[gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/ - gentoo-commits

From:	Joonas Niilola <juippis@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
Date:	Mon, 04 Oct 2021 05:40:58
Message-Id:	`1633326020.4dc7966809327f076560b08c54b9823c05a53472.juippis@gentoo`

1

commit:     4dc7966809327f076560b08c54b9823c05a53472

2

Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>

3

AuthorDate: Mon Oct  4 05:35:35 2021 +0000

4

Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>

5

CommitDate: Mon Oct  4 05:40:20 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dc79668

7

8

app-emulation/lxc: drop 4.0.9-r1

9

10

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

11

12

 app-emulation/lxc/Manifest                         |   2 -

13

 ...lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch |  93 -----------

14

 app-emulation/lxc/lxc-4.0.9-r1.ebuild              | 174 ---------------------

15

 3 files changed, 269 deletions(-)

16

17

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest

18

index 09e200675c9..4733a92e509 100644

19

--- a/app-emulation/lxc/Manifest

20

+++ b/app-emulation/lxc/Manifest

21

@@ -1,4 +1,2 @@

22

 DIST lxc-4.0.10.tar.gz 1515002 BLAKE2B 2a5b94ad767c8a11a5c34d19f12d812bd284337045ad5021c80a5f69be608085ac465edde8c385cc558e45638c9f061793c0c9db616ccbe0614554b4fbf62005 SHA512 ec3ccf344a91b50b30985562c54ad93d2db2d29c24d31da8e3a69e801c8bd23c1560274c1850c39eb7e984940ba86d3ebae75db136320d6bbc5eb03bda4c5318

23

 DIST lxc-4.0.10.tar.gz.asc 833 BLAKE2B 3dd6e8793d1b725ab9eb73d4fa78ce2767bf830fb70d6cc7052e70d2adbc46e4fcf6d986595322b64cb9c71417b801ef6ee3c7612c46dbeb10acba01a5bd69e0 SHA512 dd2d3ac4e066eca4e0358c9a2c371a227d3a0b5cf6e452fe34fa5c8cff46e25fa0555c9f707511a8603348fa969c1e7abf85ad7d27fdcaff613b733066861608

24

-DIST lxc-4.0.9.tar.gz 1500310 BLAKE2B 3796d36b6f76ec595dc28207e66ec9f5a7c1a39f5c5ebc851638c519be35f59b4ec06a71b2866cd8fef0a6140f61fd4b70c900f5a8ffd42d7da7a30d3ff59975 SHA512 4ef9d9efdd4118fdffde8b49c6ae71cf5eb060be51daaa4f4ceb804c743fbf3278e6518e6a694faefc720f2834f98ac48d67842d589a2120b8f7ec4c3b61fa84

25

-DIST lxc-4.0.9.tar.gz.asc 833 BLAKE2B 2d275c968831410d987aa7f8062f4e35ba15043f92f38fd3bdd6bf80964906741d05ccd93789132d421ee1c8778cec6a2e76c4f0eb2165cf0107261495fa6856 SHA512 4c90dfbdba90959ee8df5da8ca8b240f65ab03ab91637833c677e2a73592c09f9c5a55b9a261be6efb0888156c916223ff1aa9003b18d46e667908aaa550c944

26

27

diff --git a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch b/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch

28

deleted file mode 100644

29

index 6fba3c4154a..00000000000

30

--- a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch

31

+++ /dev/null

32

@@ -1,93 +0,0 @@

33

-From 91ad9b94bcd964adfbaa8d84d8f39304d39835d0 Mon Sep 17 00:00:00 2001

34

-From: Christian Brauner <christian.brauner@××××××.com>

35

-Date: Thu, 6 May 2021 18:16:45 +0200

36

-Subject: [PATCH] conf: handle kernels with CAP_SETFCAP

37

-

38

-LXC is being very clever and sometimes maps the caller's uid into the

39

-child userns. This means that the caller can technically write fscaps

40

-that are valid in the ancestor userns (which can be a security issue in

41

-some scenarios) so newer kernels require CAP_SETFCAP to do this. Until

42

-newuidmap/newgidmap are updated to account for this simply write the

43

-mapping directly in this case.

44

-

45

-Cc: stable-4.0

46

-Signed-off-by: Christian Brauner <christian.brauner@××××××.com>

47

----

48

- src/lxc/conf.c | 25 ++++++++++++++++++++-----

49

- 1 file changed, 20 insertions(+), 5 deletions(-)

50

-

51

-diff --git a/src/lxc/conf.c b/src/lxc/conf.c

52

-index 72e21b5300..f388946970 100644

53

---- a/src/lxc/conf.c

54

-+++ b/src/lxc/conf.c

55

-@@ -2978,6 +2978,9 @@ static int lxc_map_ids_exec_wrapper(void *args)

56

- 	return -1;

57

- }

58

-

59

-+static struct id_map *find_mapped_hostid_entry(const struct lxc_list *idmap,

60

-+					       unsigned id, enum idtype idtype);

61

-+

62

- int lxc_map_ids(struct lxc_list *idmap, pid_t pid)

63

- {

64

- 	int fill, left;

65

-@@ -2991,12 +2994,22 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)

66

- 	char mapbuf[STRLITERALLEN("new@idmap") + STRLITERALLEN(" ") +

67

- 		    INTTYPE_TO_STRLEN(pid_t) + STRLITERALLEN(" ") +

68

- 		    LXC_IDMAPLEN] = {0};

69

--	bool had_entry = false, use_shadow = false;

70

-+	bool had_entry = false, maps_host_root = false, use_shadow = false;

71

- 	int hostuid, hostgid;

72

-

73

- 	hostuid = geteuid();

74

- 	hostgid = getegid();

75

-

76

-+	/*

77

-+	 * Check whether caller wants to map host root.

78

-+	 * Due to a security fix newer kernels require CAP_SETFCAP when mapping

79

-+	 * host root into the child userns as you would be able to write fscaps

80

-+	 * that would be valid in the ancestor userns. Mapping host root should

81

-+	 * rarely be the case but LXC is being clever in a bunch of cases.

82

-+	 */

83

-+	if (find_mapped_hostid_entry(idmap, 0, ID_TYPE_UID))

84

-+		maps_host_root = true;

85

-+

86

- 	/* If new{g,u}idmap exists, that is, if shadow is handing out subuid

87

- 	 * ranges, then insist that root also reserve ranges in subuid. This

88

- 	 * will protected it by preventing another user from being handed the

89

-@@ -3014,7 +3027,9 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)

90

- 	else if (!gidmap)

91

- 		WARN("newgidmap is lacking necessary privileges");

92

-

93

--	if (uidmap > 0 && gidmap > 0) {

94

-+	if (maps_host_root) {

95

-+		INFO("Caller maps host root. Writing mapping directly");

96

-+	} else if (uidmap > 0 && gidmap > 0) {

97

- 		DEBUG("Functional newuidmap and newgidmap binary found");

98

- 		use_shadow = true;

99

- 	} else {

100

-@@ -4229,14 +4244,14 @@ static struct id_map *mapped_nsid_add(const struct lxc_conf *conf, unsigned id,

101

- 	return retmap;

102

- }

103

-

104

--static struct id_map *find_mapped_hostid_entry(const struct lxc_conf *conf,

105

-+static struct id_map *find_mapped_hostid_entry(const struct lxc_list *idmap,

106

- 					       unsigned id, enum idtype idtype)

107

- {

108

- 	struct id_map *map;

109

- 	struct lxc_list *it;

110

- 	struct id_map *retmap = NULL;

111

-

112

--	lxc_list_for_each (it, &conf->id_map) {

113

-+	lxc_list_for_each (it, idmap) {

114

- 		map = it->elem;

115

- 		if (map->idtype != idtype)

116

- 			continue;

117

-@@ -4265,7 +4280,7 @@ static struct id_map *mapped_hostid_add(const struct lxc_conf *conf, uid_t id,

118

- 		return NULL;

119

-

120

- 	/* Reuse existing mapping. */

121

--	tmp = find_mapped_hostid_entry(conf, id, type);

122

-+	tmp = find_mapped_hostid_entry(&conf->id_map, id, type);

123

- 	if (tmp) {

124

- 		memcpy(entry, tmp, sizeof(*entry));

125

- 	} else {

126

127

diff --git a/app-emulation/lxc/lxc-4.0.9-r1.ebuild b/app-emulation/lxc/lxc-4.0.9-r1.ebuild

128

deleted file mode 100644

129

index 243fd583e98..00000000000

130

--- a/app-emulation/lxc/lxc-4.0.9-r1.ebuild

131

+++ /dev/null

132

@@ -1,174 +0,0 @@

133

-# Copyright 1999-2021 Gentoo Authors

134

-# Distributed under the terms of the GNU General Public License v2

135

-

136

-EAPI=7

137

-

138

-inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig

139

-

140

-DESCRIPTION="A userspace interface for the Linux kernel containment features"

141

-HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"

142

-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz

143

-	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"

144

-

145

-KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"

146

-

147

-LICENSE="LGPL-3"

148

-SLOT="0"

149

-IUSE="apparmor +caps doc man pam selinux +ssl +tools verify-sig"

150

-

151

-RDEPEND="acct-group/lxc

152

-	acct-user/lxc

153

-	app-misc/pax-utils

154

-	sys-apps/util-linux

155

-	sys-libs/libcap

156

-	sys-libs/libseccomp

157

-	virtual/awk

158

-	caps? ( sys-libs/libcap )

159

-	pam? ( sys-libs/pam )

160

-	selinux? ( sys-libs/libselinux )

161

-	ssl? (

162

-		dev-libs/openssl:0=

163

-	)"

164

-DEPEND="${RDEPEND}

165

-	>=sys-kernel/linux-headers-4

166

-	apparmor? ( sys-apps/apparmor )"

167

-BDEPEND="doc? ( app-doc/doxygen )

168

-	man? ( app-text/docbook-sgml-utils )

169

-	verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )"

170

-

171

-CONFIG_CHECK="~!NETPRIO_CGROUP

172

-	~CGROUPS

173

-	~CGROUP_CPUACCT

174

-	~CGROUP_DEVICE

175

-	~CGROUP_FREEZER

176

-

177

-	~CGROUP_SCHED

178

-	~CPUSETS

179

-	~IPC_NS

180

-	~MACVLAN

181

-

182

-	~MEMCG

183

-	~NAMESPACES

184

-	~NET_NS

185

-	~PID_NS

186

-

187

-	~POSIX_MQUEUE

188

-	~USER_NS

189

-	~UTS_NS

190

-	~VETH"

191

-

192

-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"

193

-ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"

194

-ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"

195

-ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"

196

-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"

197

-ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"

198

-ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"

199

-

200

-DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )

201

-

202

-pkg_setup() {

203

-	linux-info_pkg_setup

204

-}

205

-

206

-PATCHES=(

207

-	"${FILESDIR}"/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch # bug 789012

208

-	"${FILESDIR}"/${PN}-3.0.0-bash-completion.patch

209

-	"${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854

210

-)

211

-

212

-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc

213

-

214

-src_prepare() {

215

-	default

216

-	eautoreconf

217

-}

218

-

219

-src_configure() {

220

-	append-flags -fno-strict-aliasing

221

-

222

-	local myeconfargs=(

223

-		--bindir=/usr/bin

224

-		--localstatedir=/var

225

-		--sbindir=/usr/bin

226

-

227

-		--with-config-path=/var/lib/lxc

228

-		--with-distro=gentoo

229

-		--with-init-script=systemd

230

-		--with-rootfs-path=/var/lib/lxc/rootfs

231

-		--with-runtime-path=/run

232

-		--with-systemdsystemunitdir=$(systemd_get_systemunitdir)

233

-

234

-		--disable-coverity-build

235

-		--disable-dlog

236

-		--disable-fuzzers

237

-		--disable-mutex-debugging

238

-		--disable-no-undefined

239

-		--disable-rpath

240

-		--disable-sanitizers

241

-		--disable-tests

242

-		--disable-werror

243

-

244

-		--enable-bash

245

-		--enable-commands

246

-		--enable-memfd-rexec

247

-		--enable-seccomp

248

-		--enable-thread-safety

249

-

250

-		$(use_enable apparmor)

251

-		$(use_enable caps capabilities)

252

-		$(use_enable doc api-docs)

253

-		$(use_enable doc examples)

254

-		$(use_enable man doc)

255

-		$(use_enable pam)

256

-		$(use_enable selinux)

257

-		$(use_enable ssl openssl)

258

-		$(use_enable tools)

259

-

260

-		$(use_with pam pamdir $(getpam_mod_dir))

261

-	)

262

-

263

-	econf "${myeconfargs[@]}"

264

-}

265

-

266

-src_install() {

267

-	default

268

-

269

-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die

270

-	bashcomp_alias ${PN}-start \

271

-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}

272

-

273

-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc

274

-	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"

275

-

276

-	find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die

277

-

278

-	# Gentoo-specific additions!

279

-	newinitd "${FILESDIR}/${PN}.initd.8" ${PN}

280

-

281

-	# Remember to compare our systemd unit file with the upstream one

282

-	# config/init/systemd/lxc.service.in

283

-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4.0.0 "lxc@.service"

284

-

285

-	DOC_CONTENTS="

286

-		For openrc, there is an init script provided with the package.

287

-		You should only need to symlink /etc/init.d/lxc to

288

-		/etc/init.d/lxc.configname to start the container defined in

289

-		/etc/lxc/configname.conf.

290

-

291

-		Correspondingly, for systemd a service file lxc@.service is installed.

292

-		Enable and start lxc@configname in order to start the container defined

293

-		in /etc/lxc/configname.conf."

294

-	DISABLE_AUTOFORMATTING=true

295

-	readme.gentoo_create_doc

296

-}

297

-

298

-pkg_postinst() {

299

-	readme.gentoo_print_elog

300

-

301

-	elog "Please run 'lxc-checkconfig' to see optional kernel features."

302

-	elog

303

-	optfeature "automatic template scripts" app-emulation/lxc-templates

304

-	optfeature "Debian-based distribution container image support" dev-util/debootstrap

305

-	optfeature "snapshot & restore functionality" sys-process/criu

306

-}

1	commit: 4dc7966809327f076560b08c54b9823c05a53472
2	Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
3	AuthorDate: Mon Oct 4 05:35:35 2021 +0000
4	Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
5	CommitDate: Mon Oct 4 05:40:20 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dc79668
7
8	app-emulation/lxc: drop 4.0.9-r1
9
10	Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
11
12	app-emulation/lxc/Manifest \| 2 -
13	...lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch \| 93 -----------
14	app-emulation/lxc/lxc-4.0.9-r1.ebuild \| 174 ---------------------
15	3 files changed, 269 deletions(-)
16
17	diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
18	index 09e200675c9..4733a92e509 100644
19	--- a/app-emulation/lxc/Manifest
20	+++ b/app-emulation/lxc/Manifest
21	@@ -1,4 +1,2 @@
22	DIST lxc-4.0.10.tar.gz 1515002 BLAKE2B 2a5b94ad767c8a11a5c34d19f12d812bd284337045ad5021c80a5f69be608085ac465edde8c385cc558e45638c9f061793c0c9db616ccbe0614554b4fbf62005 SHA512 ec3ccf344a91b50b30985562c54ad93d2db2d29c24d31da8e3a69e801c8bd23c1560274c1850c39eb7e984940ba86d3ebae75db136320d6bbc5eb03bda4c5318
23	DIST lxc-4.0.10.tar.gz.asc 833 BLAKE2B 3dd6e8793d1b725ab9eb73d4fa78ce2767bf830fb70d6cc7052e70d2adbc46e4fcf6d986595322b64cb9c71417b801ef6ee3c7612c46dbeb10acba01a5bd69e0 SHA512 dd2d3ac4e066eca4e0358c9a2c371a227d3a0b5cf6e452fe34fa5c8cff46e25fa0555c9f707511a8603348fa969c1e7abf85ad7d27fdcaff613b733066861608
24	-DIST lxc-4.0.9.tar.gz 1500310 BLAKE2B 3796d36b6f76ec595dc28207e66ec9f5a7c1a39f5c5ebc851638c519be35f59b4ec06a71b2866cd8fef0a6140f61fd4b70c900f5a8ffd42d7da7a30d3ff59975 SHA512 4ef9d9efdd4118fdffde8b49c6ae71cf5eb060be51daaa4f4ceb804c743fbf3278e6518e6a694faefc720f2834f98ac48d67842d589a2120b8f7ec4c3b61fa84
25	-DIST lxc-4.0.9.tar.gz.asc 833 BLAKE2B 2d275c968831410d987aa7f8062f4e35ba15043f92f38fd3bdd6bf80964906741d05ccd93789132d421ee1c8778cec6a2e76c4f0eb2165cf0107261495fa6856 SHA512 4c90dfbdba90959ee8df5da8ca8b240f65ab03ab91637833c677e2a73592c09f9c5a55b9a261be6efb0888156c916223ff1aa9003b18d46e667908aaa550c944
26
27	diff --git a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch b/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch
28	deleted file mode 100644
29	index 6fba3c4154a..00000000000
30	--- a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch
31	+++ /dev/null
32	@@ -1,93 +0,0 @@
33	-From 91ad9b94bcd964adfbaa8d84d8f39304d39835d0 Mon Sep 17 00:00:00 2001
34	-From: Christian Brauner <christian.brauner@××××××.com>
35	-Date: Thu, 6 May 2021 18:16:45 +0200
36	-Subject: [PATCH] conf: handle kernels with CAP_SETFCAP
37	-
38	-LXC is being very clever and sometimes maps the caller's uid into the
39	-child userns. This means that the caller can technically write fscaps
40	-that are valid in the ancestor userns (which can be a security issue in
41	-some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
42	-newuidmap/newgidmap are updated to account for this simply write the
43	-mapping directly in this case.
44	-
45	-Cc: stable-4.0
46	-Signed-off-by: Christian Brauner <christian.brauner@××××××.com>
47	----
48	- src/lxc/conf.c \| 25 ++++++++++++++++++++-----
49	- 1 file changed, 20 insertions(+), 5 deletions(-)
50	-
51	-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
52	-index 72e21b5300..f388946970 100644
53	---- a/src/lxc/conf.c
54	-+++ b/src/lxc/conf.c
55	-@@ -2978,6 +2978,9 @@ static int lxc_map_ids_exec_wrapper(void *args)
56	- return -1;
57	- }
58	-
59	-+static struct id_map find_mapped_hostid_entry(const struct lxc_list idmap,
60	-+ unsigned id, enum idtype idtype);
61	-+
62	- int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
63	- {
64	- int fill, left;
65	-@@ -2991,12 +2994,22 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
66	- char mapbuf[STRLITERALLEN("new@idmap") + STRLITERALLEN(" ") +
67	- INTTYPE_TO_STRLEN(pid_t) + STRLITERALLEN(" ") +
68	- LXC_IDMAPLEN] = {0};
69	-- bool had_entry = false, use_shadow = false;
70	-+ bool had_entry = false, maps_host_root = false, use_shadow = false;
71	- int hostuid, hostgid;
72	-
73	- hostuid = geteuid();
74	- hostgid = getegid();
75	-
76	-+ /*
77	-+ * Check whether caller wants to map host root.
78	-+ * Due to a security fix newer kernels require CAP_SETFCAP when mapping
79	-+ * host root into the child userns as you would be able to write fscaps
80	-+ * that would be valid in the ancestor userns. Mapping host root should
81	-+ * rarely be the case but LXC is being clever in a bunch of cases.
82	-+ */
83	-+ if (find_mapped_hostid_entry(idmap, 0, ID_TYPE_UID))
84	-+ maps_host_root = true;
85	-+
86	- /* If new{g,u}idmap exists, that is, if shadow is handing out subuid
87	- * ranges, then insist that root also reserve ranges in subuid. This
88	- * will protected it by preventing another user from being handed the
89	-@@ -3014,7 +3027,9 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
90	- else if (!gidmap)
91	- WARN("newgidmap is lacking necessary privileges");
92	-
93	-- if (uidmap > 0 && gidmap > 0) {
94	-+ if (maps_host_root) {
95	-+ INFO("Caller maps host root. Writing mapping directly");
96	-+ } else if (uidmap > 0 && gidmap > 0) {
97	- DEBUG("Functional newuidmap and newgidmap binary found");
98	- use_shadow = true;
99	- } else {
100	-@@ -4229,14 +4244,14 @@ static struct id_map mapped_nsid_add(const struct lxc_conf conf, unsigned id,
101	- return retmap;
102	- }
103	-
104	--static struct id_map find_mapped_hostid_entry(const struct lxc_conf conf,
105	-+static struct id_map find_mapped_hostid_entry(const struct lxc_list idmap,
106	- unsigned id, enum idtype idtype)
107	- {
108	- struct id_map *map;
109	- struct lxc_list *it;
110	- struct id_map *retmap = NULL;
111	-
112	-- lxc_list_for_each (it, &conf->id_map) {
113	-+ lxc_list_for_each (it, idmap) {
114	- map = it->elem;
115	- if (map->idtype != idtype)
116	- continue;
117	-@@ -4265,7 +4280,7 @@ static struct id_map mapped_hostid_add(const struct lxc_conf conf, uid_t id,
118	- return NULL;
119	-
120	- /* Reuse existing mapping. */
121	-- tmp = find_mapped_hostid_entry(conf, id, type);
122	-+ tmp = find_mapped_hostid_entry(&conf->id_map, id, type);
123	- if (tmp) {
124	- memcpy(entry, tmp, sizeof(*entry));
125	- } else {
126
127	diff --git a/app-emulation/lxc/lxc-4.0.9-r1.ebuild b/app-emulation/lxc/lxc-4.0.9-r1.ebuild
128	deleted file mode 100644
129	index 243fd583e98..00000000000
130	--- a/app-emulation/lxc/lxc-4.0.9-r1.ebuild
131	+++ /dev/null
132	@@ -1,174 +0,0 @@
133	-# Copyright 1999-2021 Gentoo Authors
134	-# Distributed under the terms of the GNU General Public License v2
135	-
136	-EAPI=7
137	-
138	-inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig
139	-
140	-DESCRIPTION="A userspace interface for the Linux kernel containment features"
141	-HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
142	-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
143	- verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
144	-
145	-KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
146	-
147	-LICENSE="LGPL-3"
148	-SLOT="0"
149	-IUSE="apparmor +caps doc man pam selinux +ssl +tools verify-sig"
150	-
151	-RDEPEND="acct-group/lxc
152	- acct-user/lxc
153	- app-misc/pax-utils
154	- sys-apps/util-linux
155	- sys-libs/libcap
156	- sys-libs/libseccomp
157	- virtual/awk
158	- caps? ( sys-libs/libcap )
159	- pam? ( sys-libs/pam )
160	- selinux? ( sys-libs/libselinux )
161	- ssl? (
162	- dev-libs/openssl:0=
163	- )"
164	-DEPEND="${RDEPEND}
165	- >=sys-kernel/linux-headers-4
166	- apparmor? ( sys-apps/apparmor )"
167	-BDEPEND="doc? ( app-doc/doxygen )
168	- man? ( app-text/docbook-sgml-utils )
169	- verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )"
170	-
171	-CONFIG_CHECK="~!NETPRIO_CGROUP
172	- ~CGROUPS
173	- ~CGROUP_CPUACCT
174	- ~CGROUP_DEVICE
175	- ~CGROUP_FREEZER
176	-
177	- ~CGROUP_SCHED
178	- ~CPUSETS
179	- ~IPC_NS
180	- ~MACVLAN
181	-
182	- ~MEMCG
183	- ~NAMESPACES
184	- ~NET_NS
185	- ~PID_NS
186	-
187	- ~POSIX_MQUEUE
188	- ~USER_NS
189	- ~UTS_NS
190	- ~VETH"
191	-
192	-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
193	-ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
194	-ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
195	-ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
196	-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
197	-ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
198	-ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
199	-
200	-DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )
201	-
202	-pkg_setup() {
203	- linux-info_pkg_setup
204	-}
205	-
206	-PATCHES=(
207	- "${FILESDIR}"/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch # bug 789012
208	- "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
209	- "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
210	-)
211	-
212	-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
213	-
214	-src_prepare() {
215	- default
216	- eautoreconf
217	-}
218	-
219	-src_configure() {
220	- append-flags -fno-strict-aliasing
221	-
222	- local myeconfargs=(
223	- --bindir=/usr/bin
224	- --localstatedir=/var
225	- --sbindir=/usr/bin
226	-
227	- --with-config-path=/var/lib/lxc
228	- --with-distro=gentoo
229	- --with-init-script=systemd
230	- --with-rootfs-path=/var/lib/lxc/rootfs
231	- --with-runtime-path=/run
232	- --with-systemdsystemunitdir=$(systemd_get_systemunitdir)
233	-
234	- --disable-coverity-build
235	- --disable-dlog
236	- --disable-fuzzers
237	- --disable-mutex-debugging
238	- --disable-no-undefined
239	- --disable-rpath
240	- --disable-sanitizers
241	- --disable-tests
242	- --disable-werror
243	-
244	- --enable-bash
245	- --enable-commands
246	- --enable-memfd-rexec
247	- --enable-seccomp
248	- --enable-thread-safety
249	-
250	- $(use_enable apparmor)
251	- $(use_enable caps capabilities)
252	- $(use_enable doc api-docs)
253	- $(use_enable doc examples)
254	- $(use_enable man doc)
255	- $(use_enable pam)
256	- $(use_enable selinux)
257	- $(use_enable ssl openssl)
258	- $(use_enable tools)
259	-
260	- $(use_with pam pamdir $(getpam_mod_dir))
261	- )
262	-
263	- econf "${myeconfargs[@]}"
264	-}
265	-
266	-src_install() {
267	- default
268	-
269	- mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start \|\| die
270	- bashcomp_alias ${PN}-start \
271	- ${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
272	-
273	- keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
274	- rmdir "${D}"/var/cache/lxc "${D}"/var/cache \|\| die "rmdir failed"
275	-
276	- find "${D}" -name '.la' -delete -o -name '.a' -delete \|\| die
277	-
278	- # Gentoo-specific additions!
279	- newinitd "${FILESDIR}/${PN}.initd.8" ${PN}
280	-
281	- # Remember to compare our systemd unit file with the upstream one
282	- # config/init/systemd/lxc.service.in
283	- systemd_newunit "${FILESDIR}"/${PN}_at.service.4.0.0 "lxc@.service"
284	-
285	- DOC_CONTENTS="
286	- For openrc, there is an init script provided with the package.
287	- You should only need to symlink /etc/init.d/lxc to
288	- /etc/init.d/lxc.configname to start the container defined in
289	- /etc/lxc/configname.conf.
290	-
291	- Correspondingly, for systemd a service file lxc@.service is installed.
292	- Enable and start lxc@configname in order to start the container defined
293	- in /etc/lxc/configname.conf."
294	- DISABLE_AUTOFORMATTING=true
295	- readme.gentoo_create_doc
296	-}
297	-
298	-pkg_postinst() {
299	- readme.gentoo_print_elog
300	-
301	- elog "Please run 'lxc-checkconfig' to see optional kernel features."
302	- elog
303	- optfeature "automatic template scripts" app-emulation/lxc-templates
304	- optfeature "Debian-based distribution container image support" dev-util/debootstrap
305	- optfeature "snapshot & restore functionality" sys-process/criu
306	-}

Gentoo Archives: gentoo-commits