diff options
author | V3n3RiX <venerix@koprulu.sector> | 2021-12-22 14:08:05 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2021-12-22 14:08:05 +0000 |
commit | 93a93e9a3b53c1a73142a305ea1f8136846942ee (patch) | |
tree | b9791a06ab3284e27b568412c59316c66240c682 /app-containers/lxc | |
parent | 2771f79232c273bc2a57d23bf335dd81ccf6af28 (diff) |
gentoo resync : 22.12.2021
Diffstat (limited to 'app-containers/lxc')
-rw-r--r-- | app-containers/lxc/Manifest | 9 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch | 5 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch | 29 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch | 28 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc.initd.8 | 131 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc_at.service.4.0.0 | 15 | ||||
-rw-r--r-- | app-containers/lxc/lxc-4.0.11_p1-r1.ebuild | 188 | ||||
-rw-r--r-- | app-containers/lxc/metadata.xml | 20 |
8 files changed, 425 insertions, 0 deletions
diff --git a/app-containers/lxc/Manifest b/app-containers/lxc/Manifest new file mode 100644 index 000000000000..1a65339a6138 --- /dev/null +++ b/app-containers/lxc/Manifest @@ -0,0 +1,9 @@ +AUX lxc-2.0.5-omit-sysconfig.patch 259 BLAKE2B 977e151fbb8c9d98e89aaa5ee0426e64ab4286b4440af1582086a0ced8c6568efb470ccf68786da6ea52c82d1f4e81feac45bec411febc04fc31d108f05ccde2 SHA512 0aed9aca687accc6df79e97f48ab333043256e8ae68c8643f2b2452cc8013191238867d64ec71f7d399c59a43d3ba698b35d965090c5cb149b4f41302432e6e7 +AUX lxc-4.0.11_p1-liburing-sync1.patch 972 BLAKE2B 0384058169c0b601d4f3f86ebd368c35af86d5975c89972b7e78212e8b76525ea28065e81537d3dff09c270e556596465bdadf3808cda9b9ce5755d5a930193a SHA512 56806b85094f488815da3fcde33089dbfac59b62491b5ea11fbdb50b7fd585aee0458ec70a60b843074e8d0f6be12a3bbf4fc20a5d6756b893e61fa87187e9e7 +AUX lxc-4.0.11_p1-liburing-sync2.patch 923 BLAKE2B a366d3717730943b315fe7eb8a9f5e65e03634d7093b4406c1f1e2f64265fe55b407bea3849d3b098b5e92ad6d971cc42f545fbc01fcde48b57fd60c0b0e2940 SHA512 70a6d23309bfd1a38ced46eaad2b28ceac6f2a48e40f5b0bf5287334b4a9867a8d2d7bdf551127445cb6b8e92e46b8ed10fb1484a0117f5f98739a21c49b8451 +AUX lxc.initd.8 3669 BLAKE2B 50d41e0923ba26b9653ca3b5b559dd0905e61ec81969e709650fe7f1b26a4dcdc17158b7e449d666e2103047d9f196e53df8beca15fffd529fa8e743de97bd82 SHA512 1182b53a65399746f6d6bced0df5c1fde09c1ede4a28bfe95b5ed0bbd969d6f6423f63021d4b6f1dc62c7b2703f6963c03d881291650bdf21cfcf8432586c1b4 +AUX lxc_at.service.4.0.0 284 BLAKE2B 1adc76b9861f2499b7b703f7076782a258f9b21a3d1e32b69334f753faca9ecd8c6fb2a03baf04698e765f079e73ee683434d8c7c6d3b3082427a6af74ab33b1 SHA512 4c2f9846ca60bb78df7e652309900c0e788b45d569f268a9e5b98842518542b35fce253e2aedeb0eded3d37274390988ef887b01d1d37859ccddf6225286b4bb +DIST lxc-4.0.11.tar.gz 1543031 BLAKE2B 0309bbb96938e60e4cbe145fa0cc3c0a85d9154282a889d74167128b6166a280bb4d53df266990a529a98935ef2c12e8d2214e9a8f6cb293d47aa5808ebad82f SHA512 23287e468da8939334f4261bfcbb52eadcbe5806bd97896db38c84eb42f32143dc17bb8b9bb7f7f88584b72056553c9edc33ddb693a345ecf88f3177573fa9c0 +DIST lxc-4.0.11.tar.gz.asc 833 BLAKE2B 68804d1d5ad09e388541b3a95a98ca14202c513ea3544a7389a49f4e13ecffc17715bb023675134fd99047c727cffe09cbd0a89883054b82650ebd23366823a7 SHA512 49a54aaf018772db40e1dadc0a10e7d727a2b14b34c0a3c704fd3f7a12e60082abf4628cc0a489ee620ef2210c7542abbdb6d1432e4297ceef52cdd6b158a5f8 +EBUILD lxc-4.0.11_p1-r1.ebuild 5322 BLAKE2B 0f2a826ddd0f184a424f3992fa591cb754e9e391ec1b2217656ef322b31da0b257e77db4017ecca76c4c094c8acb3503cbf25f9c13c9773157a66d4476e5c5e8 SHA512 e704e03c6ba3e027db63b985a730af1f55af64fe30ffd9f024b3bd66ea828de99fe5c85d081b9f74f26a5a0e93a3a3f403a00c552a1ccdf7cf221859838c11fc +MISC metadata.xml 713 BLAKE2B 982d13dbe2adffcdb473804981effa8eabc89ca95dc2f39ae6ebdbdce0f786311333c8f9cbfe2105faf55dcbaf7a63a09b46e6b7c7987ba629f5e87de24a348c SHA512 4c9d018afe1967708c18747f504b98487f110b6a021cd97c94693fa4b39d892b148ad19ae64399396b34502ed6f598d7515418b69d0b22031776366a9f172f3b diff --git a/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch b/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch new file mode 100644 index 000000000000..3ec81356499e --- /dev/null +++ b/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch @@ -0,0 +1,5 @@ +--- /config/Makefile.am.orig 2016-05-19 02:56:11.891113982 +0000 ++++ /config/Makefile.am 2016-05-19 02:56:32.596115476 +0000 +@@ -1 +1 @@ +-SUBDIRS = apparmor bash etc init selinux templates yum sysconfig ++SUBDIRS = apparmor bash etc init selinux templates yum diff --git a/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch new file mode 100644 index 000000000000..cd497a755523 --- /dev/null +++ b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch @@ -0,0 +1,29 @@ +From aac3f106ff012e1d6835b20c250dcf09c364530c Mon Sep 17 00:00:00 2001 +From: Christian Brauner <christian.brauner@ubuntu.com> +Date: Thu, 28 Oct 2021 17:39:11 +0200 +Subject: [PATCH] mainloop: make sure that descr->ring is allocated + +This is future proofing more than anything else. + +Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> +--- + src/lxc/mainloop.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c +index 7c8f5d86af..17a4d55293 100644 +--- a/src/lxc/mainloop.c ++++ b/src/lxc/mainloop.c +@@ -515,8 +515,10 @@ void lxc_mainloop_close(struct lxc_async_descr *descr) + + if (descr->type == LXC_MAINLOOP_IO_URING) { + #if HAVE_LIBURING +- io_uring_queue_exit(descr->ring); +- munmap(descr->ring, sizeof(struct io_uring)); ++ if (descr->ring) { ++ io_uring_queue_exit(descr->ring); ++ munmap(descr->ring, sizeof(struct io_uring)); ++ } + #else + ERROR("Unsupported io_uring mainloop"); + #endif diff --git a/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch new file mode 100644 index 000000000000..33b8554193d3 --- /dev/null +++ b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch @@ -0,0 +1,28 @@ +From a585382b972c25ee8489147d94918d001ef439a7 Mon Sep 17 00:00:00 2001 +From: Christian Brauner <christian.brauner@ubuntu.com> +Date: Thu, 28 Oct 2021 17:39:42 +0200 +Subject: [PATCH] start: check event loop type before closing fd + +Since this is a union we might otherwise stomp on io_uring mmap()ed +memory. + +Fixes: #4016 +Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> +--- + src/lxc/start.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lxc/start.c b/src/lxc/start.c +index 8f7173ec8c..1a6046c7a4 100644 +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -629,7 +629,8 @@ int lxc_poll(const char *name, struct lxc_handler *handler) + TRACE("Mainloop is ready"); + + ret = lxc_mainloop(&descr, -1); +- close_prot_errno_disarm(descr.epfd); ++ if (descr.type == LXC_MAINLOOP_EPOLL) ++ close_prot_errno_disarm(descr.epfd); + if (ret < 0 || !handler->init_died) + goto out_mainloop_console; + diff --git a/app-containers/lxc/files/lxc.initd.8 b/app-containers/lxc/files/lxc.initd.8 new file mode 100644 index 000000000000..727f6d504fb3 --- /dev/null +++ b/app-containers/lxc/files/lxc.initd.8 @@ -0,0 +1,131 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +CONTAINER=${SVCNAME#*.} + +LXC_PATH=`lxc-config lxc.lxcpath` + +lxc_get_configfile() { + if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then + echo "${LXC_PATH}/${CONTAINER}.conf" + elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then + echo "${LXC_PATH}/${CONTAINER}/config" + else + eerror "Unable to find a suitable configuration file." + eerror "If you set up the container in a non-standard" + eerror "location, please set the CONFIGFILE variable." + return 1 + fi +} + +[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)} + +lxc_get_var() { + awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} +} + +lxc_get_net_link_type() { + awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" } + $1 == "lxc.network.type" {_type=$2;} + $1 == "lxc.network.link" {_link=$2;} + match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;} + match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;} + {if(_link != "" && _type != ""){ + printf("%s:%s\n", _link, _type ); + _link=""; _type=""; + }; }' <${CONFIGFILE} +} + +checkconfig() { + if [ ${CONTAINER} = ${SVCNAME} ]; then + eerror "You have to create an init script for each container:" + eerror " ln -s lxc /etc/init.d/lxc.container" + return 1 + fi + + # no need to output anything, the function takes care of that. + [ -z "${CONFIGFILE}" ] && return 1 + + utsname=$(lxc_get_var lxc.uts.name) + if [ -z "$utsname" ] ; then + utsname=$(lxc_get_var lxc.utsname) + fi + + if [ "${CONTAINER}" != "${utsname}" ]; then + eerror "You should use the same name for the service and the" + eerror "container. Right now the container is called ${utsname}" + return 1 + fi +} + +depend() { + # be quiet, since we have to run depend() also for the + # non-muxed init script, unfortunately. + checkconfig 2>/dev/null || return 0 + + config ${CONFIGFILE} + need localmount + use lxcfs + + local _x _if + for _x in $(lxc_get_net_link_type); do + _if=${_x%:*} + case "${_x##*:}" in + # when the network type is set to phys, we can make use of a + # network service (for instance to set it up before we disable + # the net_admin capability), but we might also not set it up + # at all on the host and leave the net_admin capable service + # to take care of it. + phys) use net.${_if} ;; + *) need net.${_if} ;; + esac + done +} + +start() { + checkconfig || return 1 + rm -f /var/log/lxc/${CONTAINER}.log + + rootpath=$(lxc_get_var lxc.rootfs) + + # Check the format of our init and the chroot's init, to see + # if we have to use linux32 or linux64; always use setarch + # when required, as that makes it easier to deal with + # x32-based containers. + case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in + EM_X86_64) setarch=linux64;; + EM_386) setarch=linux32;; + esac + + ebegin "Starting LXC container ${CONTAINER}" + env -i ${setarch} $(which lxc-start) -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log + sleep 1 + + # lxc-start -d will _always_ report a correct startup, even if it + # failed, so rather than trust that, check that the cgroup exists. + # fix for LXC 3.1 + + STATE="$(lxc-info -s -H ${CONTAINER})" + [ "$STATE" = "RUNNING" ] + + eend $? +} + +stop() { + checkconfig || return 1 + + STATE="$(lxc-info -s -H ${CONTAINER})" + + if ! [ "$STATE" = "RUNNING" ]; then + ewarn "${CONTAINER} doesn't seem to be started." + return 0 + fi + + # 30s should be enough to shut everything down + # lxc-stop will return back anyway as soon as successful shutdown + # after 30s, lxc-stop sends SIGKILL (dirty shotdown) + ebegin "Stopping LXC container ${CONTAINER}" + lxc-stop -t 30 -n ${CONTAINER} + eend $? +} diff --git a/app-containers/lxc/files/lxc_at.service.4.0.0 b/app-containers/lxc/files/lxc_at.service.4.0.0 new file mode 100644 index 000000000000..b354bc53e080 --- /dev/null +++ b/app-containers/lxc/files/lxc_at.service.4.0.0 @@ -0,0 +1,15 @@ +[Unit] +Description=Linux Container %i +After=network.target +Wants=lxcfs.service + +[Service] +Type=forking +ExecStart=/usr/bin/lxc-start -d -n %i -p /run/lxc-%i.pid +PIDFile=/run/lxc-%i.pid +ExecStop=/usr/bin/lxc-stop -n %i +Delegate=true +TasksMax=32768 + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/lxc-4.0.11_p1-r1.ebuild b/app-containers/lxc/lxc-4.0.11_p1-r1.ebuild new file mode 100644 index 000000000000..4e14a39d94fa --- /dev/null +++ b/app-containers/lxc/lxc-4.0.11_p1-r1.ebuild @@ -0,0 +1,188 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz.asc )" + +KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0" +IUSE="apparmor +caps doc io-uring man pam seccomp selinux +ssl +tools verify-sig" + +RDEPEND="acct-group/lxc + acct-user/lxc + app-misc/pax-utils + sys-apps/util-linux + sys-libs/libcap + virtual/awk + caps? ( sys-libs/libcap ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( + dev-libs/openssl:0= + )" +DEPEND="${RDEPEND} + >=sys-kernel/linux-headers-4 + apparmor? ( sys-apps/apparmor )" +BDEPEND="virtual/pkgconfig + doc? ( app-doc/doxygen[dot] ) + man? ( app-text/docbook-sgml-utils ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt ) + +pkg_setup() { + linux-info_pkg_setup +} + +PATCHES=( + "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854 + "${FILESDIR}"/${P}-liburing-sync1.patch #820545 + "${FILESDIR}"/${P}-liburing-sync2.patch #820545 +) + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc + +S="${WORKDIR}/${PN}-${PV/_p1}" + +src_prepare() { + default + + export bashcompdir="/etc/bash_completion.d" + eautoreconf +} + +src_configure() { + append-flags -fno-strict-aliasing + + local myeconfargs=( + --bindir=/usr/bin + --localstatedir=/var + --sbindir=/usr/bin + + --with-config-path=/var/lib/lxc + --with-distro=gentoo + --with-init-script=systemd + --with-rootfs-path=/var/lib/lxc/rootfs + --with-runtime-path=/run + --with-systemdsystemunitdir=$(systemd_get_systemunitdir) + + --disable-coverity-build + --disable-dlog + --disable-fuzzers + --disable-mutex-debugging + --disable-no-undefined + --disable-rpath + --disable-sanitizers + --disable-tests + --disable-werror + + --enable-bash + --enable-commands + --enable-memfd-rexec + --enable-thread-safety + + $(use_enable apparmor) + $(use_enable caps capabilities) + $(use_enable doc api-docs) + $(use_enable doc examples) + $(use_enable io-uring liburing) + $(use_enable man doc) + $(use_enable pam) + $(use_enable seccomp) + $(use_enable selinux) + $(use_enable ssl openssl) + $(use_enable tools) + + $(use_with pam pamdir $(getpam_mod_dir)) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." + mv "${ED}"/etc/bash_completion.d/lxc "${ED}"/$(get_bashcompdir)/lxc-start || die "Failed to relocate lxc bash-completion file." + rm -r "${ED}"/etc/bash_completion.d || die "Failed to remove wrong bash_completion.d content." + + if use tools; then + bashcomp_alias lxc-start lxc-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,usernsexec,wait} + else + bashcomp_alias lxc-start lxc-usernsexec + fi + + keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc + rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed" + + find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Gentoo-specific additions! + newinitd "${FILESDIR}/lxc.initd.8" lxc + + # Remember to compare our systemd unit file with the upstream one + # config/init/systemd/lxc.service.in + systemd_newunit "${FILESDIR}"/lxc_at.service.4.0.0 "lxc@.service" + + DOC_CONTENTS=" + For openrc, there is an init script provided with the package. + You should only need to symlink /etc/init.d/lxc to + /etc/init.d/lxc.configname to start the container defined in + /etc/lxc/configname.conf. + + Correspondingly, for systemd a service file lxc@.service is installed. + Enable and start lxc@configname in order to start the container defined + in /etc/lxc/configname.conf." + DISABLE_AUTOFORMATTING=true + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog + + elog "Please run 'lxc-checkconfig' to see optional kernel features." + elog + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/app-containers/lxc/metadata.xml b/app-containers/lxc/metadata.xml new file mode 100644 index 000000000000..8c08b596f2e4 --- /dev/null +++ b/app-containers/lxc/metadata.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>juippis@gentoo.org</email> + <name>Joonas Niilola</name> + </maintainer> + <maintainer type="project"> + <email>virtualization@gentoo.org</email> + <name>Gentoo Virtualization Project</name> + </maintainer> + <use> + <flag name="apparmor">Enable AppArmor support</flag> + <flag name="io-uring">Enable io_uring support, and use io_uring instead of epoll</flag> + <flag name="tools">Build and install additional command line tools</flag> + </use> + <upstream> + <remote-id type="github">lxc/lxc</remote-id> + </upstream> +</pkgmetadata> |