avoid assigning to a variable which is not POSIX shell proof (bug #1498) Signed-off-by: Vincent Catros <vincent.catros@laposte.net>

lxc-alpine: use dl-cdn.a.o as default mirror instead of random one Some mirrors from the mirrors list are not very reliable and it seems that no one really wants to use some random mirror as the default option. Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

alpine: Fix installing extra packages Signed-off-by: Sander Klein <github@roedie.nl>

templates: use correct cron version in alpine template Signed-off-by: Alex Athanasopoulos <alex@melato.org>

templates: add support for new arch on Alpine Linux Signed-off-by: Carlo Landmeter <clandmeter@gmail.com>

Fix hostname in interface config for apline template Signed-off-by: Andrey Kostin <andrey@kostin.email>

Force DHCP client to send hostname Required for proper applying dnsmasq config entries. Signed-off-by: Andrey Kostin <andrey@kostin.email>

lxc-alpine: allow to install additional packages Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

lxc-alpine: cache APK packages instead of rootfs Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

lxc-alpine: remove all bashisms, make it compatible with dash Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

lxc-alpine: make it compatible with ash, replace curl and rsync Now it runs even on minimal Alpine system without bash, curl, openssl or rsync. Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

lxc-alpine: completely rewrite the template script New template script is more readable and robust, uses cache and external LXC config file as other templates. Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

lxc-alpine: use getopt to parse options Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: avoid GNU BRE extensions for better portability Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: fix verification of apk.static binary We need specify which hashing algorithm was used to create the signature we check. Fixes #609 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: create /dev/shm before mounting This is needed for lxc.autodev=1 to work. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Use consistent /proc, /sys and /sys/fs/cgroup (v2) - Implements mixed mode for /sys where it's mounted read-only but with /sys/devices/virtual/net/ writable. - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all templates. - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup. - Get rid of the fstab file by default, using lxc.mount.entry instead. - Set sys:mixed as the default for "sys". sys:mixed is slightly more permissive than sys:ro so this shouldn't be a problem. The read-only bind mount of /sys on top of itself is there so that mountall and other init systems don't attempt to remount /sys read-write. v2 changes: - Fix the mount list, don't specify a source for the remount. - Update the documentation. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: use yaml for detection of latest release Alpine Linux provides yaml files with latest release instead of the old approach with .latest.txt. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: create a default tty for console Create a tty so we get login prompt on console by default Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: make sure /dev/shm is world writeable Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

alpinelinux: set correct lxc_arch for x86 Signed-off-by: Carlo Landmeter <clandmeter@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: add support for architecture arm Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: add checksums for musl libc build server pubkeys We have added 3 new build servers for Alpine Linux musl libc x86, x86_64 and arm. Add the sha256sum for those keys. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: fixes for checkbashism Fix the issues reported by checkbashisms and change back to #!/bin/sh Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Make sure usual locations are in PATH Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: improve refusing to run unprivileged For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Refuse to run unprivileged Only the download and ubuntu-cloud templates work with unprivileged containers, for all others, detect --mapped-uid and error out as early as possible, recommending the use of the download template. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

use susv3 head arguments Without enabling INCLUDE_SUSv2 in busybox, we need to use head's -n argument, rather than -#. Signed-off-by: Christopher Larson <kergoth@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: disable sys_admin by default It is normally not needed. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: mount tmpfs on /dev/shm Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: copy /etc/TZ to container if present Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

handle simple bashisms: - [[ ]] -> [ ] - == -> = - source -> . - redirect of fd 200 is error in mksh, use fd 9 - &> /dev/null -> > /dev/null 2>&1 - useless function keyword - echo -e -> printf still left bash shebang which did not validate with checkbashism, mostly due 'type' being reported as bashism Signed-Off-By: Elan Ruusamäe <glen@delfi.ee> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Tab/spaces consistency for templates Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: enable 4 consoles by default We allow 4 consoles in the LXC config file so we can enable 4 in the inittab as well. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: run bootmisc and syslog at boot runlevel The bootmisc script is needed to clean up various temp dirs like /tmp and migrate /var/run to /run if needed. The syslog service is started in 'boot' runlevel when running on real hardware so we do the same for containers. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: allow /dev/full The template creates /dev/full for the container but needs also give permission to access it. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: enable loopback interface by default It was probably disabled by a mistake Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: add hwaddr for a single macvlan interface We already add harware address for a single veth interface. Do the same with a single macvlan interface. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: create /dev/zero Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

templates: require running as root Up to now lxc-create ensured that you were running as root. Now the templates which require root need to do it for themselves. Templates which do mknod definately require root. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: make --release work when apk exists Use sed to set the specified alpine release in the copied /etc/apk/repositories Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: option for specifying the release to be installed Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: automatic repository selection pick random server from mirror list use the latest stable release Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: download a static package manager if its missing If the package manager, apk-tools is missing, then: - download a static binary and public keys - verify the keys against embedded checksum - verify the signature of the static binary against the downloaded keys - use the verified static binary Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Move container creation fully into the api 1. implement bdev->create: python and lua: send NULL for bdevtype and bdevspecs. They'll want to be updated to pass those in in a way that makes sense, but I can't think about that right now. 2. templates: pass --rootfs If the container is backed by a device which must be mounted (i.e. lvm) then pass the actual rootfs mount destination to the templates. Note that the lxc.rootfs can be a mounted block device. The template should actually be installing the rootfs under the path where the lxc.rootfs is *mounted*. Still, some people like to run templates by hand and assume purely directory backed containers, so continue to support that use case (i.e. if no --rootfs is listed). Make sure the templates don't re-write lxc.rootfs if it is already in the config. (Most were already checking for that) 3. Replace lxc-create script with lxc_create.c program. Changelog: May 24: when creating a container, create $lxcpath/$name/partial, and flock it. When done, close that file and unlink it. In lxc_container_new() and lxcapi_start(), check for this file. If it is locked, create is ongoing. If it exists but is not locked, create() was killed - remove the container. May 24: dont disk-lock during lxcapi_create. The partial lock is sufficient. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

templates: deny writes to host's clock (v2) Don't allow write to /dev/rtc0, and remove sys_time. Thanks, Christoph. v2: drop sys_time, sys_module, mac_admin and mac_override in all templates. Reported-by: Christoph Mitasch <cmitasch@thomas-krenn.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: autodetect standard bridges and set hwaddress Check for lxcbr0, virbr0 and br0 and use one of those if they exist. Set mac address if network type is veth. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-alpine: add support for installing optional packages Let users append a list of packages they want install in the container Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: add support for setting arch from command line This allows us to lxc-create 32 bit guests on x86_64 hosts. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: add --repository option This allows specifying what repository to use for the container. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: indent fixes Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: initial support for Alpine Linux Requires apk-tools (http://git.alpinelinux.org/cgit/apk-tools) Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>