286 |
+ python_setup "python3*" |
287 |
+ export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}" |
288 |
+ fi |
289 |
+ |
290 |
+ # I am not sure about the --with-rootfs-path |
291 |
+ # /var/lib/lxc is probably more appropriate than |
292 |
+ # /usr/lib/lxc. |
293 |
+ econf \ |
294 |
+ --localstatedir=/var \ |
295 |
+ --bindir=/usr/bin \ |
296 |
+ --sbindir=/usr/bin \ |
297 |
+ --docdir=/usr/share/doc/${PF} \ |
298 |
+ --with-config-path=/var/lib/lxc \ |
299 |
+ --with-rootfs-path=/var/lib/lxc/rootfs \ |
300 |
+ --with-distro=gentoo \ |
301 |
+ --with-runtime-path=/run \ |
302 |
+ --disable-apparmor \ |
303 |
+ $(use_enable cgmanager) \ |
304 |
+ $(use_enable doc) \ |
305 |
+ $(use_enable examples) \ |
306 |
+ $(use_enable lua) \ |
307 |
+ $(use_enable python) \ |
308 |
+ $(use_enable seccomp) |
309 |
+} |
310 |
+ |
311 |
+python_compile() { |
312 |
+ distutils-r1_python_compile build_ext -I ../ -L ../${PN} |
313 |
+} |
314 |
+ |
315 |
+src_compile() { |
316 |
+ default |
317 |
+ |
318 |
+ if use python; then |
319 |
+ pushd "${S}/src/python-${PN}" > /dev/null |
320 |
+ distutils-r1_src_compile |
321 |
+ popd > /dev/null |
322 |
+ fi |
323 |
+} |
324 |
+ |
325 |
+src_install() { |
326 |
+ default |
327 |
+ |
328 |
+ mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die |
329 |
+ # start-ephemeral is no longer a command but removing it here |
330 |
+ # generates QA warnings (still in upstream completion script) |
331 |
+ bashcomp_alias ${PN}-start \ |
332 |
+ ${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait} |
333 |
+ |
334 |
+ if use python; then |
335 |
+ pushd "${S}/src/python-lxc" > /dev/null |
336 |
+ # Unset DOCS. This has been handled by the default target |
337 |
+ unset DOCS |
338 |
+ distutils-r1_src_install |
339 |
+ popd > /dev/null |
340 |
+ fi |
341 |
+ |
342 |
+ keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc |
343 |
+ |
344 |
+ find "${D}" -name '*.la' -delete |
345 |
+ |
346 |
+ # Gentoo-specific additions! |
347 |
+ newinitd "${FILESDIR}/${PN}.initd.5" ${PN} |
348 |
+ |
349 |
+ # Remember to compare our systemd unit file with the upstream one |
350 |
+ # config/init/systemd/lxc.service.in |
351 |
+ systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service" |
352 |
+} |
353 |
+ |
354 |
+pkg_postinst() { |
355 |
+ elog "" |
356 |
+ elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been" |
357 |
+ elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc" |
358 |
+ elog "please add the following to your /etc/lxc/default.conf" |
359 |
+ elog "lxc.lxcpath = /etc/lxc" |
360 |
+ elog "" |
361 |
+ elog "There is an init script provided with the package now; no documentation" |
362 |
+ elog "is currently available though, so please check out /etc/init.d/lxc ." |
363 |
+ elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname" |
364 |
+ elog "to start the container defined into /etc/lxc/configname.conf ." |
365 |
+ elog "For further information about LXC development see" |
366 |
+ elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available |
367 |
+ elog "" |
368 |
+} |