diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-07-25 09:47:06 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-08-28 12:11:10 +0000 |
commit | 793085aea6663a96e5031eeeff33f47c382e7445 (patch) | |
tree | 06b9afe67cf8a986c4d58706f3e9e997086884d7 | |
parent | 72e8e8a38a569b2bcf30bac906fddde43b66d997 (diff) | |
download | alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.tar.bz2 alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.tar.xz alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.zip |
main/lxc: backport alpine template from git
so we get --release support
(cherry picked from commit 88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2)
-rw-r--r-- | main/lxc/APKBUILD | 6 | ||||
-rw-r--r-- | main/lxc/alpine-template-backport.patch | 201 |
2 files changed, 206 insertions, 1 deletions
diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD index 054fbe2c82..4a65633b7a 100644 --- a/main/lxc/APKBUILD +++ b/main/lxc/APKBUILD | |||
@@ -3,7 +3,7 @@ | |||
3 | pkgname=lxc | 3 | pkgname=lxc |
4 | pkgver=0.9.0 | 4 | pkgver=0.9.0 |
5 | _mypkgver=${pkgver/_rc/-rc} | 5 | _mypkgver=${pkgver/_rc/-rc} |
6 | pkgrel=0 | 6 | pkgrel=1 |
7 | pkgdesc="linux containers - tools" | 7 | pkgdesc="linux containers - tools" |
8 | url="http://lxc.sourceforge.net/" | 8 | url="http://lxc.sourceforge.net/" |
9 | arch="all" | 9 | arch="all" |
@@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc" | |||
16 | source="http://lxc.sourceforge.net/download/lxc/$pkgname-$_mypkgver.tar.gz | 16 | source="http://lxc.sourceforge.net/download/lxc/$pkgname-$_mypkgver.tar.gz |
17 | bb-rm.patch | 17 | bb-rm.patch |
18 | bb-shutdown.patch | 18 | bb-shutdown.patch |
19 | alpine-template-backport.patch | ||
19 | lxc.initd | 20 | lxc.initd |
20 | " | 21 | " |
21 | 22 | ||
@@ -50,12 +51,15 @@ package() { | |||
50 | md5sums="8552a4479090616f4bc04d8473765fc9 lxc-0.9.0.tar.gz | 51 | md5sums="8552a4479090616f4bc04d8473765fc9 lxc-0.9.0.tar.gz |
51 | a0894c2ddf9133c3cc33c264e4596a3c bb-rm.patch | 52 | a0894c2ddf9133c3cc33c264e4596a3c bb-rm.patch |
52 | e96514860ee34b62d1b208ab03c569bc bb-shutdown.patch | 53 | e96514860ee34b62d1b208ab03c569bc bb-shutdown.patch |
54 | 25dd200bd158d16a05bb3e7aaef84697 alpine-template-backport.patch | ||
53 | f3c6998798b13425b8d0647bad0834a8 lxc.initd" | 55 | f3c6998798b13425b8d0647bad0834a8 lxc.initd" |
54 | sha256sums="1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120 lxc-0.9.0.tar.gz | 56 | sha256sums="1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120 lxc-0.9.0.tar.gz |
55 | c9caea06b87baf5e335821c7e9ce3caca849b33f8176fbd48126c605583e78fc bb-rm.patch | 57 | c9caea06b87baf5e335821c7e9ce3caca849b33f8176fbd48126c605583e78fc bb-rm.patch |
56 | 0e5706cb077f750afdd6a5a4fd2afdf0b9113126c85e130d92680bed4ce9c20e bb-shutdown.patch | 58 | 0e5706cb077f750afdd6a5a4fd2afdf0b9113126c85e130d92680bed4ce9c20e bb-shutdown.patch |
59 | df193c4cf08e171c23b0b472750b7b1e0e7a66971c03201a0523e4039909f33b alpine-template-backport.patch | ||
57 | 77c64e6137457be89c150b82d681a3eb5c7c1f06af142a321703fc9a43bff200 lxc.initd" | 60 | 77c64e6137457be89c150b82d681a3eb5c7c1f06af142a321703fc9a43bff200 lxc.initd" |
58 | sha512sums="a96133660ca6ea45dc4b8d167267120328577339e933ff9510f03e9d368ca5db77031dc1e7e4529b3e506f63f79c2ce3f8f72571a7dfdbeb2a8799777782a606 lxc-0.9.0.tar.gz | 61 | sha512sums="a96133660ca6ea45dc4b8d167267120328577339e933ff9510f03e9d368ca5db77031dc1e7e4529b3e506f63f79c2ce3f8f72571a7dfdbeb2a8799777782a606 lxc-0.9.0.tar.gz |
59 | b8fe47af6b1341ca472b6337c304f52402c53d400fc1d13895f2f568dd4d81b9ff281efc70bc1ddc221ac457db3bed4a199491059a15f66755deddc93ce91bf1 bb-rm.patch | 62 | b8fe47af6b1341ca472b6337c304f52402c53d400fc1d13895f2f568dd4d81b9ff281efc70bc1ddc221ac457db3bed4a199491059a15f66755deddc93ce91bf1 bb-rm.patch |
60 | 86df52e380a01d6d3f588ca395925e8f774529c72e5b4c8dcb701d79fad7697ed8800f0ff51fded2896b2d2af49faa7f26960234fc8c1a6b4bc8f42d85078e6d bb-shutdown.patch | 63 | 86df52e380a01d6d3f588ca395925e8f774529c72e5b4c8dcb701d79fad7697ed8800f0ff51fded2896b2d2af49faa7f26960234fc8c1a6b4bc8f42d85078e6d bb-shutdown.patch |
64 | d10e25aeee0aba61a4c3420fe1b2bfd9213e7ef10f399ed5f0ba5d978a97a49fd23044b098f73f6d9651c23b1bb025f30d81deb6aec9edf4d2267afc22a09d60 alpine-template-backport.patch | ||
61 | 4e56f7b869345f936df54c4359abdd3b8d0244c0fd71a9a787bc2393c4caabca22ca8417f16da47f02c86294750986fd674d0d2e7c1b1d096076873b22c07a29 lxc.initd" | 65 | 4e56f7b869345f936df54c4359abdd3b8d0244c0fd71a9a787bc2393c4caabca22ca8417f16da47f02c86294750986fd674d0d2e7c1b1d096076873b22c07a29 lxc.initd" |
diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch new file mode 100644 index 0000000000..158efcf422 --- /dev/null +++ b/main/lxc/alpine-template-backport.patch | |||
@@ -0,0 +1,201 @@ | |||
1 | diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in | ||
2 | index 962d274..ce7226f 100644 | ||
3 | --- a/templates/lxc-alpine.in | ||
4 | +++ b/templates/lxc-alpine.in | ||
5 | @@ -1,20 +1,99 @@ | ||
6 | #!/bin/sh | ||
7 | |||
8 | +key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub | ||
9 | +2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub" | ||
10 | + | ||
11 | +get_static_apk () { | ||
12 | + wget="wget -q -O -" | ||
13 | + pkglist=alpine-keys:apk-tools-static | ||
14 | + auto_repo_dir= | ||
15 | + | ||
16 | + if [ -z "$repository" ]; then | ||
17 | + url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi | ||
18 | + if [ -z "$release" ]; then | ||
19 | + echo -n "Determining the latest release... " | ||
20 | + release=$($wget $url/.latest.$apk_arch.txt | \ | ||
21 | + cut -d " " -f 3 | cut -d / -f 1 | uniq) | ||
22 | + if [ -z "$release" ]; then | ||
23 | + echo failed | ||
24 | + return 1 | ||
25 | + fi | ||
26 | + echo $release | ||
27 | + fi | ||
28 | + auto_repo_dir=$release/main | ||
29 | + repository=$url/$auto_repo_dir | ||
30 | + pkglist=$pkglist:alpine-mirrors | ||
31 | + fi | ||
32 | + | ||
33 | + rootfs="$1" | ||
34 | + echo "Using static apk from $repository/$apk_arch" | ||
35 | + wget="$wget $repository/$apk_arch" | ||
36 | + | ||
37 | + # parse APKINDEX to find the current versions | ||
38 | + static_pkgs=$($wget/APKINDEX.tar.gz | \ | ||
39 | + tar -Oxz APKINDEX | \ | ||
40 | + awk -F: -v pkglist=$pkglist ' | ||
41 | + BEGIN { split(pkglist,pkg) } | ||
42 | + $0 != "" { f[$1] = $2 } | ||
43 | + $0 == "" { for (i in pkg) | ||
44 | + if (pkg[i] == f["P"]) | ||
45 | + print(f["P"] "-" f["V"] ".apk") }') | ||
46 | + [ "$static_pkgs" ] || return 1 | ||
47 | + | ||
48 | + mkdir -p "$rootfs" || return 1 | ||
49 | + for pkg in $static_pkgs; do | ||
50 | + echo "Downloading $pkg" | ||
51 | + $wget/$pkg | tar -xz -C "$rootfs" | ||
52 | + done | ||
53 | + | ||
54 | + # clean up .apk meta files | ||
55 | + rm -f "$rootfs"/.[A-Z]* | ||
56 | + | ||
57 | + # verify checksum of the key | ||
58 | + keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//') | ||
59 | + checksum=$(echo "$key_sha256sums" | grep -w "$keyname") | ||
60 | + if [ -z "$checksum" ]; then | ||
61 | + echo "ERROR: checksum is missing for $keyname" | ||
62 | + return 1 | ||
63 | + fi | ||
64 | + (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1 | ||
65 | + | ||
66 | + # verify the static apk binary signature | ||
67 | + APK=$rootfs/sbin/apk.static | ||
68 | + openssl dgst -verify $rootfs/etc/apk/keys/$keyname \ | ||
69 | + -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1 | ||
70 | + | ||
71 | + if [ "$auto_repo_dir" ]; then | ||
72 | + mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt | ||
73 | + mirror_count=$(wc -l $mirror_list | cut -d " " -f 1) | ||
74 | + repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \ | ||
75 | + $mirror_list)$auto_repo_dir | ||
76 | + echo "Selecting mirror $repository" | ||
77 | + fi | ||
78 | +} | ||
79 | + | ||
80 | install_alpine() { | ||
81 | rootfs="$1" | ||
82 | shift | ||
83 | mkdir -p "$rootfs"/etc/apk || return 1 | ||
84 | - cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/ | ||
85 | + : ${keys_dir:=/etc/apk/keys} | ||
86 | + if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then | ||
87 | + cp -r "$keys_dir" "$rootfs"/etc/apk/keys | ||
88 | + fi | ||
89 | if [ -n "$repository" ]; then | ||
90 | echo "$repository" > "$rootfs"/etc/apk/repositories | ||
91 | else | ||
92 | cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1 | ||
93 | + if [ -n "$release" ]; then | ||
94 | + sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \ | ||
95 | + "$rootfs"/etc/apk/repositories | ||
96 | + fi | ||
97 | fi | ||
98 | opt_arch= | ||
99 | if [ -n "$apk_arch" ]; then | ||
100 | opt_arch="--arch $apk_arch" | ||
101 | fi | ||
102 | - ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base | ||
103 | + $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base | ||
104 | } | ||
105 | |||
106 | configure_alpine() { | ||
107 | @@ -109,6 +188,7 @@ EOF | ||
108 | lxc.tty = 4 | ||
109 | lxc.pts = 1024 | ||
110 | lxc.utsname = $hostname | ||
111 | +lxc.cap.drop = sys_module mac_admin mac_override sys_time | ||
112 | |||
113 | # When using LXC with apparmor, uncomment the next line to run unconfined: | ||
114 | #lxc.aa_profile = unconfined | ||
115 | @@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm | ||
116 | lxc.cgroup.devices.allow = c 136:* rwm | ||
117 | lxc.cgroup.devices.allow = c 5:2 rwm | ||
118 | # rtc | ||
119 | -lxc.cgroup.devices.allow = c 254:0 rwm | ||
120 | +lxc.cgroup.devices.allow = c 254:0 rm | ||
121 | |||
122 | # mounts point | ||
123 | lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 | ||
124 | @@ -148,8 +228,10 @@ die() { | ||
125 | |||
126 | usage() { | ||
127 | cat >&2 <<EOF | ||
128 | -Usage: $(basename $0) [-h|--help] [-r|--repository <url>] [-a|--arch <arch>] | ||
129 | - -p|--path <path> -n|--name <name> [PKG...] | ||
130 | +Usage: $(basename $0) [-h|--help] [-r|--repository <url>] | ||
131 | + [-R|--release <release>] [-a|--arch <arch>] | ||
132 | + [--rootfs <rootfs>] -p|--path <path> -n|--name <name> | ||
133 | + [PKG...] | ||
134 | EOF | ||
135 | } | ||
136 | |||
137 | @@ -165,6 +247,14 @@ optarg_check() { | ||
138 | } | ||
139 | |||
140 | default_path=@LXCPATH@ | ||
141 | +release= | ||
142 | +arch=$(uname -m) | ||
143 | + | ||
144 | +# template mknods, requires root | ||
145 | +if [ $(id -u) -ne 0 ]; then | ||
146 | + echo "$(basename $0): must be run as root" >&2 | ||
147 | + exit 1 | ||
148 | +fi | ||
149 | |||
150 | while [ $# -gt 0 ]; do | ||
151 | opt="$1" | ||
152 | @@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do | ||
153 | name=$1 | ||
154 | shift | ||
155 | ;; | ||
156 | + --rootfs) | ||
157 | + optarg_check $opt "$1" | ||
158 | + rootfs=$1 | ||
159 | + shift | ||
160 | + ;; | ||
161 | -p|--path) | ||
162 | optarg_check $opt "$1" | ||
163 | path=$1 | ||
164 | @@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do | ||
165 | repository=$1 | ||
166 | shift | ||
167 | ;; | ||
168 | + -R|--release) | ||
169 | + optarg_check $opt "$1" | ||
170 | + release=$1 | ||
171 | + shift | ||
172 | + ;; | ||
173 | -a|--arch) | ||
174 | optarg_check $opt "$1" | ||
175 | arch=$1 | ||
176 | @@ -217,9 +317,11 @@ if [ -z "${path}" ]; then | ||
177 | path="${default_path}/${name}" | ||
178 | fi | ||
179 | |||
180 | -rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` | ||
181 | if [ -z "$rootfs" ]; then | ||
182 | - rootfs="${path}/rootfs" | ||
183 | + rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` | ||
184 | + if [ -z "$rootfs" ]; then | ||
185 | + rootfs="${path}/rootfs" | ||
186 | + fi | ||
187 | fi | ||
188 | |||
189 | lxc_arch=$arch | ||
190 | @@ -234,6 +336,11 @@ case "$arch" in | ||
191 | *) die "unsupported architecture: $arch";; | ||
192 | esac | ||
193 | |||
194 | +: ${APK:=apk} | ||
195 | +if ! which $APK >/dev/null; then | ||
196 | + get_static_apk "$rootfs" || die "Failed to download a valid static apk" | ||
197 | +fi | ||
198 | + | ||
199 | install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name" | ||
200 | configure_alpine "$rootfs" "$name" || die "Failed to configure $name" | ||
201 | copy_configuration "$path" "$rootfs" "$name" | ||