diff options
Diffstat (limited to 'main/lxc/alpine-template-backport.patch')
-rw-r--r-- | main/lxc/alpine-template-backport.patch | 201 |
1 files changed, 0 insertions, 201 deletions
diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch deleted file mode 100644 index 158efcf422..0000000000 --- a/main/lxc/alpine-template-backport.patch +++ /dev/null @@ -1,201 +0,0 @@ -diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in -index 962d274..ce7226f 100644 ---- a/templates/lxc-alpine.in -+++ b/templates/lxc-alpine.in -@@ -1,20 +1,99 @@ - #!/bin/sh - -+key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub -+2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub" -+ -+get_static_apk () { -+ wget="wget -q -O -" -+ pkglist=alpine-keys:apk-tools-static -+ auto_repo_dir= -+ -+ if [ -z "$repository" ]; then -+ url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi -+ if [ -z "$release" ]; then -+ echo -n "Determining the latest release... " -+ release=$($wget $url/.latest.$apk_arch.txt | \ -+ cut -d " " -f 3 | cut -d / -f 1 | uniq) -+ if [ -z "$release" ]; then -+ echo failed -+ return 1 -+ fi -+ echo $release -+ fi -+ auto_repo_dir=$release/main -+ repository=$url/$auto_repo_dir -+ pkglist=$pkglist:alpine-mirrors -+ fi -+ -+ rootfs="$1" -+ echo "Using static apk from $repository/$apk_arch" -+ wget="$wget $repository/$apk_arch" -+ -+ # parse APKINDEX to find the current versions -+ static_pkgs=$($wget/APKINDEX.tar.gz | \ -+ tar -Oxz APKINDEX | \ -+ awk -F: -v pkglist=$pkglist ' -+ BEGIN { split(pkglist,pkg) } -+ $0 != "" { f[$1] = $2 } -+ $0 == "" { for (i in pkg) -+ if (pkg[i] == f["P"]) -+ print(f["P"] "-" f["V"] ".apk") }') -+ [ "$static_pkgs" ] || return 1 -+ -+ mkdir -p "$rootfs" || return 1 -+ for pkg in $static_pkgs; do -+ echo "Downloading $pkg" -+ $wget/$pkg | tar -xz -C "$rootfs" -+ done -+ -+ # clean up .apk meta files -+ rm -f "$rootfs"/.[A-Z]* -+ -+ # verify checksum of the key -+ keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//') -+ checksum=$(echo "$key_sha256sums" | grep -w "$keyname") -+ if [ -z "$checksum" ]; then -+ echo "ERROR: checksum is missing for $keyname" -+ return 1 -+ fi -+ (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1 -+ -+ # verify the static apk binary signature -+ APK=$rootfs/sbin/apk.static -+ openssl dgst -verify $rootfs/etc/apk/keys/$keyname \ -+ -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1 -+ -+ if [ "$auto_repo_dir" ]; then -+ mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt -+ mirror_count=$(wc -l $mirror_list | cut -d " " -f 1) -+ repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \ -+ $mirror_list)$auto_repo_dir -+ echo "Selecting mirror $repository" -+ fi -+} -+ - install_alpine() { - rootfs="$1" - shift - mkdir -p "$rootfs"/etc/apk || return 1 -- cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/ -+ : ${keys_dir:=/etc/apk/keys} -+ if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then -+ cp -r "$keys_dir" "$rootfs"/etc/apk/keys -+ fi - if [ -n "$repository" ]; then - echo "$repository" > "$rootfs"/etc/apk/repositories - else - cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1 -+ if [ -n "$release" ]; then -+ sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \ -+ "$rootfs"/etc/apk/repositories -+ fi - fi - opt_arch= - if [ -n "$apk_arch" ]; then - opt_arch="--arch $apk_arch" - fi -- ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base -+ $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base - } - - configure_alpine() { -@@ -109,6 +188,7 @@ EOF - lxc.tty = 4 - lxc.pts = 1024 - lxc.utsname = $hostname -+lxc.cap.drop = sys_module mac_admin mac_override sys_time - - # When using LXC with apparmor, uncomment the next line to run unconfined: - #lxc.aa_profile = unconfined -@@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm - lxc.cgroup.devices.allow = c 136:* rwm - lxc.cgroup.devices.allow = c 5:2 rwm - # rtc --lxc.cgroup.devices.allow = c 254:0 rwm -+lxc.cgroup.devices.allow = c 254:0 rm - - # mounts point - lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 -@@ -148,8 +228,10 @@ die() { - - usage() { - cat >&2 <<EOF --Usage: $(basename $0) [-h|--help] [-r|--repository <url>] [-a|--arch <arch>] -- -p|--path <path> -n|--name <name> [PKG...] -+Usage: $(basename $0) [-h|--help] [-r|--repository <url>] -+ [-R|--release <release>] [-a|--arch <arch>] -+ [--rootfs <rootfs>] -p|--path <path> -n|--name <name> -+ [PKG...] - EOF - } - -@@ -165,6 +247,14 @@ optarg_check() { - } - - default_path=@LXCPATH@ -+release= -+arch=$(uname -m) -+ -+# template mknods, requires root -+if [ $(id -u) -ne 0 ]; then -+ echo "$(basename $0): must be run as root" >&2 -+ exit 1 -+fi - - while [ $# -gt 0 ]; do - opt="$1" -@@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do - name=$1 - shift - ;; -+ --rootfs) -+ optarg_check $opt "$1" -+ rootfs=$1 -+ shift -+ ;; - -p|--path) - optarg_check $opt "$1" - path=$1 -@@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do - repository=$1 - shift - ;; -+ -R|--release) -+ optarg_check $opt "$1" -+ release=$1 -+ shift -+ ;; - -a|--arch) - optarg_check $opt "$1" - arch=$1 -@@ -217,9 +317,11 @@ if [ -z "${path}" ]; then - path="${default_path}/${name}" - fi - --rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` - if [ -z "$rootfs" ]; then -- rootfs="${path}/rootfs" -+ rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` -+ if [ -z "$rootfs" ]; then -+ rootfs="${path}/rootfs" -+ fi - fi - - lxc_arch=$arch -@@ -234,6 +336,11 @@ case "$arch" in - *) die "unsupported architecture: $arch";; - esac - -+: ${APK:=apk} -+if ! which $APK >/dev/null; then -+ get_static_apk "$rootfs" || die "Failed to download a valid static apk" -+fi -+ - install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name" - configure_alpine "$rootfs" "$name" || die "Failed to configure $name" - copy_configuration "$path" "$rootfs" "$name" |