main/lxc: backport alpine template from git

so we get --release support (cherry picked from commit 88a12c1ff4fc7d5a3a79000ffd0abb0e5e1d85e2)
author: Natanael Copa <ncopa@alpinelinux.org> 2013-07-25 09:47:06 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-08-28 12:11:10 +0000
commit: 793085aea6663a96e5031eeeff33f47c382e7445 (patch)
tree: 06b9afe67cf8a986c4d58706f3e9e997086884d7
parent: 72e8e8a38a569b2bcf30bac906fddde43b66d997 (diff)
download: alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.tar.bz2
alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.tar.xz
alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.zip
2 files changed, 206 insertions, 1 deletions
diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD
index 054fbe2c82..4a65633b7a 100644
--- a/main/lxc/APKBUILD
+++ b/main/lxc/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=lxc
 pkgver=0.9.0
 _mypkgver=${pkgver/_rc/-rc}
-pkgrel=0
+pkgrel=1
 pkgdesc="linux containers - tools"
 url="http://lxc.sourceforge.net/"
 arch="all"
@@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc"
 source="http://lxc.sourceforge.net/download/lxc/$pkgname-$_mypkgver.tar.gz
        bb-rm.patch
        bb-shutdown.patch
+        alpine-template-backport.patch
        lxc.initd
        "
@@ -50,12 +51,15 @@ package() {
 md5sums="8552a4479090616f4bc04d8473765fc9  lxc-0.9.0.tar.gz
 a0894c2ddf9133c3cc33c264e4596a3c  bb-rm.patch
 e96514860ee34b62d1b208ab03c569bc  bb-shutdown.patch
+25dd200bd158d16a05bb3e7aaef84697  alpine-template-backport.patch
 f3c6998798b13425b8d0647bad0834a8  lxc.initd"
 sha256sums="1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120  lxc-0.9.0.tar.gz
 c9caea06b87baf5e335821c7e9ce3caca849b33f8176fbd48126c605583e78fc  bb-rm.patch
 0e5706cb077f750afdd6a5a4fd2afdf0b9113126c85e130d92680bed4ce9c20e  bb-shutdown.patch
+df193c4cf08e171c23b0b472750b7b1e0e7a66971c03201a0523e4039909f33b  alpine-template-backport.patch
 77c64e6137457be89c150b82d681a3eb5c7c1f06af142a321703fc9a43bff200  lxc.initd"
 sha512sums="a96133660ca6ea45dc4b8d167267120328577339e933ff9510f03e9d368ca5db77031dc1e7e4529b3e506f63f79c2ce3f8f72571a7dfdbeb2a8799777782a606  lxc-0.9.0.tar.gz
 b8fe47af6b1341ca472b6337c304f52402c53d400fc1d13895f2f568dd4d81b9ff281efc70bc1ddc221ac457db3bed4a199491059a15f66755deddc93ce91bf1  bb-rm.patch
 86df52e380a01d6d3f588ca395925e8f774529c72e5b4c8dcb701d79fad7697ed8800f0ff51fded2896b2d2af49faa7f26960234fc8c1a6b4bc8f42d85078e6d  bb-shutdown.patch
+d10e25aeee0aba61a4c3420fe1b2bfd9213e7ef10f399ed5f0ba5d978a97a49fd23044b098f73f6d9651c23b1bb025f30d81deb6aec9edf4d2267afc22a09d60  alpine-template-backport.patch
 4e56f7b869345f936df54c4359abdd3b8d0244c0fd71a9a787bc2393c4caabca22ca8417f16da47f02c86294750986fd674d0d2e7c1b1d096076873b22c07a29  lxc.initd"
diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch
new file mode 100644
index 0000000000..158efcf422
--- /dev/null
+++ b/main/lxc/alpine-template-backport.patch
@@ -0,0 +1,201 @@
+diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
+index 962d274..ce7226f 100644
+--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
+@@ -1,20 +1,99 @@
+ #!/bin/sh
+ 
+key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4  alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab  alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub"
+
+get_static_apk () {
+    wget="wget -q -O -"
+    pkglist=alpine-keys:apk-tools-static
+    auto_repo_dir=
+
+    if [ -z "$repository" ]; then
+        url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi
+        if [ -z "$release" ]; then
+            echo -n "Determining the latest release... "
+            release=$($wget $url/.latest.$apk_arch.txt | \
+                cut -d " " -f 3 | cut -d / -f 1 | uniq)
+            if [ -z "$release" ]; then
+                echo failed
+                return 1
+            fi
+            echo $release
+        fi
+        auto_repo_dir=$release/main
+        repository=$url/$auto_repo_dir
+        pkglist=$pkglist:alpine-mirrors
+    fi
+
+    rootfs="$1"
+    echo "Using static apk from $repository/$apk_arch"
+    wget="$wget $repository/$apk_arch"
+
+    # parse APKINDEX to find the current versions
+    static_pkgs=$($wget/APKINDEX.tar.gz | \
+        tar -Oxz APKINDEX | \
+        awk -F: -v pkglist=$pkglist '
+            BEGIN { split(pkglist,pkg) }
+            $0 != "" { f[$1] = $2 }
+            $0 == "" { for (i in pkg)
+                           if (pkg[i] == f["P"])
+                               print(f["P"] "-" f["V"] ".apk") }')
+    [ "$static_pkgs" ] || return 1
+
+    mkdir -p "$rootfs" || return 1
+    for pkg in $static_pkgs; do
+        echo "Downloading $pkg"
+        $wget/$pkg | tar -xz -C "$rootfs"
+    done
+
+    # clean up .apk meta files
+    rm -f "$rootfs"/.[A-Z]*
+
+    # verify checksum of the key
+    keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
+    checksum=$(echo "$key_sha256sums" |  grep -w "$keyname")
+    if [ -z "$checksum" ]; then
+        echo "ERROR: checksum is missing for $keyname"
+        return 1
+    fi
+    (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1
+
+    # verify the static apk binary signature
+    APK=$rootfs/sbin/apk.static
+    openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
+        -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
+
+    if [ "$auto_repo_dir" ]; then
+        mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt
+        mirror_count=$(wc -l $mirror_list | cut -d " " -f 1)
+        repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \
+            $mirror_list)$auto_repo_dir
+        echo "Selecting mirror $repository"
+    fi
+}
+
+ install_alpine() {
+     rootfs="$1"
+     shift
+     mkdir -p "$rootfs"/etc/apk || return 1
+-    cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/
+    : ${keys_dir:=/etc/apk/keys}
+    if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then
+        cp -r "$keys_dir" "$rootfs"/etc/apk/keys
+    fi
+     if [ -n "$repository" ]; then
+         echo "$repository" > "$rootfs"/etc/apk/repositories
+     else
+         cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1
+        if [ -n "$release" ]; then
+            sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
+                "$rootfs"/etc/apk/repositories
+        fi
+     fi
+     opt_arch=
+     if [ -n "$apk_arch" ]; then
+         opt_arch="--arch $apk_arch"
+     fi
+-    ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
+    $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
+ }
+ 
+ configure_alpine() {
+@@ -109,6 +188,7 @@ EOF
+ lxc.tty = 4
+ lxc.pts = 1024
+ lxc.utsname = $hostname
+lxc.cap.drop = sys_module mac_admin mac_override sys_time
+ 
+ # When using LXC with apparmor, uncomment the next line to run unconfined:
+ #lxc.aa_profile = unconfined
+@@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm
+ lxc.cgroup.devices.allow = c 136:* rwm
+ lxc.cgroup.devices.allow = c 5:2 rwm
+ # rtc
+-lxc.cgroup.devices.allow = c 254:0 rwm
+lxc.cgroup.devices.allow = c 254:0 rm
+ 
+ # mounts point
+ lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+@@ -148,8 +228,10 @@ die() {
+ 
+ usage() {
+     cat >&2 <<EOF
+-Usage: $(basename $0) [-h|--help] [-r|--repository <url>] [-a|--arch <arch>]
+-                   -p|--path <path> -n|--name <name> [PKG...]
+Usage: $(basename $0) [-h|--help] [-r|--repository <url>]
+                   [-R|--release <release>] [-a|--arch <arch>]
+                   [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
+                   [PKG...]
+ EOF
+ }
+ 
+@@ -165,6 +247,14 @@ optarg_check() {
+ }
+ 
+ default_path=@LXCPATH@
+release=
+arch=$(uname -m)
+
+# template mknods, requires root
+if [ $(id -u) -ne 0 ]; then
+   echo "$(basename $0): must be run as root" >&2
+   exit 1
+fi
+ 
+ while [ $# -gt 0 ]; do
+     opt="$1"
+@@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do
+         name=$1
+         shift
+         ;;
+    --rootfs)
+        optarg_check $opt "$1"
+        rootfs=$1
+        shift
+        ;;
+     -p|--path)
+         optarg_check $opt "$1"
+         path=$1
+@@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do
+         repository=$1
+         shift
+        ;;
+    -R|--release)
+        optarg_check $opt "$1"
+        release=$1
+        shift
+        ;;
+     -a|--arch)
+         optarg_check $opt "$1"
+         arch=$1
+@@ -217,9 +317,11 @@ if [ -z "${path}" ]; then
+     path="${default_path}/${name}"
+ fi
+ 
+-rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
+ if [ -z "$rootfs" ]; then
+-    rootfs="${path}/rootfs"
+    rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
+    if [ -z "$rootfs" ]; then
+        rootfs="${path}/rootfs"
+    fi
+ fi
+ 
+ lxc_arch=$arch
+@@ -234,6 +336,11 @@ case "$arch" in
+        *)      die "unsupported architecture: $arch";;
+ esac
+ 
+: ${APK:=apk}
+if ! which $APK >/dev/null; then
+    get_static_apk "$rootfs" || die "Failed to download a valid static apk"
+fi
+
+ install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name"
+ configure_alpine "$rootfs" "$name" || die "Failed to configure $name"
+ copy_configuration "$path" "$rootfs" "$name"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-07-25 09:47:06 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-08-28 12:11:10 +0000
commit	793085aea6663a96e5031eeeff33f47c382e7445 (patch)
tree	06b9afe67cf8a986c4d58706f3e9e997086884d7
parent	72e8e8a38a569b2bcf30bac906fddde43b66d997 (diff)
download	alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.tar.bz2 alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.tar.xz alpine_aports-793085aea6663a96e5031eeeff33f47c382e7445.zip

diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD index 054fbe2c82..4a65633b7a 100644 --- a/main/lxc/APKBUILD +++ b/main/lxc/APKBUILD
@@ -3,7 +3,7 @@
3	pkgname=lxc	3	pkgname=lxc
4	pkgver=0.9.0	4	pkgver=0.9.0
5	_mypkgver=${pkgver/_rc/-rc}	5	_mypkgver=${pkgver/_rc/-rc}
6	pkgrel=0	6	pkgrel=1
7	pkgdesc="linux containers - tools"	7	pkgdesc="linux containers - tools"
8	url="http://lxc.sourceforge.net/"	8	url="http://lxc.sourceforge.net/"
9	arch="all"	9	arch="all"
@@ -16,6 +16,7 @@ subpackages="$pkgname-dev $pkgname-doc"
16	source="http://lxc.sourceforge.net/download/lxc/$pkgname-$_mypkgver.tar.gz	16	source="http://lxc.sourceforge.net/download/lxc/$pkgname-$_mypkgver.tar.gz
17	bb-rm.patch	17	bb-rm.patch
18	bb-shutdown.patch	18	bb-shutdown.patch
		19	alpine-template-backport.patch
19	lxc.initd	20	lxc.initd
20	"	21	"
21		22
@@ -50,12 +51,15 @@ package() {
50	md5sums="8552a4479090616f4bc04d8473765fc9 lxc-0.9.0.tar.gz	51	md5sums="8552a4479090616f4bc04d8473765fc9 lxc-0.9.0.tar.gz
51	a0894c2ddf9133c3cc33c264e4596a3c bb-rm.patch	52	a0894c2ddf9133c3cc33c264e4596a3c bb-rm.patch
52	e96514860ee34b62d1b208ab03c569bc bb-shutdown.patch	53	e96514860ee34b62d1b208ab03c569bc bb-shutdown.patch
		54	25dd200bd158d16a05bb3e7aaef84697 alpine-template-backport.patch
53	f3c6998798b13425b8d0647bad0834a8 lxc.initd"	55	f3c6998798b13425b8d0647bad0834a8 lxc.initd"
54	sha256sums="1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120 lxc-0.9.0.tar.gz	56	sha256sums="1e1767eae6cc5fbf892c0e193d25da420ba19f2db203716c38f7cdea3b654120 lxc-0.9.0.tar.gz
55	c9caea06b87baf5e335821c7e9ce3caca849b33f8176fbd48126c605583e78fc bb-rm.patch	57	c9caea06b87baf5e335821c7e9ce3caca849b33f8176fbd48126c605583e78fc bb-rm.patch
56	0e5706cb077f750afdd6a5a4fd2afdf0b9113126c85e130d92680bed4ce9c20e bb-shutdown.patch	58	0e5706cb077f750afdd6a5a4fd2afdf0b9113126c85e130d92680bed4ce9c20e bb-shutdown.patch
		59	df193c4cf08e171c23b0b472750b7b1e0e7a66971c03201a0523e4039909f33b alpine-template-backport.patch
57	77c64e6137457be89c150b82d681a3eb5c7c1f06af142a321703fc9a43bff200 lxc.initd"	60	77c64e6137457be89c150b82d681a3eb5c7c1f06af142a321703fc9a43bff200 lxc.initd"
58	sha512sums="a96133660ca6ea45dc4b8d167267120328577339e933ff9510f03e9d368ca5db77031dc1e7e4529b3e506f63f79c2ce3f8f72571a7dfdbeb2a8799777782a606 lxc-0.9.0.tar.gz	61	sha512sums="a96133660ca6ea45dc4b8d167267120328577339e933ff9510f03e9d368ca5db77031dc1e7e4529b3e506f63f79c2ce3f8f72571a7dfdbeb2a8799777782a606 lxc-0.9.0.tar.gz
59	b8fe47af6b1341ca472b6337c304f52402c53d400fc1d13895f2f568dd4d81b9ff281efc70bc1ddc221ac457db3bed4a199491059a15f66755deddc93ce91bf1 bb-rm.patch	62	b8fe47af6b1341ca472b6337c304f52402c53d400fc1d13895f2f568dd4d81b9ff281efc70bc1ddc221ac457db3bed4a199491059a15f66755deddc93ce91bf1 bb-rm.patch
60	86df52e380a01d6d3f588ca395925e8f774529c72e5b4c8dcb701d79fad7697ed8800f0ff51fded2896b2d2af49faa7f26960234fc8c1a6b4bc8f42d85078e6d bb-shutdown.patch	63	86df52e380a01d6d3f588ca395925e8f774529c72e5b4c8dcb701d79fad7697ed8800f0ff51fded2896b2d2af49faa7f26960234fc8c1a6b4bc8f42d85078e6d bb-shutdown.patch
		64	d10e25aeee0aba61a4c3420fe1b2bfd9213e7ef10f399ed5f0ba5d978a97a49fd23044b098f73f6d9651c23b1bb025f30d81deb6aec9edf4d2267afc22a09d60 alpine-template-backport.patch
61	4e56f7b869345f936df54c4359abdd3b8d0244c0fd71a9a787bc2393c4caabca22ca8417f16da47f02c86294750986fd674d0d2e7c1b1d096076873b22c07a29 lxc.initd"	65	4e56f7b869345f936df54c4359abdd3b8d0244c0fd71a9a787bc2393c4caabca22ca8417f16da47f02c86294750986fd674d0d2e7c1b1d096076873b22c07a29 lxc.initd"


diff --git a/main/lxc/alpine-template-backport.patch b/main/lxc/alpine-template-backport.patch new file mode 100644 index 0000000000..158efcf422 --- /dev/null +++ b/main/lxc/alpine-template-backport.patch
@@ -0,0 +1,201 @@
		1	diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
		2	index 962d274..ce7226f 100644
		3	--- a/templates/lxc-alpine.in
		4	+++ b/templates/lxc-alpine.in
		5	@@ -1,20 +1,99 @@
		6	#!/bin/sh
		7
		8	+key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
		9	+2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub"
		10	+
		11	+get_static_apk () {
		12	+ wget="wget -q -O -"
		13	+ pkglist=alpine-keys:apk-tools-static
		14	+ auto_repo_dir=
		15	+
		16	+ if [ -z "$repository" ]; then
		17	+ url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi
		18	+ if [ -z "$release" ]; then
		19	+ echo -n "Determining the latest release... "
		20	+ release=$($wget $url/.latest.$apk_arch.txt \| \
		21	+ cut -d " " -f 3 \| cut -d / -f 1 \| uniq)
		22	+ if [ -z "$release" ]; then
		23	+ echo failed
		24	+ return 1
		25	+ fi
		26	+ echo $release
		27	+ fi
		28	+ auto_repo_dir=$release/main
		29	+ repository=$url/$auto_repo_dir
		30	+ pkglist=$pkglist:alpine-mirrors
		31	+ fi
		32	+
		33	+ rootfs="$1"
		34	+ echo "Using static apk from $repository/$apk_arch"
		35	+ wget="$wget $repository/$apk_arch"
		36	+
		37	+ # parse APKINDEX to find the current versions
		38	+ static_pkgs=$($wget/APKINDEX.tar.gz \| \
		39	+ tar -Oxz APKINDEX \| \
		40	+ awk -F: -v pkglist=$pkglist '
		41	+ BEGIN { split(pkglist,pkg) }
		42	+ $0 != "" { f[$1] = $2 }
		43	+ $0 == "" { for (i in pkg)
		44	+ if (pkg[i] == f["P"])
		45	+ print(f["P"] "-" f["V"] ".apk") }')
		46	+ [ "$static_pkgs" ] \|\| return 1
		47	+
		48	+ mkdir -p "$rootfs" \|\| return 1
		49	+ for pkg in $static_pkgs; do
		50	+ echo "Downloading $pkg"
		51	+ $wget/$pkg \| tar -xz -C "$rootfs"
		52	+ done
		53	+
		54	+ # clean up .apk meta files
		55	+ rm -f "$rootfs"/.[A-Z]*
		56	+
		57	+ # verify checksum of the key
		58	+ keyname=$(echo $rootfs/sbin/apk.static..pub \| sed 's/.\.SIGN\.RSA\.//')
		59	+ checksum=$(echo "$key_sha256sums" \| grep -w "$keyname")
		60	+ if [ -z "$checksum" ]; then
		61	+ echo "ERROR: checksum is missing for $keyname"
		62	+ return 1
		63	+ fi
		64	+ (cd $rootfs/etc/apk/keys && echo "$checksum" \| sha256sum -c -) \|\| return 1
		65	+
		66	+ # verify the static apk binary signature
		67	+ APK=$rootfs/sbin/apk.static
		68	+ openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
		69	+ -signature "$APK.SIGN.RSA.$keyname" "$APK" \|\| return 1
		70	+
		71	+ if [ "$auto_repo_dir" ]; then
		72	+ mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt
		73	+ mirror_count=$(wc -l $mirror_list \| cut -d " " -f 1)
		74	+ repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \
		75	+ $mirror_list)$auto_repo_dir
		76	+ echo "Selecting mirror $repository"
		77	+ fi
		78	+}
		79	+
		80	install_alpine() {
		81	rootfs="$1"
		82	shift
		83	mkdir -p "$rootfs"/etc/apk \|\| return 1
		84	- cp -r ${keys_dir:-/etc/apk/keys} "$rootfs"/etc/apk/
		85	+ : ${keys_dir:=/etc/apk/keys}
		86	+ if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then
		87	+ cp -r "$keys_dir" "$rootfs"/etc/apk/keys
		88	+ fi
		89	if [ -n "$repository" ]; then
		90	echo "$repository" > "$rootfs"/etc/apk/repositories
		91	else
		92	cp /etc/apk/repositories "$rootfs"/etc/apk/repositories \|\| return 1
		93	+ if [ -n "$release" ]; then
		94	+ sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
		95	+ "$rootfs"/etc/apk/repositories
		96	+ fi
		97	fi
		98	opt_arch=
		99	if [ -n "$apk_arch" ]; then
		100	opt_arch="--arch $apk_arch"
		101	fi
		102	- ${APK:-apk} add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
		103	+ $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
		104	}
		105
		106	configure_alpine() {
		107	@@ -109,6 +188,7 @@ EOF
		108	lxc.tty = 4
		109	lxc.pts = 1024
		110	lxc.utsname = $hostname
		111	+lxc.cap.drop = sys_module mac_admin mac_override sys_time
		112
		113	# When using LXC with apparmor, uncomment the next line to run unconfined:
		114	#lxc.aa_profile = unconfined
		115	@@ -129,7 +209,7 @@ lxc.cgroup.devices.allow = c 1:8 rwm
		116	lxc.cgroup.devices.allow = c 136:* rwm
		117	lxc.cgroup.devices.allow = c 5:2 rwm
		118	# rtc
		119	-lxc.cgroup.devices.allow = c 254:0 rwm
		120	+lxc.cgroup.devices.allow = c 254:0 rm
		121
		122	# mounts point
		123	lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
		124	@@ -148,8 +228,10 @@ die() {
		125
		126	usage() {
		127	cat >&2 <<EOF
		128	-Usage: $(basename $0) [-h\|--help] [-r\|--repository <url>] [-a\|--arch <arch>]
		129	- -p\|--path <path> -n\|--name <name> [PKG...]
		130	+Usage: $(basename $0) [-h\|--help] [-r\|--repository <url>]
		131	+ [-R\|--release <release>] [-a\|--arch <arch>]
		132	+ [--rootfs <rootfs>] -p\|--path <path> -n\|--name <name>
		133	+ [PKG...]
		134	EOF
		135	}
		136
		137	@@ -165,6 +247,14 @@ optarg_check() {
		138	}
		139
		140	default_path=@LXCPATH@
		141	+release=
		142	+arch=$(uname -m)
		143	+
		144	+# template mknods, requires root
		145	+if [ $(id -u) -ne 0 ]; then
		146	+ echo "$(basename $0): must be run as root" >&2
		147	+ exit 1
		148	+fi
		149
		150	while [ $# -gt 0 ]; do
		151	opt="$1"
		152	@@ -179,6 +269,11 @@ while [ $# -gt 0 ]; do
		153	name=$1
		154	shift
		155	;;
		156	+ --rootfs)
		157	+ optarg_check $opt "$1"
		158	+ rootfs=$1
		159	+ shift
		160	+ ;;
		161	-p\|--path)
		162	optarg_check $opt "$1"
		163	path=$1
		164	@@ -189,6 +284,11 @@ while [ $# -gt 0 ]; do
		165	repository=$1
		166	shift
		167	;;
		168	+ -R\|--release)
		169	+ optarg_check $opt "$1"
		170	+ release=$1
		171	+ shift
		172	+ ;;
		173	-a\|--arch)
		174	optarg_check $opt "$1"
		175	arch=$1
		176	@@ -217,9 +317,11 @@ if [ -z "${path}" ]; then
		177	path="${default_path}/${name}"
		178	fi
		179
		180	-rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
		181	if [ -z "$rootfs" ]; then
		182	- rootfs="${path}/rootfs"
		183	+ rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
		184	+ if [ -z "$rootfs" ]; then
		185	+ rootfs="${path}/rootfs"
		186	+ fi
		187	fi
		188
		189	lxc_arch=$arch
		190	@@ -234,6 +336,11 @@ case "$arch" in
		191	*) die "unsupported architecture: $arch";;
		192	esac
		193
		194	+: ${APK:=apk}
		195	+if ! which $APK >/dev/null; then
		196	+ get_static_apk "$rootfs" \|\| die "Failed to download a valid static apk"
		197	+fi
		198	+
		199	install_alpine "$rootfs" "$@" \|\| die "Failed to install rootfs for $name"
		200	configure_alpine "$rootfs" "$name" \|\| die "Failed to configure $name"
		201	copy_configuration "$path" "$rootfs" "$name"