commit: 380968ba252854f366618716ca1b8d2f074d14b2 Author: Joonas Niilola <juippis <AT> gentoo <DOT> org> AuthorDate: Tue Oct 10 13:09:30 2023 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Fri Oct 13 17:21:08 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=380968ba
app-containers/incus: new package, add 0.1 - incus is a fork from Canonical's LXD. Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/33278 app-containers/incus/Manifest | 2 + app-containers/incus/files/incus-0.1.confd | 23 +++ app-containers/incus/files/incus-0.1.initd | 59 ++++++++ app-containers/incus/files/incus-0.1.service | 23 +++ app-containers/incus/files/incus-0.1.socket | 12 ++ .../incus/files/incus-containers-0.1.service | 16 ++ app-containers/incus/incus-0.1.ebuild | 162 +++++++++++++++++++++ app-containers/incus/metadata.xml | 31 ++++ 8 files changed, 328 insertions(+) diff --git a/app-containers/incus/Manifest b/app-containers/incus/Manifest new file mode 100644 index 000000000000..77fd5375ef00 --- /dev/null +++ b/app-containers/incus/Manifest @@ -0,0 +1,2 @@ +DIST incus-0.1.tar.gz 21498887 BLAKE2B ea200f83922a2f23c8bbc8ce94ccf7df8b7e096adfe6697d94135a4c660a950411e2176f860a63dada12890cde474beb16fcd17a4c52419f1ab86d3625c426e5 SHA512 1cd5410b07ed44f05b19ca3c734a67bde6f85d0e4673e9b46100bb8f2d60889773bcde1a274e96b55651b95414c47abeb6c3f2b8ec8d500d22ef08e31d09d9e6 +DIST incus-0.1.tar.gz.asc 833 BLAKE2B 9e2ceedf246e7af20a6d8c0e597f59016a4040c10d547f724a0fa822387bb46c70d0467df583127bea874ded87115844e02191e93ddfd29fc64f3bc0262b7f10 SHA512 de14e530543d861ea3bdffe8d4b88a140f39646219c1494db81577f755d5d5ddc35f8e36f51cbfe38d8fcd4c3de95bb8d615db61530bbd507a55c6e07d3031b6 diff --git a/app-containers/incus/files/incus-0.1.confd b/app-containers/incus/files/incus-0.1.confd new file mode 100644 index 000000000000..ec857143c2da --- /dev/null +++ b/app-containers/incus/files/incus-0.1.confd @@ -0,0 +1,23 @@ +# Group which owns the shared socket +INCUS_OPTIONS+=" --group incus" + +# Enable cpu profiling into the specified file +#INCUS_OPTIONS+=" --cpuprofile /tmp/lxc_cpu_profile" + +# Enable memory profiling into the specified file +#INCUS_OPTIONS+=" --memprofile /tmp/lxc_mem_profile" + +# Enable debug mode +#INCUS_OPTIONS+=" --debug" + +# For debugging, print a complete stack trace every n seconds +#INCUS_OPTIONS+=" --print-goroutines-every 5" + +# Enable verbose mode +#INCUS_OPTIONS+=" -v" + +# Logfile to log to +#INCUS_OPTIONS+=" --logfile /var/log/incus/incus.log" + +# Enable syslog logging +#INCUS_OPTIONS+=" --syslog" diff --git a/app-containers/incus/files/incus-0.1.initd b/app-containers/incus/files/incus-0.1.initd new file mode 100644 index 000000000000..d09ffe224d04 --- /dev/null +++ b/app-containers/incus/files/incus-0.1.initd @@ -0,0 +1,59 @@ +#!/sbin/openrc-run +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/usr/sbin/incusd +PIDFILE=/run/incusd.pid + +depend() { + need net + need lxcfs +} + +start() { + ebegin "Starting incus service" + + modprobe -f loop > /dev/null 2>&1 + + # Fix permissions on /var/lib/incus and make sure it exists. + # Create a log directory for incus with correct permissions. + install -d /var/lib/incus --group incus --owner root --mode 0775 + install -d /var/log/incus --group incus --owner root + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + ${INCUS_OPTIONS} + eend ${?} + + # Create necessary systemd paths in order for systemd containers to work on openrc host. + # /etc/rc.conf should have following values: + # rc_cgroup_mode="hybrid" + if [ -d /sys/fs/cgroup/unified ] && + [ ! -d /sys/fs/cgroup/systemd ]; then + install -d /sys/fs/cgroup/systemd --group incus --owner root + mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd + fi +} + +stop() { + if [ "${RC_CMD}" = restart ]; then + ebegin "Stopping incusd service (but not containers)" + # start-stop-daemon sends SIGTERM with a timeout of 5s by default. + # SIGTERM indicates to INCUS that it will be stopped temporarily. + # Instances will keep running. + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + else + ebegin "Stopping incusd service and containers, waiting 40s" + # SIGPWR indicates to INCUS that the host is going down. + # LXD will do a clean shutdown of all instances. + # After 30s all remaining instances will be killed. + # We wait up to 40s for INCUS. + start-stop-daemon --stop --quiet -R SIGPWR/40 -p "${PIDFILE}" + eend ${?} + fi +} diff --git a/app-containers/incus/files/incus-0.1.service b/app-containers/incus/files/incus-0.1.service new file mode 100644 index 000000000000..354a53122923 --- /dev/null +++ b/app-containers/incus/files/incus-0.1.service @@ -0,0 +1,23 @@ +[Unit] +Description=Incus - main daemon +After=network-online.target lxcfs.service incus.socket +Requires=network-online.target lxcfs.service incus.socket +Documentation=man:incus(1) + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/sbin/incusd --group incus --syslog +ExecStartPost=/usr/sbin/incusd waitready --timeout=600 +ExecStartPre=/bin/mkdir -p /var/log/incus +ExecStartPre=/bin/chown -R root:incus /var/log/incus +KillMode=process +PermissionsStartOnly=true +TimeoutStartSec=600s +TimeoutStopSec=30s +Restart=on-failure +LimitNOFILE=1048576 +LimitNPROC=infinity +TasksMax=infinity + +[Install] +Also=incus-containers.service incus.socket diff --git a/app-containers/incus/files/incus-0.1.socket b/app-containers/incus/files/incus-0.1.socket new file mode 100644 index 000000000000..864ebf19954e --- /dev/null +++ b/app-containers/incus/files/incus-0.1.socket @@ -0,0 +1,12 @@ +[Unit] +Description=incus - unix socket +Documentation=man:incus(1) + +[Socket] +ListenStream=/var/lib/incus/unix.socket +SocketGroup=incus +SocketMode=0660 +Service=incus.service + +[Install] +WantedBy=sockets.target diff --git a/app-containers/incus/files/incus-containers-0.1.service b/app-containers/incus/files/incus-containers-0.1.service new file mode 100644 index 000000000000..038d633a53d7 --- /dev/null +++ b/app-containers/incus/files/incus-containers-0.1.service @@ -0,0 +1,16 @@ +[Unit] +Description=incus - container startup/shutdown +Documentation=man:incus(1) +After=incus.socket incus.service +Requires=incus.socket + +[Service] +Type=oneshot +ExecStart=/usr/sbin/incusd activateifneeded +ExecStop=/usr/sbin/incusd shutdown +TimeoutStartSec=600s +TimeoutStopSec=600s +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/incus/incus-0.1.ebuild b/app-containers/incus/incus-0.1.ebuild new file mode 100644 index 000000000000..440af29096a6 --- /dev/null +++ b/app-containers/incus/incus-0.1.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 go-module linux-info optfeature systemd verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"; +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.gz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0" +KEYWORDS="~amd64" +IUSE="nls" + +# incus conflicts with lxd due to fuidshift binary. Even if you replace the package, containers will remain. +DEPEND="acct-group/incus + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[seccomp(+)] + dev-db/sqlite:3 + dev-libs/cowsql + dev-libs/lzo + >=dev-libs/raft-0.17.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + !app-containers/lxd + net-firewall/ebtables + net-firewall/iptables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl" +BDEPEND="dev-lang/go + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/lxc-to-incus + /usr/bin/lxd-to-incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/sbin/incusd" + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + # lxd-to-incus: this go module is packaged separately (0.1). + for k in fuidshift incus-benchmark incus-user incus lxc-to-incus ; do + go install -v -x "${S}/cmd/${k}" || die "failed compiling ${k}" + done + + go install -v -x -tags libsqlite3 "${S}"/cmd/incusd || die "Failed to build the daemon" + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + local bindir="_dist/bin" + + dosbin ${bindir}/incusd + + for l in fuidshift incus-agent incus-benchmark incus-migrate incus-user incus lxc-to-incus ; do + dobin ${bindir}/${l} + done + + dobashcomp scripts/bash/incus + + newconfd "${FILESDIR}"/incus-0.1.confd incus + newinitd "${FILESDIR}"/incus-0.1.initd incus + + systemd_newunit "${FILESDIR}"/incus-0.1.service incus.service + systemd_newunit "${FILESDIR}"/incus-containers-0.1.service incus-containers.service + systemd_newunit "${FILESDIR}"/incus-0.1.socket incus.socket + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://linuxcontainers.org/incus/introduction/"; + elog " https://linuxcontainers.org/incus/docs/main/tutorial/first_steps/"; + elog "before a Gentoo Wiki page is made." + elog + optfeature "virtual machine support" app-emulation/qemu[spice,usbredir,virtfs] + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/app-containers/incus/metadata.xml b/app-containers/incus/metadata.xml new file mode 100644 index 000000000000..a7cc7908462b --- /dev/null +++ b/app-containers/incus/metadata.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + <name>Joonas Niilola</name> + </maintainer> + <maintainer type="project"> + <email>[email protected]</email> + <name>Gentoo Virtualization Project</name> + </maintainer> + <longdescription> + Incus is a modern, secure and powerful system container and virtual machine manager. + Incus is a community fork from Canonical's LXD. + + It provides a unified experience for running and managing full Linux systems inside containers + or virtual machines. Incus supplies images for a wide number of Linux distributions and is built + around a very powerful, yet pretty simple, REST API. Incus scales from one instance on a single + machine to a cluster in a full data center rack, making it suitable for running workloads both + for development and in production. + + Incus allows you to easily set up a system that feels like a small private cloud. You can run any + type of workload in an efficient way while keeping your resources optimized. + + You should consider using Incus if you want to containerize different environments or run virtual + machines, or in general run and manage your infrastructure in a cost-effective way. + </longdescription> + <upstream> + <remote-id type="github">canonical/lxd</remote-id> + </upstream> +</pkgmetadata>
