diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-07-25 09:47:06 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-07-25 09:47:06 +0000 |
commit | 88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2 (patch) | |
tree | c074a2dce36269f0d1f6aa40af026c0ef8ac6552 /main/lxc | |
parent | 58bcc48d91dc7396aaea2999fddb3ecdc70ec591 (diff) | |
download | aports-88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2.tar.bz2 aports-88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2.tar.xz |
main/lxc: backport alpine template from git
so we get --release support
Diffstat (limited to 'main/lxc')
-rw-r--r-- | main/lxc/APKBUILD | 6 | ||||
-rw-r--r-- | main/lxc/alpine-template-backport.patch | 201 |
2 files changed, 206 insertions, 1 deletions
diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD index 054fbe2c82..4a65633b7a 100644 --- a/main/lxc/APKBUILD +++ b/main/lxc/APKBUILD @@ -3,7 +3,7 @@ pkgname=lxc pkgver=0.9.0 _mypkgver=${pkgver/_rc/-rc} -pkgrel=0 +pkgrel=1 pkgdesc="linux containers - tools" url="http://lxc.sourceforge.net/" arch="all" @@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc" source="http://lxc.sourceforge.net/download/lxc/$pkgname-$_mypkgver.tar.gz bb-rm.patch bb-shutdown.patch + alpine-template-backport.patch lxc.initd " @@ -50,12 +51,15 @@ package() { md5sums="8552a4479090616f4bc04d8473765fc9 lxc-0.9.0.tar.gz a0894c2ddf9133c3cc33c264e4596a3c bb-rm.patch e96514860ee34b62d1b208ab03c569bc bb-shutdown.patch +25dd200bd158d16a05bb3e7aaef84697 alpine-template-backport.patch f3c6998798b13425b8d0647bad0834a8 lxc.initd" sha256sums="1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120 lxc-0.9.0.tar.gz c9caea06b87baf5e335821c7e9ce3caca849b33f8176fbd48126c605583e78fc bb-rm.patch 0e5706cb077f750afdd6a5a4fd2afdf0b9113126c85e130d92680bed4ce9c20e bb-shutdown.patch +df193c4cf08e171c23b0b472750b7b1e0e7a66971c03201a0523e4039909f33b alpine-template-backport.patch 77c64e6137457be89c150b82d681a3eb5c7c1f06af142a321703fc9a43bff200 lxc.initd" sha512sums="a96133660ca6ea45dc4b8d167267120328577339e933ff9510f03e9d368ca5db77031dc1e7e4529b3e506f63f79c2ce3f8f72571a7dfdbeb2a8799777782a606 lxc-0.9.0.tar.gz b8fe47af6b1341ca472b6337c304f52402c53d400fc1d13895f2f568dd4d81b9ff281efc70bc1ddc221ac457db3bed4a199491059a15f66755deddc93ce91bf1 bb-rm.patch 86df52e380a01d6d3f588ca395925e8f774529c72e5b4c8dcb701d79fad7697ed8800f0ff51fded2896b2d2af49faa7f26960234fc8c1a6b4bc8f42d85078e6d bb-shutdown.patch +d10e25aeee0aba61a4c3420fe1b2bfd9213e7ef10f399ed5f0ba5d978a97a49fd23044b098f73f6d9651c23b1bb025f30d81deb6aec9edf4d2267afc22a09d60 alpine-template-backport.patch 4e56f7b869345f936df54c4359abdd3b8d0244c0fd71a9a787bc2393c4caabca22ca8417f16da47f02c86294750986fd674d0d2e7c1b1d096076873b22c07a29 lxc.initd" diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch new file mode 100644 index 0000000000..158efcf422 --- /dev/null +++ b/main/lxc/alpine-template-backport.patch @@ -0,0 +1,201 @@ +diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in +index 962d274..ce7226f 100644 +--- a/templates/lxc-alpine.in ++++ b/templates/lxc-alpine.in +@@ -1,20 +1,99 @@ + #!/bin/sh + ++key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub ++2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub" ++ ++get_static_apk () { ++ wget="wget -q -O -" ++ pkglist=alpine-keys:apk-tools-static ++ auto_repo_dir= ++ ++ if [ -z "$repository" ]; then ++ url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi ++ if [ -z "$release" ]; then ++ echo -n "Determining the latest release... " ++ release=$($wget $url/.latest.$apk_arch.txt | \ ++ cut -d " " -f 3 | cut -d / -f 1 | uniq) ++ if [ -z "$release" ]; then ++ echo failed ++ return 1 ++ fi ++ echo $release ++ fi ++ auto_repo_dir=$release/main ++ repository=$url/$auto_repo_dir ++ pkglist=$pkglist:alpine-mirrors ++ fi ++ ++ rootfs="$1" ++ echo "Using static apk from $repository/$apk_arch" ++ wget="$wget $repository/$apk_arch" ++ ++ # parse APKINDEX to find the current versions ++ static_pkgs=$($wget/APKINDEX.tar.gz | \ ++ tar -Oxz APKINDEX | \ ++ awk -F: -v pkglist=$pkglist ' ++ BEGIN { split(pkglist,pkg) } ++ $0 != "" { f[$1] = $2 } ++ $0 == "" { for (i in pkg) ++ if (pkg[i] == f["P"]) ++ print(f["P"] "-" f["V"] ".apk") }') ++ [ "$static_pkgs" ] || return 1 ++ ++ mkdir -p "$rootfs" || return 1 ++ for pkg in $static_pkgs; do ++ echo "Downloading $pkg" ++ $wget/$pkg | tar -xz -C "$rootfs" ++ done ++ ++ # clean up .apk meta files ++ rm -f "$rootfs"/.[A-Z]* ++ ++ # verify checksum of the key ++ keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//') ++ checksum=$(echo "$key_sha256sums" | grep -w "$keyname") ++ if [ -z "$checksum" ]; then ++ echo "ERROR: checksum is missing for $keyname" ++ return 1 ++ fi ++ (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1 ++ ++ # verify the static apk binary signature ++ APK=$rootfs/sbin/apk.static ++ openssl dgst -verify $rootfs/etc/apk/keys/$keyname \ ++ -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1 ++ ++ if [ "$auto_repo_dir" ]; then ++ mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt ++ mirror_count=$(wc -l $mirror_list | cut -d " " -f 1) ++ repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \ ++ $mirror_list)$auto_repo_dir ++ echo "Selecting mirror $repository" ++ fi ++} ++ + install_alpine() { + rootfs="$1" + shift + mkdir -p "$rootfs"/etc/apk || return 1 +- cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/ ++ : ${keys_dir:=/etc/apk/keys} ++ if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then ++ cp -r "$keys_dir" "$rootfs"/etc/apk/keys ++ fi + if [ -n "$repository" ]; then + echo "$repository" > "$rootfs"/etc/apk/repositories + else + cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1 ++ if [ -n "$release" ]; then ++ sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \ ++ "$rootfs"/etc/apk/repositories ++ fi + fi + opt_arch= + if [ -n "$apk_arch" ]; then + opt_arch="--arch $apk_arch" + fi +- ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base ++ $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base + } + + configure_alpine() { +@@ -109,6 +188,7 @@ EOF + lxc.tty = 4 + lxc.pts = 1024 + lxc.utsname = $hostname ++lxc.cap.drop = sys_module mac_admin mac_override sys_time + + # When using LXC with apparmor, uncomment the next line to run unconfined: + #lxc.aa_profile = unconfined +@@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm + lxc.cgroup.devices.allow = c 136:* rwm + lxc.cgroup.devices.allow = c 5:2 rwm + # rtc +-lxc.cgroup.devices.allow = c 254:0 rwm ++lxc.cgroup.devices.allow = c 254:0 rm + + # mounts point + lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 +@@ -148,8 +228,10 @@ die() { + + usage() { + cat >&2 <<EOF +-Usage: $(basename $0) [-h|--help] [-r|--repository <url>] [-a|--arch <arch>] +- -p|--path <path> -n|--name <name> [PKG...] ++Usage: $(basename $0) [-h|--help] [-r|--repository <url>] ++ [-R|--release <release>] [-a|--arch <arch>] ++ [--rootfs <rootfs>] -p|--path <path> -n|--name <name> ++ [PKG...] + EOF + } + +@@ -165,6 +247,14 @@ optarg_check() { + } + + default_path=@LXCPATH@ ++release= ++arch=$(uname -m) ++ ++# template mknods, requires root ++if [ $(id -u) -ne 0 ]; then ++ echo "$(basename $0): must be run as root" >&2 ++ exit 1 ++fi + + while [ $# -gt 0 ]; do + opt="$1" +@@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do + name=$1 + shift + ;; ++ --rootfs) ++ optarg_check $opt "$1" ++ rootfs=$1 ++ shift ++ ;; + -p|--path) + optarg_check $opt "$1" + path=$1 +@@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do + repository=$1 + shift + ;; ++ -R|--release) ++ optarg_check $opt "$1" ++ release=$1 ++ shift ++ ;; + -a|--arch) + optarg_check $opt "$1" + arch=$1 +@@ -217,9 +317,11 @@ if [ -z "${path}" ]; then + path="${default_path}/${name}" + fi + +-rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` + if [ -z "$rootfs" ]; then +- rootfs="${path}/rootfs" ++ rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` ++ if [ -z "$rootfs" ]; then ++ rootfs="${path}/rootfs" ++ fi + fi + + lxc_arch=$arch +@@ -234,6 +336,11 @@ case "$arch" in + *) die "unsupported architecture: $arch";; + esac + ++: ${APK:=apk} ++if ! which $APK >/dev/null; then ++ get_static_apk "$rootfs" || die "Failed to download a valid static apk" ++fi ++ + install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name" + configure_alpine "$rootfs" "$name" || die "Failed to configure $name" + copy_configuration "$path" "$rootfs" "$name" |