commit: 181fa35d157157f02add732e0b338c6127b51338
Author: Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 14 02:31:33 2016 +0000
Commit: Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 02:31:33 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=181fa35d
app-emulation/lxc: Revbump to repair unit file
Gentoo-bug: 588740
Package-Manager: portage-2.3.0
app-emulation/lxc/files/lxc.initd.5 | 119 +++++++++++++++++++
app-emulation/lxc/files/lxc_at.service.4 | 14 +++
app-emulation/lxc/lxc-2.0.3-r1.ebuild | 197 +++++++++++++++++++++++++++++++
3 files changed, 330 insertions(+)
diff --git a/app-emulation/lxc/files/lxc.initd.5
b/app-emulation/lxc/files/lxc.initd.5
new file mode 100644
index 0000000..e5a5236
--- /dev/null
+++ b/app-emulation/lxc/files/lxc.initd.5
@@ -0,0 +1,119 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+CONTAINER=${SVCNAME#*.}
+
+LXC_PATH=`lxc-config lxc.lxcpath`
+
+lxc_get_configfile() {
+ if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
+ echo "${LXC_PATH}/${CONTAINER}.conf"
+ elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
+ echo "${LXC_PATH}/${CONTAINER}/config"
+ else
+ eerror "Unable to find a suitable configuration file."
+ eerror "If you set up the container in a non-standard"
+ eerror "location, please set the CONFIGFILE variable."
+ return 1
+ fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+ awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }'
${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+ awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+ $1 == "lxc.network.type" {_type=$2;}
+ $1 == "lxc.network.link" {_link=$2;}
+ {if(_link != "" && _type != ""){
+ printf("%s:%s\n", _link, _type );
+ _link=""; _type="";
+ }; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+ if [ ${CONTAINER} = ${SVCNAME} ]; then
+ eerror "You have to create an init script for each container:"
+ eerror " ln -s lxc /etc/init.d/lxc.container"
+ return 1
+ fi
+
+ # no need to output anything, the function takes care of that.
+ [ -z "${CONFIGFILE}" ] && return 1
+
+ utsname=$(lxc_get_var lxc.utsname)
+ if [ ${CONTAINER} != ${utsname} ]; then
+ eerror "You should use the same name for the service and the"
+ eerror "container. Right now the container is called ${utsname}"
+ return 1
+ fi
+}
+
+depend() {
+ # be quiet, since we have to run depend() also for the
+ # non-muxed init script, unfortunately.
+ checkconfig 2>/dev/null || return 0
+
+ config ${CONFIGFILE}
+ need localmount
+ use lxcfs
+
+ local _x _if
+ for _x in $(lxc_get_net_link_type); do
+ _if=${_x%:*}
+ case "${_x##*:}" in
+ # when the network type is set to phys, we can make use
of a
+ # network service (for instance to set it up before we
disable
+ # the net_admin capability), but we might also not set
it up
+ # at all on the host and leave the net_admin capable
service
+ # to take care of it.
+ phys) use net.${_if} ;;
+ *) need net.${_if} ;;
+ esac
+ done
+}
+
+start() {
+ checkconfig || return 1
+ rm -f /var/log/lxc/${CONTAINER}.log
+
+ rootpath=$(lxc_get_var lxc.rootfs)
+
+ # Check the format of our init and the chroot's init, to see
+ # if we have to use linux32 or linux64; always use setarch
+ # when required, as that makes it easier to deal with
+ # x32-based containers.
+ case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+ EM_X86_64) setarch=linux64;;
+ EM_386) setarch=linux32;;
+ esac
+
+ ebegin "Starting ${CONTAINER}"
+ env -i ${setarch} $(which lxc-start) -l WARN -n ${CONTAINER} -f
${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+ sleep 0.5
+
+ # lxc-start -d will _always_ report a correct startup, even if it
+ # failed, so rather than trust that, check that the cgroup exists.
+ [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
+ eend $?
+}
+
+stop() {
+ checkconfig || return 1
+
+
+ if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
+ ewarn "${CONTAINER} doesn't seem to be started."
+ return 0
+ fi
+
+ # 10s should be enough to shut everything down
+ ebegin "Stopping ${CONTAINER}"
+ lxc-stop -t 10 -n ${CONTAINER}
+ eend $?
+}
diff --git a/app-emulation/lxc/files/lxc_at.service.4
b/app-emulation/lxc/files/lxc_at.service.4
new file mode 100644
index 0000000..64ae745
--- /dev/null
+++ b/app-emulation/lxc/files/lxc_at.service.4
@@ -0,0 +1,14 @@
+[Unit]
+Description=Linux Container %I
+After=network.target
+Wants=lxcfs.service
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/lxc-start -n %i -F
+ExecReload=/usr/bin/lxc-restart -n %i
+ExecStop=/usr/bin/lxc-stop -n %i
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-emulation/lxc/lxc-2.0.3-r1.ebuild
b/app-emulation/lxc/lxc-2.0.3-r1.ebuild
new file mode 100644
index 0000000..17805be
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.0.3-r1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info
versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/";
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz";
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+ sys-libs/libcap
+ cgmanager? ( app-admin/cgmanager )
+ lua? ( >=dev-lang/lua-5.1:= )
+ python? ( ${PYTHON_DEPS} )
+ seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+ doc? ( app-text/docbook-sgml-utils )
+ >=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+ sys-process/criu
+ sys-apps/util-linux
+ app-misc/pax-utils
+ virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+ ~CPUSETS ~CGROUP_CPUACCT
+ ~CGROUP_SCHED
+
+ ~NAMESPACES
+ ~IPC_NS ~USER_NS ~PID_NS
+
+ ~NETLINK_DIAG ~PACKET_DIAG
+ ~INET_UDP_DIAG ~INET_TCP_DIAG
+ ~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+ ~DEVPTS_MULTIPLE_INSTANCES
+ ~CGROUP_FREEZER
+ ~UTS_NS ~NET_NS
+ ~VETH ~MACVLAN
+
+ ~POSIX_MQUEUE
+ ~!NETPRIO_CGROUP
+
+ ~!GRKERNSEC_CHROOT_MOUNT
+ ~!GRKERNSEC_CHROOT_DOUBLE
+ ~!GRKERNSEC_CHROOT_PIVOT
+ ~!GRKERNSEC_CHROOT_CHMOD
+ ~!GRKERNSEC_CHROOT_CAPS
+ ~!GRKERNSEC_PROC
+ ~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for
pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container)
networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG: needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG: needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG: needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG: needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG: needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE: needed for
lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP: as of kernel 3.3 and lxc
0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT: some GRSEC
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC
features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is
incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC
feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-bash-completion.patch
+ #558854
+ epatch "${FILESDIR}"/${P}-omit-sysconfig.patch
+ eautoreconf
+}
+
+src_configure() {
+ append-flags -fno-strict-aliasing
+
+ if use python; then
+ #541932
+ python_setup "python3*"
+ export
PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+ fi
+
+ # I am not sure about the --with-rootfs-path
+ # /var/lib/lxc is probably more appropriate than
+ # /usr/lib/lxc.
+ econf \
+ --localstatedir=/var \
+ --bindir=/usr/bin \
+ --sbindir=/usr/bin \
+ --docdir=/usr/share/doc/${PF} \
+ --with-config-path=/var/lib/lxc \
+ --with-rootfs-path=/var/lib/lxc/rootfs \
+ --with-distro=gentoo \
+ --with-runtime-path=/run \
+ --disable-apparmor \
+ $(use_enable cgmanager) \
+ $(use_enable doc) \
+ $(use_enable examples) \
+ $(use_enable lua) \
+ $(use_enable python) \
+ $(use_enable seccomp)
+}
+
+python_compile() {
+ distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ pushd "${S}/src/python-${PN}" > /dev/null
+ distutils-r1_src_compile
+ popd > /dev/null
+ fi
+}
+
+src_install() {
+ default
+
+ mv "${ED}"/usr/share/bash-completion/completions/${PN}
"${ED}"/$(get_bashcompdir)/${PN}-start || die
+ # start-ephemeral is no longer a command but removing it here
+ # generates QA warnings (still in upstream completion script)
+ bashcomp_alias ${PN}-start \
+
${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+ if use python; then
+ pushd "${S}/src/python-lxc" > /dev/null
+ # Unset DOCS. This has been handled by the default target
+ unset DOCS
+ distutils-r1_src_install
+ popd > /dev/null
+ fi
+
+ keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+ find "${D}" -name '*.la' -delete
+
+ # Gentoo-specific additions!
+ newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
+
+ # Remember to compare our systemd unit file with the upstream one
+ # config/init/systemd/lxc.service.in
+ systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "[email protected]"
+}
+
+pkg_postinst() {
+ elog ""
+ elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has
been"
+ elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use
/etc/lxc"
+ elog "please add the following to your /etc/lxc/default.conf"
+ elog "lxc.lxcpath = /etc/lxc"
+ elog ""
+ elog "There is an init script provided with the package now; no
documentation"
+ elog "is currently available though, so please check out
/etc/init.d/lxc ."
+ elog "You _should_ only need to symlink it to
/etc/init.d/lxc.configname"
+ elog "to start the container defined into /etc/lxc/configname.conf ."
+ elog "For further information about LXC development see"
+ elog "http://blog.flameeyes.eu/tag/lxc"; # remove once proper doc is
available
+ elog ""
+}
