Hi,
following my previous mail, here's the suggested debdiff to fix LXC in
stable. I'm going to submit this to the stable release team.
I would welcome tests from real LXC users. My test package is
here:
http://people.debian.org/~hertzog/packages/lxc_0.8.0~rc1-8+deb7u2_amd64.deb
Regards.
--
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
diff -Nru lxc-0.8.0~rc1/debian/changelog lxc-0.8.0~rc1/debian/changelog
--- lxc-0.8.0~rc1/debian/changelog 2012-08-22 22:44:12.000000000 +0200
+++ lxc-0.8.0~rc1/debian/changelog 2013-12-16 12:13:58.000000000 +0100
@@ -1,3 +1,11 @@
+lxc (0.8.0~rc1-8+deb7u2) wheezy; urgency=medium
+
+ * Non-maintainer upload.
+ * Use latest upstream provided lxc-debian that actually works. Closes: #680469
+ * Add rsync to Recommends since lxc-debian uses it.
+
+ -- Raphaël Hertzog <hert...@debian.org> Mon, 16 Dec 2013 08:51:43 +0100
+
lxc (0.8.0~rc1-8+deb7u1) wheezy; urgency=low
* Non-maintainer upload.
diff -Nru lxc-0.8.0~rc1/debian/control lxc-0.8.0~rc1/debian/control
--- lxc-0.8.0~rc1/debian/control 2012-06-30 00:34:08.000000000 +0200
+++ lxc-0.8.0~rc1/debian/control 2013-12-16 12:13:28.000000000 +0100
@@ -13,7 +13,7 @@
Architecture: linux-any
Pre-Depends: ${multiarch:Pre-Depends}
Depends: ${misc:Depends}, ${shlibs:Depends}
-Recommends: debootstrap | cdebootstrap, libcap2-bin
+Recommends: debootstrap | cdebootstrap, rsync, libcap2-bin
Conflicts: cgroup-bin
Suggests: lxctl
Description: Linux Containers userspace tools
diff -Nru lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch
--- lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch 1970-01-01 01:00:00.000000000 +0100
+++ lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch 2013-12-16 12:07:48.000000000 +0100
@@ -0,0 +1,423 @@
+Description: Update lxc-debian template script
+ Use a newer upstream version of that script that correctly installs the
+ current stable release.
+Origin: upstream, https://github.com/lxc/lxc/raw/master/templates/lxc-debian.in
+Applied-Upstream: 1.0.0
+--- a/templates/lxc-debian.in
++++ b/templates/lxc-debian.in
+@@ -13,14 +13,13 @@
+
+ # This library is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ # Lesser General Public License for more details.
+
+ # You should have received a copy of the GNU Lesser General Public
+ # License along with this library; if not, write to the Free Software
+-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+-SUITE=${SUITE:-squeeze}
+ MIRROR=${MIRROR:-http://cdn.debian.net/debian}
+
+ configure_debian()
+@@ -31,9 +30,9 @@ configure_debian()
+ # squeeze only has /dev/tty and /dev/tty0 by default,
+ # therefore creating missing device nodes for tty1-4.
+ for tty in $(seq 1 4); do
+- if [ ! -e $rootfs/dev/tty$tty ]; then
+- mknod $rootfs/dev/tty$tty c 4 $tty
+- fi
++ if [ ! -e $rootfs/dev/tty$tty ]; then
++ mknod $rootfs/dev/tty$tty c 4 $tty
++ fi
+ done
+
+ # configure the inittab
+@@ -54,6 +53,8 @@ c1:12345:respawn:/sbin/getty 38400 tty1
+ c2:12345:respawn:/sbin/getty 38400 tty2 linux
+ c3:12345:respawn:/sbin/getty 38400 tty3 linux
+ c4:12345:respawn:/sbin/getty 38400 tty4 linux
++p6::ctrlaltdel:/sbin/init 6
++p0::powerfail:/sbin/init 0
+ EOF
+
+ # disable selinux in debian
+@@ -76,11 +77,14 @@ EOF
+
+ # reconfigure some services
+ if [ -z "$LANG" ]; then
+- chroot $rootfs locale-gen en_US.UTF-8 UTF-8
+- chroot $rootfs update-locale LANG=en_US.UTF-8
++ chroot $rootfs locale-gen en_US.UTF-8 UTF-8
++ chroot $rootfs update-locale LANG=en_US.UTF-8
+ else
+- chroot $rootfs locale-gen $LANG $(echo $LANG | cut -d. -f2)
+- chroot $rootfs update-locale LANG=$LANG
++ encoding=$(echo $LANG | cut -d. -f2)
++ chroot $rootfs sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \
++ -i /etc/locale.gen 2>/dev/null
++ chroot $rootfs locale-gen $LANG $encoding
++ chroot $rootfs update-locale LANG=$LANG
+ fi
+
+ # remove pointless services in a container
+@@ -89,12 +93,30 @@ EOF
+ chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
+ chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
+
++ # set initial timezone as on host
++ if [ -f /etc/timezone ]; then
++ cat /etc/timezone > $rootfs/etc/timezone
++ chroot $rootfs dpkg-reconfigure -f noninteractive tzdata
++ elif [ -f /etc/sysconfig/clock ]; then
++ source /etc/sysconfig/clock
++ echo $ZONE > $rootfs/etc/timezone
++ chroot $rootfs dpkg-reconfigure -f noninteractive tzdata
++ else
++ echo "Timezone in container is not configured. Adjust it manually."
++ fi
++
+ echo "root:root" | chroot $rootfs chpasswd
+ echo "Root password is 'root', please change !"
+
+ return 0
+ }
+
++cleanup()
++{
++ rm -rf $cache/partial-$release-$arch
++ rm -rf $cache/rootfs-$release-$arch
++}
++
+ download_debian()
+ {
+ packages=\
+@@ -102,7 +124,7 @@ ifupdown,\
+ locales,\
+ libui-dialog-perl,\
+ dialog,\
+-dhcp3-client,\
++isc-dhcp-client,\
+ netbase,\
+ net-tools,\
+ iproute,\
+@@ -110,26 +132,32 @@ openssh-server
+
+ cache=$1
+ arch=$2
++ release=$3
+
++ trap cleanup EXIT SIGHUP SIGINT SIGTERM
+ # check the mini debian was not already downloaded
+- mkdir -p "$cache/partial-$SUITE-$arch"
++ mkdir -p "$cache/partial-$release-$arch"
+ if [ $? -ne 0 ]; then
+- echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
+- return 1
++ echo "Failed to create '$cache/partial-$release-$arch' directory"
++ return 1
+ fi
+
+ # download a mini debian into a cache
+ echo "Downloading debian minimal ..."
+ debootstrap --verbose --variant=minbase --arch=$arch \
+- --include=$packages \
+- "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
++ --include=$packages \
++ "$release" "$cache/partial-$release-$arch" $MIRROR
+ if [ $? -ne 0 ]; then
+- echo "Failed to download the rootfs, aborting."
+- return 1
++ echo "Failed to download the rootfs, aborting."
++ return 1
+ fi
+
+- mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
++ mv "$1/partial-$release-$arch" "$1/rootfs-$release-$arch"
+ echo "Download complete."
++ trap EXIT
++ trap SIGINT
++ trap SIGTERM
++ trap SIGHUP
+
+ return 0
+ }
+@@ -139,11 +167,12 @@ copy_debian()
+ cache=$1
+ arch=$2
+ rootfs=$3
++ release=$4
+
+ # make a local copy of the minidebian
+ echo -n "Copying rootfs to $rootfs..."
+ mkdir -p $rootfs
+- rsync -a "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1
++ rsync -Ha "$cache/rootfs-$release-$arch"/ $rootfs/ || return 1
+ return 0
+ }
+
+@@ -151,34 +180,34 @@ install_debian()
+ {
+ cache="@LOCALSTATEDIR@/cache/lxc/debian"
+ rootfs=$1
++ release=$2
++ arch=$3
+ mkdir -p @LOCALSTATEDIR@/lock/subsys/
+ (
+- flock -n -x 200
+- if [ $? -ne 0 ]; then
+- echo "Cache repository is busy."
+- return 1
+- fi
+-
+- arch=$(dpkg --print-architecture)
+-
+- echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
+- if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
+- download_debian $cache $arch
+- if [ $? -ne 0 ]; then
+- echo "Failed to download 'debian base'"
+- return 1
+- fi
+- fi
+-
+- copy_debian $cache $arch $rootfs
+- if [ $? -ne 0 ]; then
+- echo "Failed to copy rootfs"
+- return 1
+- fi
++ flock -x 200
++ if [ $? -ne 0 ]; then
++ echo "Cache repository is busy."
++ return 1
++ fi
++
++ echo "Checking cache download in $cache/rootfs-$release-$arch ... "
++ if [ ! -e "$cache/rootfs-$release-$arch" ]; then
++ download_debian $cache $arch $release
++ if [ $? -ne 0 ]; then
++ echo "Failed to download 'debian base'"
++ return 1
++ fi
++ fi
++
++ copy_debian $cache $arch $rootfs $release
++ if [ $? -ne 0 ]; then
++ echo "Failed to copy rootfs"
++ return 1
++ fi
+
+- return 0
++ return 0
+
+- ) 200>@LOCALSTATEDIR@/lock/subsys/lxc
++ ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
+
+ return $?
+ }
+@@ -188,12 +217,26 @@ copy_configuration()
+ path=$1
+ rootfs=$2
+ hostname=$3
++ arch=$4
++
++ # if there is exactly one veth network entry, make sure it has an
++ # associated hwaddr.
++ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
++ if [ $nics -eq 1 ]; then
++ grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
++ fi
+
++ grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
+ cat <<EOF >> $path/config
+ lxc.tty = 4
+ lxc.pts = 1024
+-lxc.rootfs = $rootfs
++lxc.arch = $arch
+ lxc.utsname = $hostname
++lxc.cap.drop = sys_module mac_admin mac_override sys_time
++
++# When using LXC with apparmor, uncomment the next line to run unconfined:
++#lxc.aa_profile = unconfined
++
+ lxc.cgroup.devices.deny = a
+ # /dev/null and zero
+ lxc.cgroup.devices.allow = c 1:3 rwm
+@@ -209,16 +252,16 @@ lxc.cgroup.devices.allow = c 1:8 rwm
+ lxc.cgroup.devices.allow = c 136:* rwm
+ lxc.cgroup.devices.allow = c 5:2 rwm
+ # rtc
+-lxc.cgroup.devices.allow = c 254:0 rwm
++lxc.cgroup.devices.allow = c 254:0 rm
+
+ # mounts point
+-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
+-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
++lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
++lxc.mount.entry = sysfs sys sysfs defaults 0 0
+ EOF
+
+ if [ $? -ne 0 ]; then
+- echo "Failed to add configuration"
+- return 1
++ echo "Failed to add configuration"
++ return 1
+ fi
+
+ return 0
+@@ -229,46 +272,65 @@ clean()
+ cache="@LOCALSTATEDIR@/cache/lxc/debian"
+
+ if [ ! -e $cache ]; then
+- exit 0
++ exit 0
+ fi
+
+ # lock, so we won't purge while someone is creating a repository
+ (
+- flock -n -x 200
+- if [ $? != 0 ]; then
+- echo "Cache repository is busy."
+- exit 1
+- fi
+-
+- echo -n "Purging the download cache..."
+- rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
+- exit 0
++ flock -x 200
++ if [ $? != 0 ]; then
++ echo "Cache repository is busy."
++ exit 1
++ fi
++
++ echo -n "Purging the download cache..."
++ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
++ exit 0
+
+- ) 200>@LOCALSTATEDIR@/lock/subsys/lxc
++ ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
+ }
+
+ usage()
+ {
+ cat <<EOF
+-$1 -h|--help -p|--path=<path> --clean
++$1 -h|--help -p|--path=<path> [-a|--arch] [-r|--release=<release>] [-c|--clean]
++release: the debian release (e.g. wheezy): defaults to current stable
++arch: the container architecture (e.g. amd64): defaults to host arch
+ EOF
+ return 0
+ }
+
+-options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
++options=$(getopt -o hp:n:a:r:c -l help,rootfs:,path:,name:,arch:,release:,clean -- "$@")
+ if [ $? -ne 0 ]; then
+ usage $(basename $0)
+- exit 1
++ exit 1
+ fi
+ eval set -- "$options"
+
++if which dpkg >/dev/null 2>&1 ; then
++ arch=$(dpkg --print-architecture)
++else
++ arch=$(uname -m)
++ if [ "$arch" = "i686" ]; then
++ arch="i386"
++ elif [ "$arch" = "x86_64" ]; then
++ arch="amd64"
++ elif [ "$arch" = "armv7l" ]; then
++ arch="armhf"
++ fi
++fi
++hostarch=$arch
++
+ while true
+ do
+ case "$1" in
+- -h|--help) usage $0 && exit 0;;
++ -h|--help) usage $0 && exit 1;;
+ -p|--path) path=$2; shift 2;;
+- -n|--name) name=$2; shift 2;;
+- -c|--clean) clean=$2; shift 2;;
++ --rootfs) rootfs=$2; shift 2;;
++ -a|--arch) arch=$2; shift 2;;
++ -r|--release) release=$2; shift 2;;
++ -n|--name) name=$2; shift 2;;
++ -c|--clean) clean=$2; shift 2;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
+@@ -279,6 +341,30 @@ if [ ! -z "$clean" -a -z "$path" ]; then
+ exit 0
+ fi
+
++if [ "$arch" == "i686" ]; then
++ arch=i386
++fi
++
++if [ "$arch" == "x86_64" ]; then
++ arch=amd64
++fi
++
++if [ $hostarch = "i386" -a $arch = "amd64" ]; then
++ echo "can't create $arch container on $hostarch"
++ exit 1
++fi
++
++if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
++ [ $arch != "armhf" -a $arch != "armel" ]; then
++ echo "can't create $arch container on $hostarch"
++ exit 1
++fi
++
++if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then
++ echo "can't create $arch container on $hostarch"
++ exit 1
++fi
++
+ type debootstrap
+ if [ $? -ne 0 ]; then
+ echo "'debootstrap' command is missing"
+@@ -295,9 +381,28 @@ if [ "$(id -u)" != "0" ]; then
+ exit 1
+ fi
+
+-rootfs=$path/rootfs
++current_release=`wget ${MIRROR}/dists/stable/Release -O - 2>/dev/null |\
++head |awk '/^Codename: (.*)$/ { print $2; }'`
++release=${release:-${current_release}}
++valid_releases=('squeeze' 'wheezy' 'jessie' 'sid')
++if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]
++then
++ echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}"
++ exit 1
++fi
++
++# detect rootfs
++config="$path/config"
++if [ -z "$rootfs" ]; then
++ if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
++ rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config)
++ else
++ rootfs=$path/rootfs
++ fi
++fi
++
+
+-install_debian $rootfs
++install_debian $rootfs $release $arch
+ if [ $? -ne 0 ]; then
+ echo "failed to install debian"
+ exit 1
+@@ -309,7 +414,7 @@ if [ $? -ne 0 ]; then
+ exit 1
+ fi
+
+-copy_configuration $path $rootfs $name
++copy_configuration $path $rootfs $name $arch
+ if [ $? -ne 0 ]; then
+ echo "failed write configuration file"
+ exit 1
diff -Nru lxc-0.8.0~rc1/debian/patches/series lxc-0.8.0~rc1/debian/patches/series
--- lxc-0.8.0~rc1/debian/patches/series 2012-06-29 23:14:41.000000000 +0200
+++ lxc-0.8.0~rc1/debian/patches/series 2013-12-16 12:01:29.000000000 +0100
@@ -10,3 +10,4 @@
10-lxc-clone-trap-name.patch
11-lxc-console-escape.patch
12-lxc-create-rootfs.patch
+13-update-lxc-debian.patch
diff -Nru lxc-0.8.0~rc1/debian/rules lxc-0.8.0~rc1/debian/rules
--- lxc-0.8.0~rc1/debian/rules 2012-06-30 00:34:05.000000000 +0200
+++ lxc-0.8.0~rc1/debian/rules 2013-12-16 11:56:29.000000000 +0100
@@ -36,9 +36,9 @@
cp -r debian/local/lxc-debconf* debian/lxc/usr/share/lxc/templates
# replacing upstreams debian template
- rm -f debian/tmp/usr/share/lxc/templates/lxc-debian
- ln -s lxc-debconf debian/tmp/usr/share/lxc/templates/lxc-debian
- ln -s lxc-debconf.d debian/tmp/usr/share/lxc/templates/lxc-debian.d
+ #rm -f debian/tmp/usr/share/lxc/templates/lxc-debian
+ #ln -s lxc-debconf debian/tmp/usr/share/lxc/templates/lxc-debian
+ #ln -s lxc-debconf.d debian/tmp/usr/share/lxc/templates/lxc-debian.d
# adding progress template symlink
ln -s lxc-debconf debian/tmp/usr/share/lxc/templates/lxc-progress
