diff options
Diffstat (limited to 'app-containers/lxc')
-rw-r--r-- | app-containers/lxc/Manifest | 4 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc-monitord.service.5.0.0 | 11 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc-net.service.5.0.0 | 15 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc.initd.9 | 132 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc.service-5.0.0 | 19 | ||||
-rw-r--r-- | app-containers/lxc/files/lxc_at.service.5.0.0 | 19 | ||||
-rw-r--r-- | app-containers/lxc/lxc-5.0.3.ebuild | 169 | ||||
-rw-r--r-- | app-containers/lxc/lxc-6.0.0-r1.ebuild | 171 | ||||
-rw-r--r-- | app-containers/lxc/lxc-6.0.0-r2.ebuild | 172 | ||||
-rw-r--r-- | app-containers/lxc/metadata.xml | 20 |
10 files changed, 732 insertions, 0 deletions
diff --git a/app-containers/lxc/Manifest b/app-containers/lxc/Manifest new file mode 100644 index 000000000000..0257fd2ae87a --- /dev/null +++ b/app-containers/lxc/Manifest @@ -0,0 +1,4 @@ +DIST lxc-5.0.3.tar.gz 975269 BLAKE2B 533d97fe4d986acbf5d562bb2c295a63df2a9a8bfc27aeff5056e4235f667102500debc586c5698482ec048c1b222a0fdc234db6fd6648c4b649f87a85de18f8 SHA512 0553be317431ab7ec0c450c0f85724a53de1f251c39c9716168e17cda6a8daec70b8221228c4be64027df28a327e0f1fd508e6bb48348ab540bbfeaf2b9ac974 +DIST lxc-5.0.3.tar.gz.asc 833 BLAKE2B c35278ed17cad76d2ea94b3985e0110731efea751fb5f1c2d1c9db71486e4844285f372a94c8611dcfe91fdb16459694843b9e0a8273cfc68a56f549c7162cfb SHA512 a5ce5769d49abdf35d94de8273fd3e9c2a8ba4fafea71cf33ee6bce1d83531c8b550d972f7080409a4cc5a92e9d04ece50ed108f92c6aec4868d150e58d7d11a +DIST lxc-6.0.0.tar.gz 964053 BLAKE2B d41bcab4e225c139d4d41df5291717e4d196fe3b48d978a993811b74a08e7a75e1528f4bf44f694a624537632bdec642cd80cf51a528dea848baa11c10471afa SHA512 acff2fc70cf2c65af37b70a21239482c3d845c408f7132558b54980e4400c23670c63178a3a3dfb239f047f529004df93cd829d728852a8c8647ce6babf7857f +DIST lxc-6.0.0.tar.gz.asc 833 BLAKE2B d2cda07e605d64dbb650506cf536c545e2c5746973c834f4d4f409064e2ba8265040b13a60e124e30e154bbc5a51c704bad0fa2ff5530effddfa449618aa60a7 SHA512 4e56ffa7395877714f993d9c54cf8b9df91cdced96c5a609b63f5e3896a0a51db8ba6f99bf2360d60af202df79123deea72215bf854d8798d3af361a4888445e diff --git a/app-containers/lxc/files/lxc-monitord.service.5.0.0 b/app-containers/lxc/files/lxc-monitord.service.5.0.0 new file mode 100644 index 000000000000..ff4a201152c0 --- /dev/null +++ b/app-containers/lxc/files/lxc-monitord.service.5.0.0 @@ -0,0 +1,11 @@ +[Unit] +Description=LXC Container Monitoring Daemon +After=syslog.service network.target +Documentation=man:lxc + +[Service] +Type=simple +ExecStart=/usr/libexec/lxc/lxc-monitord --daemon + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/files/lxc-net.service.5.0.0 b/app-containers/lxc/files/lxc-net.service.5.0.0 new file mode 100644 index 000000000000..8a037fcb7614 --- /dev/null +++ b/app-containers/lxc/files/lxc-net.service.5.0.0 @@ -0,0 +1,15 @@ +[Unit] +Description=LXC network bridge setup +After=network-online.target +Before=lxc.service +Documentation=man:lxc +ConditionVirtualization=!lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/lxc/lxc-net start +ExecStop=/usr/libexec/lxc/lxc-net stop + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/files/lxc.initd.9 b/app-containers/lxc/files/lxc.initd.9 new file mode 100644 index 000000000000..4958fbcbbc7b --- /dev/null +++ b/app-containers/lxc/files/lxc.initd.9 @@ -0,0 +1,132 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +CONTAINER=${SVCNAME#*.} + +LXC_PATH=`lxc-config lxc.lxcpath` + +lxc_get_configfile() { + if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then + echo "${LXC_PATH}/${CONTAINER}.conf" + elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then + echo "${LXC_PATH}/${CONTAINER}/config" + else + eerror "Unable to find a suitable configuration file." + eerror "If you set up the container in a non-standard" + eerror "location, please set the CONFIGFILE variable." + return 1 + fi +} + +[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)} + +lxc_get_var() { + awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} +} + +lxc_get_net_link_type() { + # gentoo bugfix 909640, drop commented lines before awk + grep -v '^#' ${CONFIGFILE} | awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" } + $1 == "lxc.network.type" {_type=$2;} + $1 == "lxc.network.link" {_link=$2;} + match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;} + match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;} + {if(_link != "" && _type != ""){ + printf("%s:%s\n", _link, _type ); + _link=""; _type=""; + }; }' +} + +checkconfig() { + if [ ${CONTAINER} = ${SVCNAME} ]; then + eerror "You have to create an init script for each container:" + eerror " ln -s lxc /etc/init.d/lxc.container" + return 1 + fi + + # no need to output anything, the function takes care of that. + [ -z "${CONFIGFILE}" ] && return 1 + + utsname=$(lxc_get_var lxc.uts.name) + if [ -z "$utsname" ] ; then + utsname=$(lxc_get_var lxc.utsname) + fi + + if [ "${CONTAINER}" != "${utsname}" ]; then + eerror "You should use the same name for the service and the" + eerror "container. Right now the container is called ${utsname}" + return 1 + fi +} + +depend() { + # be quiet, since we have to run depend() also for the + # non-muxed init script, unfortunately. + checkconfig 2>/dev/null || return 0 + + config ${CONFIGFILE} + need localmount + use lxcfs + + local _x _if + for _x in $(lxc_get_net_link_type); do + _if=${_x%:*} + case "${_x##*:}" in + # when the network type is set to phys, we can make use of a + # network service (for instance to set it up before we disable + # the net_admin capability), but we might also not set it up + # at all on the host and leave the net_admin capable service + # to take care of it. + phys) use net.${_if} ;; + *) need net.${_if} ;; + esac + done +} + +start() { + checkconfig || return 1 + rm -f /var/log/lxc/${CONTAINER}.log + + rootpath=$(lxc_get_var lxc.rootfs) + + # Check the format of our init and the chroot's init, to see + # if we have to use linux32 or linux64; always use setarch + # when required, as that makes it easier to deal with + # x32-based containers. + case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in + EM_X86_64) setarch=linux64;; + EM_386) setarch=linux32;; + esac + + ebegin "Starting LXC container ${CONTAINER}" + env -i ${setarch} $(which lxc-start) -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log + sleep 1 + + # lxc-start -d will _always_ report a correct startup, even if it + # failed, so rather than trust that, check that the cgroup exists. + # fix for LXC 3.1 + + STATE="$(lxc-info -s -H ${CONTAINER})" + [ "$STATE" = "RUNNING" ] + + eend $? +} + +stop() { + checkconfig || return 1 + + STATE="$(lxc-info -s -H ${CONTAINER})" + + if ! [ "$STATE" = "RUNNING" ]; then + ewarn "${CONTAINER} doesn't seem to be started." + return 0 + fi + + # 30s should be enough to shut everything down + # lxc-stop will return back anyway as soon as successful shutdown + # after 30s, lxc-stop sends SIGKILL (dirty shotdown) + ebegin "Stopping LXC container ${CONTAINER}" + lxc-stop -t 30 -n ${CONTAINER} + eend $? +} diff --git a/app-containers/lxc/files/lxc.service-5.0.0 b/app-containers/lxc/files/lxc.service-5.0.0 new file mode 100644 index 000000000000..35d0dff241d0 --- /dev/null +++ b/app-containers/lxc/files/lxc.service-5.0.0 @@ -0,0 +1,19 @@ +[Unit] +Description=LXC Container Initialization and Autoboot Code +After=network.target lxc-net.service remote-fs.target +Wants=lxc-net.service +Documentation=man:lxc-autostart man:lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load +ExecStart=/usr/libexec//lxc/lxc-containers start +ExecStop=/usr/libexec/lxc/lxc-containers stop +ExecReload=/usr/libexec/lxc/lxc-apparmor-load +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/files/lxc_at.service.5.0.0 b/app-containers/lxc/files/lxc_at.service.5.0.0 new file mode 100644 index 000000000000..447b6c87ec5d --- /dev/null +++ b/app-containers/lxc/files/lxc_at.service.5.0.0 @@ -0,0 +1,19 @@ +[Unit] +Description=LXC Container: %i +# This pulls in apparmor, dev-setup, lxc-net +After=lxc.service +Wants=lxc.service +Documentation=man:lxc-start man:lxc + +[Service] +Type=simple +KillMode=mixed +TimeoutStopSec=120s +ExecStart=/usr/bin/lxc-start -F -n %i +ExecStop=/usr/bin/lxc-stop -n %i +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/lxc/lxc-5.0.3.ebuild b/app-containers/lxc/lxc-5.0.3.ebuild new file mode 100644 index 000000000000..4fdedaf083a2 --- /dev/null +++ b/app-containers/lxc/lxc-5.0.3.ebuild @@ -0,0 +1,169 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0/1.502" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping. +KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86" +IUSE="apparmor +caps examples io-uring lto man pam seccomp selinux ssl systemd test +tools" + +RDEPEND="acct-group/lxc + acct-user/lxc + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap[static-libs] ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( sys-apps/systemd:= ) + tools? ( sys-libs/libcap[static-libs] )" +DEPEND="${RDEPEND} + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + -Dcoverity-build=false + -Doss-fuzz=false + + -Dcommands=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use lto b_lto) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + if use systemd; then + local emesonargs+=( -Dinit-script="systemd" ) + local emesonargs+=( -Dsd-bus=enabled ) + else + local emesonargs+=( -Dinit-script="sysvinit" ) + local emesonargs+=( -Dsd-bus=disabled ) + fi + + use tools && local emesonargs+=( -Dcapabilities=true ) + + if $(tc-ld-is-gold) || $(tc-ld-is-lld); then + local emesonargs+=( -Db_lto_mode=thin ) + else + local emesonargs+=( -Db_lto_mode=default ) + fi + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." + + if use tools; then + bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,usernsexec,wait} + else + bashcomp_alias lxc-start lxc-usernsexec + fi + + keepdir /var/lib/cache/lxc /var/lib/lib/lxc + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd; then + rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.9" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" || + die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/app-containers/lxc/lxc-6.0.0-r1.ebuild b/app-containers/lxc/lxc-6.0.0-r1.ebuild new file mode 100644 index 000000000000..63f9cfbf8e7e --- /dev/null +++ b/app-containers/lxc/lxc-6.0.0-r1.ebuild @@ -0,0 +1,171 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0/1.8" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping. +KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="apparmor +caps examples io-uring lto man pam seccomp selinux ssl systemd test +tools" + +RDEPEND="acct-group/lxc + acct-user/lxc + sys-apps/dbus + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap[static-libs] ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( sys-apps/systemd:= ) + tools? ( sys-libs/libcap[static-libs] )" +DEPEND="${RDEPEND} + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + + # -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD. + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + -Ddbus=true + + -Dcoverity-build=false + -Dinstall-state-dirs=false + -Doss-fuzz=false + -Dspecfile=false + -Dtools-multicall=false + + -Dcommands=true + -Dinstall-init-files=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use lto b_lto) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + $(usex systemd -Dinit-script="systemd" -Dinit-script="sysvinit") + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + use tools && local emesonargs+=( -Dcapabilities=true ) + + if $(tc-ld-is-gold) || $(tc-ld-is-lld); then + local emesonargs+=( -Db_lto_mode=thin ) + else + local emesonargs+=( -Db_lto_mode=default ) + fi + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." + + if use tools; then + bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,usernsexec,wait} + else + bashcomp_alias lxc-start lxc-usernsexec + fi + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd; then + rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.9" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" || + die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "creating your own LXC containers" app-containers/distrobuilder + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/app-containers/lxc/lxc-6.0.0-r2.ebuild b/app-containers/lxc/lxc-6.0.0-r2.ebuild new file mode 100644 index 000000000000..fe1eca7f8977 --- /dev/null +++ b/app-containers/lxc/lxc-6.0.0-r2.ebuild @@ -0,0 +1,172 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 linux-info meson optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="A userspace interface for the Linux kernel containment features" +HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc" +SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )" + +LICENSE="GPL-2 LGPL-2.1 LGPL-3" +SLOT="0/1.8" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping. +KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86" +IUSE="apparmor +caps examples io-uring lto man pam seccomp selinux ssl systemd test +tools" + +RDEPEND="acct-group/lxc + acct-user/lxc + apparmor? ( sys-libs/libapparmor ) + caps? ( sys-libs/libcap[static-libs] ) + io-uring? ( >=sys-libs/liburing-2:= ) + pam? ( sys-libs/pam ) + seccomp? ( sys-libs/libseccomp ) + selinux? ( sys-libs/libselinux ) + ssl? ( dev-libs/openssl:0= ) + systemd? ( + sys-apps/dbus + sys-apps/systemd:= + ) + tools? ( sys-libs/libcap[static-libs] )" +DEPEND="${RDEPEND} + sys-kernel/linux-headers" +BDEPEND="virtual/pkgconfig + man? ( app-text/docbook2X ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +RESTRICT="!test? ( test )" + +CONFIG_CHECK="~!NETPRIO_CGROUP + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + + ~MEMCG + ~NAMESPACES + ~NET_NS + ~PID_NS + + ~POSIX_MQUEUE + ~USER_NS + ~UTS_NS + ~VETH" + +ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" +ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" +ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers" +ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" +ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" +ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" +ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt ) + +pkg_setup() { + linux-info_pkg_setup +} + +src_configure() { + + # -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD. + local emesonargs=( + --localstatedir "${EPREFIX}/var" + + -Dcoverity-build=false + -Dinstall-state-dirs=false + -Doss-fuzz=false + -Dspecfile=false + -Dtools-multicall=false + + -Dcommands=true + -Dinstall-init-files=true + -Dmemfd-rexec=true + -Dthread-safety=true + + $(meson_use apparmor) + $(meson_use caps capabilities) + $(meson_use examples) + $(meson_use io-uring io-uring-event-loop) + $(meson_use lto b_lto) + $(meson_use man) + $(meson_use pam pam-cgroup) + $(meson_use seccomp) + $(meson_use selinux) + $(meson_use ssl openssl) + $(meson_use test tests) + $(meson_use tools) + + $(usex systemd -Ddbus=true -Ddbus=false) + $(usex systemd -Dinit-script="systemd" -Dinit-script="sysvinit") + + -Ddata-path=/var/lib/lxc + -Ddoc-path=/usr/share/doc/${PF} + -Dlog-path=/var/log/lxc + -Drootfs-mount-path=/var/lib/lxc/rootfs + -Druntime-path=/run + ) + + use tools && local emesonargs+=( -Dcapabilities=true ) + + if $(tc-ld-is-gold) || $(tc-ld-is-lld); then + local emesonargs+=( -Db_lto_mode=thin ) + else + local emesonargs+=( -Db_lto_mode=default ) + fi + + meson_src_configure +} + +src_install() { + meson_src_install + + # The main bash-completion file will collide with lxd, need to relocate and update symlinks. + mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir." + + if use tools; then + bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,usernsexec,wait} + else + bashcomp_alias lxc-start lxc-usernsexec + fi + + find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die + + # Replace upstream sysvinit/systemd files. + if use systemd; then + rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir" + else + rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts" + fi + + newinitd "${FILESDIR}/${PN}.initd.9" ${PN} + systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service + systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service + systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service + systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service" + + if ! use apparmor; then + sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" || + die "Failed to remove apparmor references from lxc.service systemd unit." + fi +} + +pkg_postinst() { + elog "Please refer to " + elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide." + elog + elog "Run 'lxc-checkconfig' to see optional kernel features." + elog + + optfeature "creating your own LXC containers" app-containers/distrobuilder + optfeature "automatic template scripts" app-containers/lxc-templates + optfeature "Debian-based distribution container image support" dev-util/debootstrap + optfeature "snapshot & restore functionality" sys-process/criu +} diff --git a/app-containers/lxc/metadata.xml b/app-containers/lxc/metadata.xml new file mode 100644 index 000000000000..7c423aeaca6f --- /dev/null +++ b/app-containers/lxc/metadata.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>juippis@gentoo.org</email> + <name>Joonas Niilola</name> + </maintainer> + <maintainer type="project"> + <email>virtualization@gentoo.org</email> + <name>Gentoo Virtualization Project</name> + </maintainer> + <use> + <flag name="io-uring">Enable io_uring support, and use io_uring instead of epoll</flag> + <flag name="tools">Build and install additional command line tools</flag> + </use> + <upstream> + <remote-id type="github">lxc/lxc</remote-id> + <remote-id type="cpe">cpe:/a:linuxcontainers:lxc</remote-id> + </upstream> +</pkgmetadata> |