aboutsummaryrefslogtreecommitdiffstats
path: root/main/lxc/alpine-template-backport.patch
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-07-25 09:47:06 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-07-25 09:47:06 +0000
commit88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2 (patch)
treec074a2dce36269f0d1f6aa40af026c0ef8ac6552 /main/lxc/alpine-template-backport.patch
parent58bcc48d91dc7396aaea2999fddb3ecdc70ec591 (diff)
downloadaports-88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2.tar.bz2
aports-88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2.tar.xz
main/lxc: backport alpine template from git
so we get --release support
Diffstat (limited to 'main/lxc/alpine-template-backport.patch')
-rw-r--r--main/lxc/alpine-template-backport.patch201
1 files changed, 201 insertions, 0 deletions
diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch
new file mode 100644
index 0000000000..158efcf422
--- /dev/null
+++ b/main/lxc/alpine-template-backport.patch
@@ -0,0 +1,201 @@
+diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
+index 962d274..ce7226f 100644
+--- a/templates/lxc-alpine.in
++++ b/templates/lxc-alpine.in
+@@ -1,20 +1,99 @@
+ #!/bin/sh
+
++key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
++2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub"
++
++get_static_apk () {
++ wget="wget -q -O -"
++ pkglist=alpine-keys:apk-tools-static
++ auto_repo_dir=
++
++ if [ -z "$repository" ]; then
++ url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi
++ if [ -z "$release" ]; then
++ echo -n "Determining the latest release... "
++ release=$($wget $url/.latest.$apk_arch.txt | \
++ cut -d " " -f 3 | cut -d / -f 1 | uniq)
++ if [ -z "$release" ]; then
++ echo failed
++ return 1
++ fi
++ echo $release
++ fi
++ auto_repo_dir=$release/main
++ repository=$url/$auto_repo_dir
++ pkglist=$pkglist:alpine-mirrors
++ fi
++
++ rootfs="$1"
++ echo "Using static apk from $repository/$apk_arch"
++ wget="$wget $repository/$apk_arch"
++
++ # parse APKINDEX to find the current versions
++ static_pkgs=$($wget/APKINDEX.tar.gz | \
++ tar -Oxz APKINDEX | \
++ awk -F: -v pkglist=$pkglist '
++ BEGIN { split(pkglist,pkg) }
++ $0 != "" { f[$1] = $2 }
++ $0 == "" { for (i in pkg)
++ if (pkg[i] == f["P"])
++ print(f["P"] "-" f["V"] ".apk") }')
++ [ "$static_pkgs" ] || return 1
++
++ mkdir -p "$rootfs" || return 1
++ for pkg in $static_pkgs; do
++ echo "Downloading $pkg"
++ $wget/$pkg | tar -xz -C "$rootfs"
++ done
++
++ # clean up .apk meta files
++ rm -f "$rootfs"/.[A-Z]*
++
++ # verify checksum of the key
++ keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
++ checksum=$(echo "$key_sha256sums" | grep -w "$keyname")
++ if [ -z "$checksum" ]; then
++ echo "ERROR: checksum is missing for $keyname"
++ return 1
++ fi
++ (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1
++
++ # verify the static apk binary signature
++ APK=$rootfs/sbin/apk.static
++ openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
++ -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
++
++ if [ "$auto_repo_dir" ]; then
++ mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt
++ mirror_count=$(wc -l $mirror_list | cut -d " " -f 1)
++ repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \
++ $mirror_list)$auto_repo_dir
++ echo "Selecting mirror $repository"
++ fi
++}
++
+ install_alpine() {
+ rootfs="$1"
+ shift
+ mkdir -p "$rootfs"/etc/apk || return 1
+- cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/
++ : ${keys_dir:=/etc/apk/keys}
++ if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then
++ cp -r "$keys_dir" "$rootfs"/etc/apk/keys
++ fi
+ if [ -n "$repository" ]; then
+ echo "$repository" > "$rootfs"/etc/apk/repositories
+ else
+ cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1
++ if [ -n "$release" ]; then
++ sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
++ "$rootfs"/etc/apk/repositories
++ fi
+ fi
+ opt_arch=
+ if [ -n "$apk_arch" ]; then
+ opt_arch="--arch $apk_arch"
+ fi
+- ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
++ $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
+ }
+
+ configure_alpine() {
+@@ -109,6 +188,7 @@ EOF
+ lxc.tty = 4
+ lxc.pts = 1024
+ lxc.utsname = $hostname
++lxc.cap.drop = sys_module mac_admin mac_override sys_time
+
+ # When using LXC with apparmor, uncomment the next line to run unconfined:
+ #lxc.aa_profile = unconfined
+@@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm
+ lxc.cgroup.devices.allow = c 136:* rwm
+ lxc.cgroup.devices.allow = c 5:2 rwm
+ # rtc
+-lxc.cgroup.devices.allow = c 254:0 rwm
++lxc.cgroup.devices.allow = c 254:0 rm
+
+ # mounts point
+ lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+@@ -148,8 +228,10 @@ die() {
+
+ usage() {
+ cat >&2 <<EOF
+-Usage: $(basename $0) [-h|--help] [-r|--repository <url>] [-a|--arch <arch>]
+- -p|--path <path> -n|--name <name> [PKG...]
++Usage: $(basename $0) [-h|--help] [-r|--repository <url>]
++ [-R|--release <release>] [-a|--arch <arch>]
++ [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
++ [PKG...]
+ EOF
+ }
+
+@@ -165,6 +247,14 @@ optarg_check() {
+ }
+
+ default_path=@LXCPATH@
++release=
++arch=$(uname -m)
++
++# template mknods, requires root
++if [ $(id -u) -ne 0 ]; then
++ echo "$(basename $0): must be run as root" >&2
++ exit 1
++fi
+
+ while [ $# -gt 0 ]; do
+ opt="$1"
+@@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do
+ name=$1
+ shift
+ ;;
++ --rootfs)
++ optarg_check $opt "$1"
++ rootfs=$1
++ shift
++ ;;
+ -p|--path)
+ optarg_check $opt "$1"
+ path=$1
+@@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do
+ repository=$1
+ shift
+ ;;
++ -R|--release)
++ optarg_check $opt "$1"
++ release=$1
++ shift
++ ;;
+ -a|--arch)
+ optarg_check $opt "$1"
+ arch=$1
+@@ -217,9 +317,11 @@ if [ -z "${path}" ]; then
+ path="${default_path}/${name}"
+ fi
+
+-rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
+ if [ -z "$rootfs" ]; then
+- rootfs="${path}/rootfs"
++ rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
++ if [ -z "$rootfs" ]; then
++ rootfs="${path}/rootfs"
++ fi
+ fi
+
+ lxc_arch=$arch
+@@ -234,6 +336,11 @@ case "$arch" in
+ *) die "unsupported architecture: $arch";;
+ esac
+
++: ${APK:=apk}
++if ! which $APK >/dev/null; then
++ get_static_apk "$rootfs" || die "Failed to download a valid static apk"
++fi
++
+ install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name"
+ configure_alpine "$rootfs" "$name" || die "Failed to configure $name"
+ copy_configuration "$path" "$rootfs" "$name"