From 11796ca36e2bab9a5e42c8b4bfd91a1e83719f1c Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 13 Oct 2014 14:57:15 +0000 Subject: main/lxc: backport openvswitch bridge support remove unused patches while at it --- main/lxc/0001-Support-openvswitch-bridges.patch | 138 +++++++ ...t-link-Lua-module-to-the-Lua-core-library.patch | 31 -- main/lxc/0002-fix-typo.patch | 27 ++ ...c-alpine-add-support-for-architecture-arm.patch | 27 -- ...Update-the-openvswitch-bridge-attach-code.patch | 134 +++++++ main/lxc/APKBUILD | 22 +- main/lxc/alpine-template-backport.patch | 201 ---------- main/lxc/bb-rm.patch | 15 - main/lxc/bb-shutdown.patch | 26 -- main/lxc/lxc-fix-headers.patch | 435 --------------------- 10 files changed, 317 insertions(+), 739 deletions(-) create mode 100644 main/lxc/0001-Support-openvswitch-bridges.patch delete mode 100644 main/lxc/0001-lua-Do-not-link-Lua-module-to-the-Lua-core-library.patch create mode 100644 main/lxc/0002-fix-typo.patch delete mode 100644 main/lxc/0002-lxc-alpine-add-support-for-architecture-arm.patch create mode 100644 main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch delete mode 100644 main/lxc/alpine-template-backport.patch delete mode 100644 main/lxc/bb-rm.patch delete mode 100644 main/lxc/bb-shutdown.patch delete mode 100644 main/lxc/lxc-fix-headers.patch (limited to 'main') diff --git a/main/lxc/0001-Support-openvswitch-bridges.patch b/main/lxc/0001-Support-openvswitch-bridges.patch new file mode 100644 index 000000000..09f91349f --- /dev/null +++ b/main/lxc/0001-Support-openvswitch-bridges.patch @@ -0,0 +1,138 @@ +From 8acaf18100f3c974cd4a204d531fe0077e95829c Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Mon, 21 Jul 2014 17:48:55 -0500 +Subject: [PATCH 1/3] Support openvswitch bridges + +We detect whether ovs-vsctl is available. If so, then we support +adding network interfaces to openvswitch bridges with it. + +Note that with this patch, veths do not appear to be removed from the +openvswitch bridge. This seems a bug in openvswitch, as the veths +in fact do disappear from the system. If lxc is required to remove +the port from the bridge manually, that becomes more complicated +for unprivileged containers, as it would require a setuid-root +wrapper to be called at shutdown. + +Signed-off-by: Serge Hallyn +(cherry picked from commit 0d2047716ad6967eb4714b2448a89593dc266cef) +--- + configure.ac | 11 +++++++++++ + src/lxc/Makefile.am | 4 ++++ + src/lxc/network.c | 43 +++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 58 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 6ec5740..e0efae7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -192,6 +192,16 @@ fi + + AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) + ++# Openvswitch ++AC_PATH_PROG([OVS_CTL_PATH],[ovs-vsctl]) ++if test "x$OVS_CTL_PATH" != "x"; then ++ enable_ovs="yes" ++ AS_AC_EXPAND(OVS_CTL_PATH, "$OVS_CTL_PATH") ++else ++ enable_ovs="no" ++fi ++AM_CONDITIONAL([HAVE_OVS], [test "x$enable_ovs" = "xyes"]) ++ + # Apparmor + AC_ARG_ENABLE([apparmor], + [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], +@@ -740,6 +750,7 @@ Environment: + - rpath: $enable_rpath + - GnuTLS: $enable_gnutls + - Bash integration: $enable_bash ++ - Openvswitch: $enable_ovs + + Security features: + - Apparmor: $enable_apparmor +diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am +index 92841aa..ddeb37e 100644 +--- a/src/lxc/Makefile.am ++++ b/src/lxc/Makefile.am +@@ -129,6 +129,10 @@ if ENABLE_APPARMOR + AM_CFLAGS += -DHAVE_APPARMOR + endif + ++if HAVE_OVS ++AM_CFLAGS += -DHAVE_OVS -DOVS_CTL_PATH=\"$(OVS_CTL_PATH)\" ++endif ++ + if ENABLE_CGMANAGER + AM_CFLAGS += -DHAVE_CGMANAGER + endif +diff --git a/src/lxc/network.c b/src/lxc/network.c +index a9900de..4270619 100644 +--- a/src/lxc/network.c ++++ b/src/lxc/network.c +@@ -48,6 +48,7 @@ + #include "nl.h" + #include "network.h" + #include "conf.h" ++#include "utils.h" + + #if HAVE_IFADDRS_H + #include +@@ -1170,6 +1171,45 @@ int lxc_ipv6_dest_add(int ifindex, struct in6_addr *dest) + return ip_route_dest_add(AF_INET6, ifindex, dest); + } + ++#ifdef HAVE_OVS ++static bool is_ovs_bridge(const char *bridge) ++{ ++ char brdirname[22 + IFNAMSIZ + 1] = {0}; ++ struct stat sb; ++ ++ snprintf(brdirname, 22 +IFNAMSIZ + 1, "/sys/class/net/%s/bridge", bridge); ++ if (stat(brdirname, &sb) == -1 && errno == ENOENT) ++ return true; ++ return false; ++} ++ ++static int attach_to_ovs_bridge(const char *bridge, const char *nic) ++{ ++ pid_t pid; ++ const char *progname; ++ ++ pid = fork(); ++ if (pid < 0) ++ return -1; ++ if (pid > 0) ++ return wait_for_pid(pid); ++ ++ progname = strrchr(OVS_CTL_PATH, '/'); ++ if (!progname) // not sane, should we just fail? ++ progname = OVS_CTL_PATH; ++ if (execl(OVS_CTL_PATH, progname, "add-port", bridge, nic, NULL)) ++ exit(1); ++ // not reached ++ exit(1); ++} ++#else ++static inline bool is_ovs_bridge(const char *bridge) { return false; } ++static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) ++{ ++ retun -1; ++} ++#endif ++ + /* + * There is a lxc_bridge_attach, but no need of a bridge detach + * as automatically done by kernel when a netdev is deleted. +@@ -1186,6 +1226,9 @@ int lxc_bridge_attach(const char *bridge, const char *ifname) + if (!index) + return -EINVAL; + ++ if (is_ovs_bridge(bridge)) ++ return attach_to_ovs_bridge(bridge, ifname); ++ + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd < 0) + return -errno; +-- +2.1.2 + diff --git a/main/lxc/0001-lua-Do-not-link-Lua-module-to-the-Lua-core-library.patch b/main/lxc/0001-lua-Do-not-link-Lua-module-to-the-Lua-core-library.patch deleted file mode 100644 index 02a5b02f6..000000000 --- a/main/lxc/0001-lua-Do-not-link-Lua-module-to-the-Lua-core-library.patch +++ /dev/null @@ -1,31 +0,0 @@ -From aa0337f7856feefab804c8a7bba4eaca205d3bab Mon Sep 17 00:00:00 2001 -From: Natanael Copa -Date: Thu, 20 Feb 2014 09:48:37 +0000 -Subject: [PATCH 1/2] lua: Do not link Lua module to the Lua core library - -Modules should not link to the Lua core library. - -See http://lua-users.org/wiki/BuildingModules under -"Do Not Link Modules to the Lua Core Libraries" - -Signed-off-by: Natanael Copa ---- - src/lua-lxc/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lua-lxc/Makefile.am b/src/lua-lxc/Makefile.am -index 7bbaf61..540238f 100644 ---- a/src/lua-lxc/Makefile.am -+++ b/src/lua-lxc/Makefile.am -@@ -18,7 +18,7 @@ core_so_LDFLAGS = \ - -L$(top_srcdir)/src/lxc \ - -Wl,-soname,core.so.$(firstword $(subst ., ,$(VERSION))) - --core_so_LDADD = -llxc $(LUA_LIBS) -+core_so_LDADD = -llxc - - lxc.lua: - --- -1.8.5.4 - diff --git a/main/lxc/0002-fix-typo.patch b/main/lxc/0002-fix-typo.patch new file mode 100644 index 000000000..828e6cb7e --- /dev/null +++ b/main/lxc/0002-fix-typo.patch @@ -0,0 +1,27 @@ +From b63fcfdcdcb17474c5ee1a8a62c9a4618cac4410 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Wed, 23 Jul 2014 10:19:24 -0500 +Subject: [PATCH 2/3] fix typo + +Signed-off-by: Serge Hallyn +(cherry picked from commit f50b163d1d565a9c5f3fbab725b999c5746961ad) +--- + src/lxc/network.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/network.c b/src/lxc/network.c +index 4270619..dfab159 100644 +--- a/src/lxc/network.c ++++ b/src/lxc/network.c +@@ -1206,7 +1206,7 @@ static int attach_to_ovs_bridge(const char *bridge, const char *nic) + static inline bool is_ovs_bridge(const char *bridge) { return false; } + static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) + { +- retun -1; ++ return -1; + } + #endif + +-- +2.1.2 + diff --git a/main/lxc/0002-lxc-alpine-add-support-for-architecture-arm.patch b/main/lxc/0002-lxc-alpine-add-support-for-architecture-arm.patch deleted file mode 100644 index f4bfad2fc..000000000 --- a/main/lxc/0002-lxc-alpine-add-support-for-architecture-arm.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 882bdfc07672202fbade0d8e38d26cf0a5309b5d Mon Sep 17 00:00:00 2001 -From: Natanael Copa -Date: Thu, 20 Feb 2014 10:30:22 +0000 -Subject: [PATCH 2/2] lxc-alpine: add support for architecture arm - -Signed-off-by: Natanael Copa ---- - templates/lxc-alpine.in | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in -index afda971..d8c6674 100644 ---- a/templates/lxc-alpine.in -+++ b/templates/lxc-alpine.in -@@ -368,6 +368,9 @@ case "$arch" in - ;; - x86_64|"") - ;; -+ arm*) -+ apk_arch=armhf -+ ;; - *) - die "unsupported architecture: $arch" - ;; --- -1.8.5.4 - diff --git a/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch b/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch new file mode 100644 index 000000000..ff6085d68 --- /dev/null +++ b/main/lxc/0003-Update-the-openvswitch-bridge-attach-code.patch @@ -0,0 +1,134 @@ +From 26e73e11dcf4c59f90dea06fa36749be06202d04 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Fri, 22 Aug 2014 20:29:23 +0000 +Subject: [PATCH 3/3] Update the openvswitch bridge attach code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +1. don't determine ovs-vsctl path at configure time, do it at runtime + +2. lxc-user-nic: set a sane path to protect from unpriv users + +Signed-off-by: Serge Hallyn +Acked-by: Stéphane Graber +(cherry picked from commit 6ad22d063aa0fdbd77425acd7f9c9de79e5aff3e) +--- + configure.ac | 11 ----------- + src/lxc/Makefile.am | 4 ---- + src/lxc/lxc_user_nic.c | 5 +++++ + src/lxc/network.c | 20 +++++++------------- + 4 files changed, 12 insertions(+), 28 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e0efae7..6ec5740 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -192,16 +192,6 @@ fi + + AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) + +-# Openvswitch +-AC_PATH_PROG([OVS_CTL_PATH],[ovs-vsctl]) +-if test "x$OVS_CTL_PATH" != "x"; then +- enable_ovs="yes" +- AS_AC_EXPAND(OVS_CTL_PATH, "$OVS_CTL_PATH") +-else +- enable_ovs="no" +-fi +-AM_CONDITIONAL([HAVE_OVS], [test "x$enable_ovs" = "xyes"]) +- + # Apparmor + AC_ARG_ENABLE([apparmor], + [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], +@@ -750,7 +740,6 @@ Environment: + - rpath: $enable_rpath + - GnuTLS: $enable_gnutls + - Bash integration: $enable_bash +- - Openvswitch: $enable_ovs + + Security features: + - Apparmor: $enable_apparmor +diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am +index ddeb37e..92841aa 100644 +--- a/src/lxc/Makefile.am ++++ b/src/lxc/Makefile.am +@@ -129,10 +129,6 @@ if ENABLE_APPARMOR + AM_CFLAGS += -DHAVE_APPARMOR + endif + +-if HAVE_OVS +-AM_CFLAGS += -DHAVE_OVS -DOVS_CTL_PATH=\"$(OVS_CTL_PATH)\" +-endif +- + if ENABLE_CGMANAGER + AM_CFLAGS += -DHAVE_CGMANAGER + endif +diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c +index 64e9d1a..b2a583c 100644 +--- a/src/lxc/lxc_user_nic.c ++++ b/src/lxc/lxc_user_nic.c +@@ -590,6 +590,11 @@ int main(int argc, char *argv[]) + char *vethname = NULL; + int pid; + ++ /* set a sane path, because we are setuid-root */ ++ if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) { ++ fprintf(stderr, "Failed to set PATH, exiting\n"); ++ exit(1); ++ } + if ((me = get_username()) == NULL) { + fprintf(stderr, "Failed to get username\n"); + exit(1); +diff --git a/src/lxc/network.c b/src/lxc/network.c +index dfab159..32edfc4 100644 +--- a/src/lxc/network.c ++++ b/src/lxc/network.c +@@ -1171,7 +1171,6 @@ int lxc_ipv6_dest_add(int ifindex, struct in6_addr *dest) + return ip_route_dest_add(AF_INET6, ifindex, dest); + } + +-#ifdef HAVE_OVS + static bool is_ovs_bridge(const char *bridge) + { + char brdirname[22 + IFNAMSIZ + 1] = {0}; +@@ -1186,7 +1185,12 @@ static bool is_ovs_bridge(const char *bridge) + static int attach_to_ovs_bridge(const char *bridge, const char *nic) + { + pid_t pid; +- const char *progname; ++ char *cmd; ++ ++ cmd = on_path("ovs-vsctl"); ++ if (!cmd) ++ return -1; ++ free(cmd); + + pid = fork(); + if (pid < 0) +@@ -1194,21 +1198,11 @@ static int attach_to_ovs_bridge(const char *bridge, const char *nic) + if (pid > 0) + return wait_for_pid(pid); + +- progname = strrchr(OVS_CTL_PATH, '/'); +- if (!progname) // not sane, should we just fail? +- progname = OVS_CTL_PATH; +- if (execl(OVS_CTL_PATH, progname, "add-port", bridge, nic, NULL)) ++ if (execlp("ovs-vsctl", "ovs-vsctl", "add-port", bridge, nic, NULL)) + exit(1); + // not reached + exit(1); + } +-#else +-static inline bool is_ovs_bridge(const char *bridge) { return false; } +-static inline int attach_to_ovs_bridge(const char *bridge, const char *nic) +-{ +- return -1; +-} +-#endif + + /* + * There is a lxc_bridge_attach, but no need of a bridge detach +-- +2.1.2 + diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD index 184c7f72f..f1ceb2902 100644 --- a/main/lxc/APKBUILD +++ b/main/lxc/APKBUILD @@ -3,7 +3,7 @@ pkgname=lxc pkgver=1.0.6 _mypkgver=${pkgver/_rc/.rc} -pkgrel=0 +pkgrel=1 pkgdesc="linux containers - tools" url="http://lxc.sourceforge.net/" arch="all" @@ -18,6 +18,11 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lvm lua5.2-lxc:_lua52 source="https://github.com/lxc/lxc/archive/lxc-$_mypkgver.tar.gz version.patch lxc.initd + + 0001-Support-openvswitch-bridges.patch + 0002-fix-typo.patch + 0003-Update-the-openvswitch-bridge-attach-code.patch + " _builddir="${srcdir}/lxc-lxc-${_mypkgver}" @@ -87,10 +92,19 @@ dev() { md5sums="3949cd916a120f40c2355c9a5b65cd51 lxc-1.0.6.tar.gz 79e90616b5049a472ccdcb5b1dcdd8b1 version.patch -1268d4b3e6ed004a47216b8714d09bfd lxc.initd" +1268d4b3e6ed004a47216b8714d09bfd lxc.initd +0800600ea0e9a0a4eab5822e8f14d6a2 0001-Support-openvswitch-bridges.patch +82f16afb2cec1dfca66e4057daf02694 0002-fix-typo.patch +fc502befeee596d5a1cf78d4f294a3e9 0003-Update-the-openvswitch-bridge-attach-code.patch" sha256sums="2aea199a89e2cd946f93406af6c3f62844f36954b79a6991b36d2c33022cb11c lxc-1.0.6.tar.gz b6d85fb23940d2511b3951de56b2532843c0e03ec1613548366361cc0c1a46b9 version.patch -bc108a722dc359a24c48837ef7012c776b1d20a533ae0e2231f75081dad4e2f5 lxc.initd" +bc108a722dc359a24c48837ef7012c776b1d20a533ae0e2231f75081dad4e2f5 lxc.initd +a415aa17655788a49627eb2e06fd06b3f73dfea283a9c67c9bf7029430fcca88 0001-Support-openvswitch-bridges.patch +e6502aa038b18dc4dff7eea6d916215babb8ce775d7c79b2fb7669edcc23ea97 0002-fix-typo.patch +3a63dda403a2fab04fa5d2c9e7762efdcb911cbd913399b8226abdec6643fec9 0003-Update-the-openvswitch-bridge-attach-code.patch" sha512sums="fe85ccb57865d86704df6b4b79d60f31892785b07dc9dd2580cc6c384c89c29c23516e906b7a16bc03c6582c1fb2432bb8ff11bd17c09efa8f6a035fb41f46b1 lxc-1.0.6.tar.gz e2ffcbf55447291a8434a4f37255c3a6a119bc4116c75d205006aa2b070bf6be28535cf6107bead14bbf64bf9fa415346ab544bd1c15e1add7d1c6380e6b2def version.patch -6618ceb59f1927bb82ad1a0fe0a7d4c452ced7855d8f0953556fce9154f30a4c5afbd7a2ab07fb26e6e793b07d4c8f906f8dc27c1defe0580dcf1545c80d1d60 lxc.initd" +6618ceb59f1927bb82ad1a0fe0a7d4c452ced7855d8f0953556fce9154f30a4c5afbd7a2ab07fb26e6e793b07d4c8f906f8dc27c1defe0580dcf1545c80d1d60 lxc.initd +636dc009496f8648ba10aec6b590c2d1f5db17bf76161fec2b38a7a994198d2ac9c1af7e342f4d3e695d53951b5309447f20155fb79e00489a2f5c0513d08d89 0001-Support-openvswitch-bridges.patch +dc5f5f230df91ea951e231aaedebab8217bcf6a676e2da88f4db3e0b36cdd922fb888c0f6a0eb34d5065add9c002b080c9ac687f9cd16875bd18d4f120f56d6e 0002-fix-typo.patch +c7089b58dc7c4d2fc8cb245c7eb43930bd9e821e136e5461c3f79af063c640076c07d92afd5675cc57bb832e85690d917b87b337d075505a65e154efa7c45bc0 0003-Update-the-openvswitch-bridge-attach-code.patch" diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch deleted file mode 100644 index 158efcf42..000000000 --- a/main/lxc/alpine-template-backport.patch +++ /dev/null @@ -1,201 +0,0 @@ -diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in -index 962d274..ce7226f 100644 ---- a/templates/lxc-alpine.in -+++ b/templates/lxc-alpine.in -@@ -1,20 +1,99 @@ - #!/bin/sh - -+key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub -+2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub" -+ -+get_static_apk () { -+ wget="wget -q -O -" -+ pkglist=alpine-keys:apk-tools-static -+ auto_repo_dir= -+ -+ if [ -z "$repository" ]; then -+ url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi -+ if [ -z "$release" ]; then -+ echo -n "Determining the latest release... " -+ release=$($wget $url/.latest.$apk_arch.txt | \ -+ cut -d " " -f 3 | cut -d / -f 1 | uniq) -+ if [ -z "$release" ]; then -+ echo failed -+ return 1 -+ fi -+ echo $release -+ fi -+ auto_repo_dir=$release/main -+ repository=$url/$auto_repo_dir -+ pkglist=$pkglist:alpine-mirrors -+ fi -+ -+ rootfs="$1" -+ echo "Using static apk from $repository/$apk_arch" -+ wget="$wget $repository/$apk_arch" -+ -+ # parse APKINDEX to find the current versions -+ static_pkgs=$($wget/APKINDEX.tar.gz | \ -+ tar -Oxz APKINDEX | \ -+ awk -F: -v pkglist=$pkglist ' -+ BEGIN { split(pkglist,pkg) } -+ $0 != "" { f[$1] = $2 } -+ $0 == "" { for (i in pkg) -+ if (pkg[i] == f["P"]) -+ print(f["P"] "-" f["V"] ".apk") }') -+ [ "$static_pkgs" ] || return 1 -+ -+ mkdir -p "$rootfs" || return 1 -+ for pkg in $static_pkgs; do -+ echo "Downloading $pkg" -+ $wget/$pkg | tar -xz -C "$rootfs" -+ done -+ -+ # clean up .apk meta files -+ rm -f "$rootfs"/.[A-Z]* -+ -+ # verify checksum of the key -+ keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//') -+ checksum=$(echo "$key_sha256sums" | grep -w "$keyname") -+ if [ -z "$checksum" ]; then -+ echo "ERROR: checksum is missing for $keyname" -+ return 1 -+ fi -+ (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1 -+ -+ # verify the static apk binary signature -+ APK=$rootfs/sbin/apk.static -+ openssl dgst -verify $rootfs/etc/apk/keys/$keyname \ -+ -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1 -+ -+ if [ "$auto_repo_dir" ]; then -+ mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt -+ mirror_count=$(wc -l $mirror_list | cut -d " " -f 1) -+ repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \ -+ $mirror_list)$auto_repo_dir -+ echo "Selecting mirror $repository" -+ fi -+} -+ - install_alpine() { - rootfs="$1" - shift - mkdir -p "$rootfs"/etc/apk || return 1 -- cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/ -+ : ${keys_dir:=/etc/apk/keys} -+ if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then -+ cp -r "$keys_dir" "$rootfs"/etc/apk/keys -+ fi - if [ -n "$repository" ]; then - echo "$repository" > "$rootfs"/etc/apk/repositories - else - cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1 -+ if [ -n "$release" ]; then -+ sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \ -+ "$rootfs"/etc/apk/repositories -+ fi - fi - opt_arch= - if [ -n "$apk_arch" ]; then - opt_arch="--arch $apk_arch" - fi -- ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base -+ $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base - } - - configure_alpine() { -@@ -109,6 +188,7 @@ EOF - lxc.tty = 4 - lxc.pts = 1024 - lxc.utsname = $hostname -+lxc.cap.drop = sys_module mac_admin mac_override sys_time - - # When using LXC with apparmor, uncomment the next line to run unconfined: - #lxc.aa_profile = unconfined -@@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm - lxc.cgroup.devices.allow = c 136:* rwm - lxc.cgroup.devices.allow = c 5:2 rwm - # rtc --lxc.cgroup.devices.allow = c 254:0 rwm -+lxc.cgroup.devices.allow = c 254:0 rm - - # mounts point - lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 -@@ -148,8 +228,10 @@ die() { - - usage() { - cat >&2 <] [-a|--arch ] -- -p|--path -n|--name [PKG...] -+Usage: $(basename $0) [-h|--help] [-r|--repository ] -+ [-R|--release ] [-a|--arch ] -+ [--rootfs ] -p|--path -n|--name -+ [PKG...] - EOF - } - -@@ -165,6 +247,14 @@ optarg_check() { - } - - default_path=@LXCPATH@ -+release= -+arch=$(uname -m) -+ -+# template mknods, requires root -+if [ $(id -u) -ne 0 ]; then -+ echo "$(basename $0): must be run as root" >&2 -+ exit 1 -+fi - - while [ $# -gt 0 ]; do - opt="$1" -@@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do - name=$1 - shift - ;; -+ --rootfs) -+ optarg_check $opt "$1" -+ rootfs=$1 -+ shift -+ ;; - -p|--path) - optarg_check $opt "$1" - path=$1 -@@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do - repository=$1 - shift - ;; -+ -R|--release) -+ optarg_check $opt "$1" -+ release=$1 -+ shift -+ ;; - -a|--arch) - optarg_check $opt "$1" - arch=$1 -@@ -217,9 +317,11 @@ if [ -z "${path}" ]; then - path="${default_path}/${name}" - fi - --rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` - if [ -z "$rootfs" ]; then -- rootfs="${path}/rootfs" -+ rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` -+ if [ -z "$rootfs" ]; then -+ rootfs="${path}/rootfs" -+ fi - fi - - lxc_arch=$arch -@@ -234,6 +336,11 @@ case "$arch" in - *) die "unsupported architecture: $arch";; - esac - -+: ${APK:=apk} -+if ! which $APK >/dev/null; then -+ get_static_apk "$rootfs" || die "Failed to download a valid static apk" -+fi -+ - install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name" - configure_alpine "$rootfs" "$name" || die "Failed to configure $name" - copy_configuration "$path" "$rootfs" "$name" diff --git a/main/lxc/bb-rm.patch b/main/lxc/bb-rm.patch deleted file mode 100644 index c93adb33a..000000000 --- a/main/lxc/bb-rm.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ./src/lxc/lxc-destroy.in.orig 2013-04-15 07:38:58.383545701 +0000 -+++ ./src/lxc/lxc-destroy.in 2013-04-15 07:42:22.552123148 +0000 -@@ -137,10 +137,10 @@ - btrfs subvolume delete "$rootdev" - else - # In case rootfs is not under $lxc_path/$lxc_name, remove it -- rm -rf --one-file-system --preserve-root $rootdev -+ find $rootdev -xdev -delete - fi - fi - fi - - # recursively remove the container to remove old container configuration --rm -rf --one-file-system --preserve-root $lxc_path/$lxc_name -+find $lxc_path/$lxc_name -xdev -delete diff --git a/main/lxc/bb-shutdown.patch b/main/lxc/bb-shutdown.patch deleted file mode 100644 index 406303215..000000000 --- a/main/lxc/bb-shutdown.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- ./src/lxc/lxc-shutdown.in.orig 2013-04-15 07:43:04.709177850 +0000 -+++ ./src/lxc/lxc-shutdown.in 2013-04-15 07:45:43.213958405 +0000 -@@ -118,11 +118,21 @@ - exit 1 - fi - -+signal_reboot=INT -+signal_poweroff=PWR -+init_exe=$(readlink -f /proc/$pid/exe) -+case ${init_exe} in -+ */busybox) -+ signal_reboot=TERM -+ signal_poweroff=USR2 -+ ;; -+esac -+ - if [ $reboot -eq 1 ]; then -- kill -s INT $pid -+ kill -s $signal_reboot $pid - exit 0 - else -- kill -s PWR $pid -+ kill -s $signal_poweroff $pid - fi - - if [ $dowait -eq 0 ]; then diff --git a/main/lxc/lxc-fix-headers.patch b/main/lxc/lxc-fix-headers.patch deleted file mode 100644 index bc7f8e59c..000000000 --- a/main/lxc/lxc-fix-headers.patch +++ /dev/null @@ -1,435 +0,0 @@ -diff -ru lxc-0.9.0.orig/src/lua-lxc/core.c lxc-0.9.0/src/lua-lxc/core.c ---- lxc-0.9.0.orig/src/lua-lxc/core.c 2013-10-10 09:22:58.841387605 +0300 -+++ lxc-0.9.0/src/lua-lxc/core.c 2013-10-10 09:23:13.847971218 +0300 -@@ -21,7 +21,6 @@ - */ - - #define LUA_LIB --#define _GNU_SOURCE - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/attach.c lxc-0.9.0/src/lxc/attach.c ---- lxc-0.9.0.orig/src/lxc/attach.c 2013-10-10 09:22:58.841387605 +0300 -+++ lxc-0.9.0/src/lxc/attach.c 2013-10-10 09:23:13.847971218 +0300 -@@ -21,13 +21,14 @@ - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - --#define _GNU_SOURCE -+#include "config.h" - #include - #include - #include - #include - #include - #include -+#include - #include - #include - #include -@@ -44,7 +45,6 @@ - #include "log.h" - #include "attach.h" - #include "caps.h" --#include "config.h" - #include "apparmor.h" - - lxc_log_define(lxc_attach, lxc); -diff -ru lxc-0.9.0.orig/src/lxc/caps.c lxc-0.9.0/src/lxc/caps.c ---- lxc-0.9.0.orig/src/lxc/caps.c 2013-10-10 09:22:58.841387605 +0300 -+++ lxc-0.9.0/src/lxc/caps.c 2013-10-10 09:23:13.847971218 +0300 -@@ -21,7 +21,7 @@ - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - --#define _GNU_SOURCE -+#include "config.h" - #include - #include - #include -@@ -29,7 +29,6 @@ - #include - #include - --#include "config.h" - #include "log.h" - - lxc_log_define(lxc_caps, lxc); -diff -ru lxc-0.9.0.orig/src/lxc/cgroup.c lxc-0.9.0/src/lxc/cgroup.c ---- lxc-0.9.0.orig/src/lxc/cgroup.c 2013-10-10 09:22:58.841387605 +0300 -+++ lxc-0.9.0/src/lxc/cgroup.c 2013-10-10 09:28:10.249698806 +0300 -@@ -20,9 +20,8 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCE - #include - #include - #include -@@ -37,7 +36,6 @@ - #include - - #include "error.h" --#include "config.h" - #include "commands.h" - - #include -diff -ru lxc-0.9.0.orig/src/lxc/commands.c lxc-0.9.0/src/lxc/commands.c ---- lxc-0.9.0.orig/src/lxc/commands.c 2013-10-10 09:22:58.841387605 +0300 -+++ lxc-0.9.0/src/lxc/commands.c 2013-10-10 09:23:13.851304534 +0300 -@@ -28,7 +28,7 @@ - #include - #include - #include --#include -+#include - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/conf.c lxc-0.9.0/src/lxc/conf.c ---- lxc-0.9.0.orig/src/lxc/conf.c 2013-10-10 09:22:58.844720784 +0300 -+++ lxc-0.9.0/src/lxc/conf.c 2013-10-10 09:28:30.296256871 +0300 -@@ -20,9 +20,8 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCE - #include - #include - #include -@@ -58,7 +57,6 @@ - #include "network.h" - #include "error.h" - #include "parse.h" --#include "config.h" - #include "utils.h" - #include "conf.h" - #include "log.h" -diff -ru lxc-0.9.0.orig/src/lxc/confile.c lxc-0.9.0/src/lxc/confile.c ---- lxc-0.9.0.orig/src/lxc/confile.c 2013-10-10 09:22:58.844720784 +0300 -+++ lxc-0.9.0/src/lxc/confile.c 2013-10-10 09:28:45.472841319 +0300 -@@ -20,7 +20,7 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include - #include - #include -@@ -38,7 +38,6 @@ - #include - - #include "parse.h" --#include "config.h" - #include "confile.h" - #include "utils.h" - -diff -ru lxc-0.9.0.orig/src/lxc/freezer.c lxc-0.9.0/src/lxc/freezer.c ---- lxc-0.9.0.orig/src/lxc/freezer.c 2013-10-10 09:22:58.844720784 +0300 -+++ lxc-0.9.0/src/lxc/freezer.c 2013-10-10 09:29:01.486087901 +0300 -@@ -20,9 +20,8 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCE - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/lxc_attach.c lxc-0.9.0/src/lxc/lxc_attach.c ---- lxc-0.9.0.orig/src/lxc/lxc_attach.c 2013-10-10 09:22:58.844720784 +0300 -+++ lxc-0.9.0/src/lxc/lxc_attach.c 2013-10-10 09:29:19.079325924 +0300 -@@ -21,7 +21,7 @@ - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - --#define _GNU_SOURCE -+#include "config.h" - #include - #include - #include -@@ -36,7 +36,6 @@ - #include "arguments.h" - #include "caps.h" - #include "cgroup.h" --#include "config.h" - #include "confile.h" - #include "start.h" - #include "sync.h" -diff -ru lxc-0.9.0.orig/src/lxc/lxc_checkpoint.c lxc-0.9.0/src/lxc/lxc_checkpoint.c ---- lxc-0.9.0.orig/src/lxc/lxc_checkpoint.c 2013-10-10 09:22:58.844720784 +0300 -+++ lxc-0.9.0/src/lxc/lxc_checkpoint.c 2013-10-10 09:25:41.587170847 +0300 -@@ -20,7 +20,7 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include - #include - #include -@@ -35,7 +35,6 @@ - #include - - #include "arguments.h" --#include "config.h" - #include "caps.h" - - lxc_log_define(lxc_checkpoint_ui, lxc_checkpoint); -diff -ru lxc-0.9.0.orig/src/lxc/lxc_console.c lxc-0.9.0/src/lxc/lxc_console.c ---- lxc-0.9.0.orig/src/lxc/lxc_console.c 2013-10-10 09:22:58.844720784 +0300 -+++ lxc-0.9.0/src/lxc/lxc_console.c 2013-10-10 09:23:13.854637849 +0300 -@@ -21,9 +21,7 @@ - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - --#define _GNU_SOURCE - #include --#undef _GNU_SOURCE - #include - #include - #include -@@ -35,7 +33,7 @@ - #include - #include - #include --#include -+#include - #include - - #include "error.h" -diff -ru lxc-0.9.0.orig/src/lxc/lxc_execute.c lxc-0.9.0/src/lxc/lxc_execute.c ---- lxc-0.9.0.orig/src/lxc/lxc_execute.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxc_execute.c 2013-10-10 09:25:21.023948914 +0300 -@@ -20,7 +20,7 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include - #include - #include -@@ -37,7 +37,6 @@ - #include "conf.h" - #include "confile.h" - #include "arguments.h" --#include "config.h" - #include "start.h" - #include "utils.h" - -diff -ru lxc-0.9.0.orig/src/lxc/lxc_init.c lxc-0.9.0/src/lxc/lxc_init.c ---- lxc-0.9.0.orig/src/lxc/lxc_init.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxc_init.c 2013-10-10 09:23:13.854637849 +0300 -@@ -30,7 +30,6 @@ - #include - #include - #include --#define _GNU_SOURCE - #include - - #include "log.h" -diff -ru lxc-0.9.0.orig/src/lxc/lxc_restart.c lxc-0.9.0/src/lxc/lxc_restart.c ---- lxc-0.9.0.orig/src/lxc/lxc_restart.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxc_restart.c 2013-10-10 09:25:59.123742508 +0300 -@@ -20,9 +20,8 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCE - #include - #include - #include -@@ -33,7 +32,6 @@ - #include "lxc.h" - #include "caps.h" - #include "conf.h" --#include "config.h" - #include "confile.h" - #include "arguments.h" - #include "utils.h" -diff -ru lxc-0.9.0.orig/src/lxc/lxc_start.c lxc-0.9.0/src/lxc/lxc_start.c ---- lxc-0.9.0.orig/src/lxc/lxc_start.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxc_start.c 2013-10-10 09:24:30.684221628 +0300 -@@ -20,9 +20,8 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCE - #include - #include - #include -@@ -46,7 +45,6 @@ - #include "conf.h" - #include "cgroup.h" - #include "utils.h" --#include "config.h" - #include "confile.h" - #include "arguments.h" - -diff -ru lxc-0.9.0.orig/src/lxc/lxc_unshare.c lxc-0.9.0/src/lxc/lxc_unshare.c ---- lxc-0.9.0.orig/src/lxc/lxc_unshare.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxc_unshare.c 2013-10-10 09:23:13.854637849 +0300 -@@ -20,9 +20,7 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE - #include --#undef _GNU_SOURCE - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/lxccontainer.c lxc-0.9.0/src/lxc/lxccontainer.c ---- lxc-0.9.0.orig/src/lxc/lxccontainer.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxccontainer.c 2013-10-10 09:23:13.854637849 +0300 -@@ -800,7 +800,7 @@ - if (pid < 0) - return false; - if (pid == 0) { // child -- ret = execlp("lxc-destroy", "lxc-destroy", "-n", c->name, "-P", c->config_path, NULL); -+ ret = execlp("lxc-destroy", "lxc-destroy", "-n", c->name, "-P", c->config_path, (void*)0); - perror("execl"); - exit(1); - } -diff -ru lxc-0.9.0.orig/src/lxc/lxclock.c lxc-0.9.0/src/lxc/lxclock.c ---- lxc-0.9.0.orig/src/lxc/lxclock.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxclock.c 2013-10-10 09:23:13.854637849 +0300 -@@ -18,8 +18,8 @@ - */ - - #include "lxclock.h" --#include - #include -+#include - - #define OFLAG (O_CREAT | O_RDWR) - #define SEMMODE 0660 -diff -ru lxc-0.9.0.orig/src/lxc/lxcutmp.c lxc-0.9.0/src/lxc/lxcutmp.c ---- lxc-0.9.0.orig/src/lxc/lxcutmp.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/lxcutmp.c 2013-10-10 09:23:13.854637849 +0300 -@@ -63,6 +63,8 @@ - #include "lxc.h" - #include "log.h" - -+#include -+ - #ifndef __USE_GNU - #define __USE_GNU - #endif -diff -ru lxc-0.9.0.orig/src/lxc/network.c lxc-0.9.0/src/lxc/network.c ---- lxc-0.9.0.orig/src/lxc/network.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/network.c 2013-10-10 09:30:26.518960572 +0300 -@@ -20,9 +20,8 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCe - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/parse.c lxc-0.9.0/src/lxc/parse.c ---- lxc-0.9.0.orig/src/lxc/parse.c 2013-10-10 09:22:58.848053921 +0300 -+++ lxc-0.9.0/src/lxc/parse.c 2013-10-10 09:23:30.724546457 +0300 -@@ -20,16 +20,14 @@ - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ --#define _GNU_SOURCE -+#include "config.h" - #include --#undef _GNU_SOURCE - #include - #include - #include - #include - - #include "parse.h" --#include "config.h" - #include - - /* Define getline() if missing from the C library */ -diff -ru lxc-0.9.0.orig/src/lxc/restart.c lxc-0.9.0/src/lxc/restart.c ---- lxc-0.9.0.orig/src/lxc/restart.c 2013-10-10 09:22:58.851387051 +0300 -+++ lxc-0.9.0/src/lxc/restart.c 2013-10-10 09:23:13.857971164 +0300 -@@ -24,7 +24,6 @@ - #include "config.h" - - #include --#undef _GNU_SOURCE - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/seccomp.c lxc-0.9.0/src/lxc/seccomp.c ---- lxc-0.9.0.orig/src/lxc/seccomp.c 2013-10-10 09:22:58.851387051 +0300 -+++ lxc-0.9.0/src/lxc/seccomp.c 2013-10-10 09:23:13.857971164 +0300 -@@ -21,7 +21,6 @@ - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - --#define _GNU_SOURCE - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/start.c lxc-0.9.0/src/lxc/start.c ---- lxc-0.9.0.orig/src/lxc/start.c 2013-10-10 09:22:58.851387051 +0300 -+++ lxc-0.9.0/src/lxc/start.c 2013-10-10 09:23:13.857971164 +0300 -@@ -24,7 +24,6 @@ - #include "config.h" - - #include --#undef _GNU_SOURCE - #include - #include - #include -@@ -43,7 +42,7 @@ - #include - #include - #include --#include -+#include - #include - - #if HAVE_SYS_CAPABILITY_H -diff -ru lxc-0.9.0.orig/src/lxc/utils.c lxc-0.9.0/src/lxc/utils.c ---- lxc-0.9.0.orig/src/lxc/utils.c 2013-10-10 09:22:58.851387051 +0300 -+++ lxc-0.9.0/src/lxc/utils.c 2013-10-10 09:23:13.857971164 +0300 -@@ -21,7 +21,6 @@ - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - --#define _GNU_SOURCE - #include - #include - #include -diff -ru lxc-0.9.0.orig/src/lxc/utils.h lxc-0.9.0/src/lxc/utils.h ---- lxc-0.9.0.orig/src/lxc/utils.h 2013-10-10 09:22:58.851387051 +0300 -+++ lxc-0.9.0/src/lxc/utils.h 2013-10-10 09:23:13.857971164 +0300 -@@ -23,6 +23,8 @@ - #ifndef _utils_h - #define _utils_h - -+#include -+ - extern int lxc_copy_file(const char *src, const char *dst); - extern int lxc_setup_fs(void); - extern int get_u16(unsigned short *val, const char *arg, int base); -- cgit v1.2.3