lxc-alpine.in revision 569bee5cc3d647032573db8f72734faa9307d577
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutkakey_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo "Using static apk from $repository/$apk_arch"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka awk -F: -v pkglist="alpine-keys:apk-tools-static" '
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka BEGIN { split(pkglist,pkg) }
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka $0 != "" { f[$1] = $2 }
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka $0 == "" { for (i in pkg)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if (pkg[i] == f["P"])
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graber checksum=$(echo "$key_sha256sums" | grep -w "$keyname")
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo "ERROR: checksum is missing for $keyname"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
6460d3c5f006d6cdae72e5c01e3a844986d20ff7Natanael Copa -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo "$repository" > "$rootfs"/etc/apk/repositories
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka::sysinit:/sbin/rc sysinit
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka::wait:/sbin/rc default
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutkatty1:12345:respawn:/sbin/getty 38400 tty1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka::ctrlaltdel:/sbin/reboot
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka::shutdown:/sbin/rc shutdown
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka grep nameserver /etc/resolv.conf > "$rootfs/etc/resolv.conf"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaiface lo inet loopback
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaiface eth0 inet dhcp
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# mknod -m 600 "$rootfs/dev/initctl" p
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka ln -s /etc/init.d/syslog "$rootfs"/etc/runlevels/default/syslog
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka grep -q "^lxc.rootfs" $path/config 2>/dev/null \
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa || echo "lxc.rootfs = $rootfs" >> $path/config
ff48886e1d46d86ee8b16ef38672bd4368474706Carlo Landmeter lxc_network_link_line="# lxc.network.link = br0"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if [ -d /sys/class/net/$br/bridge ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka lxc_network_link_line="lxc.network.link = $br"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka if ! grep -q "^lxc.network.type" $path/config 2>/dev/null; then
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.network.type = veth
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa$lxc_network_link_line
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.network.flags = up
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa # if there is exactly one veth network entry, make sure it has an
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa nics=$(grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka hwaddr="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo "lxc.network.hwaddr = $hwaddr" >> $path/config
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.pts = 1024
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.utsname = $hostname
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cap.drop = sys_module mac_admin mac_override sys_time
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# When using LXC with apparmor, uncomment the next line to run unconfined:
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#lxc.aa_profile = unconfined
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutkalxc.cgroup.devices.deny = a
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# /dev/null and zero
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 1:3 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 1:5 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 5:1 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 5:0 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 4:0 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 4:1 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# /dev/{,u}random
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 1:9 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 1:8 rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 136:* rwm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.cgroup.devices.allow = c 5:2 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 254:0 rm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# mounts point
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalxc.mount.entry=none dev/pts devpts gid=5,mode=620 0 0
6515faa115664909351ac241763bcb374ff62608Jakub JirutkaUsage: $(basename $0) [-h|--help] [-r|--repository <url>] [-a|--arch <arch>]
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
d8953e37edd4128fb0edc3165f98b61e78d245f4roedie # split --myopt=foo=bar into --myopt foo=bar
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # split opts -abc into -a -b -c
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka set -- $(echo "${opt#-}" | sed 's/\(.\)/ -\1/g') "$@"
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutkaif [ -z "${path}" ]; then
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutkaif [ -z "$rootfs" ]; then
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if [ -z "$rootfs" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka get_static_apk "$rootfs" || die "Failed to download a valid static apk"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkainstall_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaconfigure_alpine "$rootfs" "$name" || die "Failed to configure $name"