commit: 0d0aea3ac1915b42f6769703891e6fe50e840a50 Author: Joonas Niilola <juippis <AT> gentoo <DOT> org> AuthorDate: Mon Jul 18 06:50:43 2022 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Mon Jul 18 07:01:04 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d0aea3a
app-containers/lxc: add 5.0.0 - build system switched to meson, so dropping all keywords off, - some changes to handling systemd in general - there's a chance gentoo-lxc on systemd breaks due to this (did my best to test it but...) Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> app-containers/lxc/Manifest | 2 + .../lxc-5.0.0-dont-depend-on-static-libcap.patch | 27 ++++ .../lxc/files/lxc-monitord.service.5.0.0 | 11 ++ app-containers/lxc/files/lxc-net.service.5.0.0 | 15 ++ app-containers/lxc/files/lxc.service-5.0.0 | 19 +++ app-containers/lxc/files/lxc_at.service.5.0.0 | 19 +++ app-containers/lxc/lxc-5.0.0.ebuild | 159 +++++++++++++++++++++ 7 files changed, 252 insertions(+) diff --git a/app-containers/lxc/Manifest b/app-containers/lxc/Manifest index c736c09fa249..c367d0810b33 100644 --- a/app-containers/lxc/Manifest +++ b/app-containers/lxc/Manifest @@ -1,2 +1,4 @@ DIST lxc-4.0.12.tar.gz 1565070 BLAKE2B 819b5140b641dbc1ed6cf5f2840bb0ee6d3ab8c687f4f8064e42d347113bdf50fcbb653a6fb26598db0daab0c83ad88fe0d27fd2842fac9d7f5fef73656d7976 SHA512 04437d9c891cd3a22f756c42f05e97398772587175d65aff9d394f0f3e810efc5c1fe7077c39573de3ec259e0605bc2a7ea51093613b2cef908372ae338df19d DIST lxc-4.0.12.tar.gz.asc 833 BLAKE2B 2fca60b5ac267a893f70875ccdbe39db6b98b5fe51fe396692449e310b6e680e7b142380e193f5d8299f18e796ed2fd0e08cd186859069877fcca6bc26e44717 SHA512 4f2912879e6f3bf5fdbebb902cf16ca6b766b5720b817c4b4996e62098a1d282327d330ffd9768d45d69aeddb50184dc8485b0ef75b046449ce4c544cdc43c9b +DIST lxc-5.0.0.tar.gz 968678 BLAKE2B 82fa15353bdd78a1cc4cdb915f4a8366790b4ac317247bb03ceae91137368ef953ec52f6882ba9d44f6b9bddd3ac20579339e6bbedb4e5642adc81473825a91d SHA512 ecdce46a83602197716c9a4e50e0514a7e0764fbf34db6d5e3497e90669b4c8ced4b787fb220967d95dd8e50016075f3b118e85d9d63c21b2ba17de2e7aefb81 +DIST lxc-5.0.0.tar.gz.asc 833 BLAKE2B 3519789f7a9797895c1b89371db28add0833b0db5a32b71f8fdff98f689a2ed6edd77db90fad89658e7c148a94a1008a718dca32bc3ce40dbfce9b44c9506dbd SHA512 d475073543e82481675a4d7ffe642445b73698ad0675cfd996768c6f026786c694cea062d50139264362a516b8777fc4e1a5fb5592eeed35ac2f6d64460c505d diff --git a/app-containers/lxc/files/lxc-5.0.0-dont-depend-on-static-libcap.patch b/app-containers/lxc/files/lxc-5.0.0-dont-depend-on-static-libcap.patch new file mode 100644 index 000000000000..74f3d353c561 --- /dev/null +++ b/app-containers/lxc/files/lxc-5.0.0-dont-depend-on-static-libcap.patch @@ -0,0 +1,27 @@ +From 7d72354898feac15bc4082130bcbe638bae02450 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine <[email protected]> +Date: Thu, 14 Jul 2022 17:03:40 +0200 +Subject: [PATCH] meson.build: fix build with -Dcapabilities=false + +Define libcap_static to an empty array to avoid the following build +failure with -Dcapabilities=false: + +output/build/lxc-5.0.0/src/lxc/cmd/meson.build:64:4: ERROR: Unknown variable "libcap_static". + +Signed-off-by: Fabrice Fontaine <[email protected]> +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index 992fa08c72..4ed57a655b 100644 +--- a/meson.build ++++ b/meson.build +@@ -443,6 +443,7 @@ int main(int argc, char *argv[]) { return 0; }; + srcconf.set10('HAVE_STATIC_LIBCAP', false) + endif + else ++ libcap_static = [] + srcconf.set10('HAVE_LIBCAP', false) + srcconf.set10('HAVE_STATIC_LIBCAP', false) + endif diff --git a/app-containers/lxc/files/lxc-monitord.service.5.0.0 b/app-containers/lxc/files/lxc-monitord.service.5.0.0 new file mode 100644 index 000000000000..ff4a201152c0 --- /dev/null +++ b/app-containers/lxc/files/lxc-monitord.service.5.0.0 @@ -0,0 +1,11 @@ +[Unit] +Description=LXC Container Monitoring Daemon +After=syslog.service network.target +Documentation=man:lxc + +[Service] +Type=simple +ExecStart=/usr/libexec/lxc/lxc-monitord --daemon + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/files/lxc-net.service.5.0.0 b/app-containers/lxc/files/lxc-net.service.5.0.0 new file mode 100644 index 000000000000..8a037fcb7614 --- /dev/null +++ b/app-containers/lxc/files/lxc-net.service.5.0.0 @@ -0,0 +1,15 @@ +[Unit] +Description=LXC network bridge setup +After=network-online.target +Before=lxc.service +Documentation=man:lxc +ConditionVirtualization=!lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/lxc/lxc-net start +ExecStop=/usr/libexec/lxc/lxc-net stop + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/files/lxc.service-5.0.0 b/app-containers/lxc/files/lxc.service-5.0.0 new file mode 100644 index 000000000000..35d0dff241d0 --- /dev/null +++ b/app-containers/lxc/files/lxc.service-5.0.0 @@ -0,0 +1,19 @@ +[Unit] +Description=LXC Container Initialization and Autoboot Code +After=network.target lxc-net.service remote-fs.target +Wants=lxc-net.service +Documentation=man:lxc-autostart man:lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load +ExecStart=/usr/libexec//lxc/lxc-containers start +ExecStop=/usr/libexec/lxc/lxc-containers stop +ExecReload=/usr/libexec/lxc/lxc-apparmor-load +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/files/lxc_at.service.5.0.0 b/app-containers/lxc/files/lxc_at.service.5.0.0 new file mode 100644 index 000000000000..447b6c87ec5d --- /dev/null +++ b/app-containers/lxc/files/lxc_at.service.5.0.0 @@ -0,0 +1,19 @@ +[Unit] +Description=LXC Container: %i +# This pulls in apparmor, dev-setup, lxc-net +After=lxc.service +Wants=lxc.service +Documentation=man:lxc-start man:lxc + +[Service] +Type=simple +KillMode=mixed +TimeoutStopSec=120s +ExecStart=/usr/bin/lxc-start -F -n %i +ExecStop=/usr/bin/lxc-stop -n %i +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/lxc-5.0.0.ebuild b/app-containers/lxc/lxc-5.0.0.ebuild new file mode 100644 index 000000000000..e613d9df3f45 --- /dev/null +++ b/app-containers/lxc/lxc-5.0.0.ebuild @@ -0,0 +1,159 @@ +# Copyright 2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"; +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0" +KEYWORDS="~amd64" +IUSE="apparmor +caps examples io-uring man pam seccomp selinux ssl systemd test +tools verify-sig" + +RDEPEND="acct-group/lxc + acct-user/lxc + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap[static-libs] ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( sys-apps/systemd ) + tools? ( sys-libs/libcap[static-libs] )" +DEPEND="${RDEPEND} + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +PATCHES=( "${FILESDIR}"/lxc-5.0.0-dont-depend-on-static-libcap.patch ) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + local emesonargs=( + -Dcoverity-build=false + -Doss-fuzz=false + + -Dcommands=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + if use systemd; then + local emesonargs+=( -Dinit-script="systemd" ) + else + local emesonargs+=( -Dinit-script="sysvinit" ) + fi + + use tools && local emesonargs+=( -Dcapabilities=true ) + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." + + if use tools; then + bashcomp_alias lxc-start lxc-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,usernsexec,wait} + else + bashcomp_alias lxc-start lxc-usernsexec + fi + + keepdir /var/lib/cache/lxc /var/lib/lib/lxc + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd; then + rm -r "${ED}"/lib/systemd || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.8" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "[email protected]" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${ED}"/lib/systemd/system/lxc.service || die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +}
