lxc/templates/lxc-alpine.in

	lxc-alpine.in revision 5be56973e5e874a142263dfb164b0b03e18a65f3
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa#!/bin/sh
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copakey_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4  alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab  alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copaget_static_apk () {
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    wget="wget -q -O -"
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    pkglist=alpine-keys:apk-tools-static
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    auto_repo_dir=
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    if [ -z "$repository" ]; then
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        if [ -z "$release" ]; then
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen            echo -n "Determining the latest release... "
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen            release=$($wget $url/.latest.$apk_arch.txt | \
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen                cut -d " " -f 3 | cut -d / -f 1 | uniq)
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen            if [ -z "$release" ]; then
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen                echo failed
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen                return 1
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen            fi
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen            echo $release
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        fi
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        auto_repo_dir=$release/main
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        repository=$url/$auto_repo_dir
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        pkglist=$pkglist:alpine-mirrors
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    fi
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    rootfs="$1"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    echo "Using static apk from $repository/$apk_arch"
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    wget="$wget $repository/$apk_arch"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    # parse APKINDEX to find the current versions
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    static_pkgs=$($wget/APKINDEX.tar.gz | \
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        tar -Oxz APKINDEX | \
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        awk -F: -v pkglist=$pkglist '
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa            BEGIN { split(pkglist,pkg) }
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa            $0 != "" { f[$1] = $2 }
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa            $0 == "" { for (i in pkg)
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa                           if (pkg[i] == f["P"])
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa                               print(f["P"] "-" f["V"] ".apk") }')
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    [ "$static_pkgs" ] || return 1
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    mkdir -p "$rootfs" || return 1
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    for pkg in $static_pkgs; do
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        echo "Downloading $pkg"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        $wget/$pkg | tar -xz -C "$rootfs"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    done
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    # clean up .apk meta files
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    rm -f "$rootfs"/.[A-Z]*
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    # verify checksum of the key
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    checksum=$(echo "$key_sha256sums" |  grep -w "$keyname")
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    if [ -z "$checksum" ]; then
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        echo "ERROR: checksum is missing for $keyname"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        return 1
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    fi
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    # verify the static apk binary signature
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    APK=$rootfs/sbin/apk.static
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    if [ "$auto_repo_dir" ]; then
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        mirror_count=$(wc -l $mirror_list | cut -d " " -f 1)
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        repository=$(sed $(expr $RANDOM % $mirror_count + 1)\!d \
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen            $mirror_list)$auto_repo_dir
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen        echo "Selecting mirror $repository"
85b41c7d7f72213199b5cff9525d17f44b49a842Kaarle Ritvanen    fi
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa}
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copainstall_alpine() {
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    rootfs="$1"
670c6ab8caac48ce5cf043796dd8908114b7f607Natanael Copa    shift
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mkdir -p "$rootfs"/etc/apk || return 1
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    : ${keys_dir:=/etc/apk/keys}
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa        cp -r "$keys_dir" "$rootfs"/etc/apk/keys
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    fi
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    if [ -n "$repository" ]; then
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        echo "$repository" > "$rootfs"/etc/apk/repositories
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    else
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1
2e599a6a25b533fe63840edc34ee265811b7b814Natanael Copa        if [ -n "$release" ]; then
2e599a6a25b533fe63840edc34ee265811b7b814Natanael Copa            sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
2e599a6a25b533fe63840edc34ee265811b7b814Natanael Copa                "$rootfs"/etc/apk/repositories
2e599a6a25b533fe63840edc34ee265811b7b814Natanael Copa        fi
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    fi
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    opt_arch=
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    if [ -n "$apk_arch" ]; then
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        opt_arch="--arch $apk_arch"
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    fi
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaconfigure_alpine() {
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    rootfs="$1"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    echo "Setting up /etc/inittab"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    cat >"$rootfs"/etc/inittab<<EOF
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa::sysinit:/sbin/rc sysinit
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa::wait:/sbin/rc default
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copatty1:12345:respawn:/sbin/getty 38400 tty1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa::ctrlaltdel:/sbin/reboot
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa::shutdown:/sbin/rc shutdown
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael CopaEOF
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    # set up nameserver
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    grep nameserver /etc/resolv.conf > "$rootfs/etc/resolv.conf"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    # configure the network using the dhcp
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    # note that lxc will set up lo interface
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    cat <<EOF > $rootfs/etc/network/interfaces
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa#auto lo
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaiface lo inet loopback
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaauto eth0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaiface eth0 inet dhcp
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael CopaEOF
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    # set the hostname
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    echo $hostname > $rootfs/etc/hostname
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    # missing device nodes
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    echo "Setting up device nodes"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mkdir -p -m 755 "$rootfs/dev/pts"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mkdir -p -m 1777 "$rootfs/dev/shm"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/full" c 1 7
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/random" c 1 8
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/urandom" c 1 9
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/tty0" c 4 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/tty1" c 4 1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/tty2" c 4 2
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/tty3" c 4 3
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/tty4" c 4 4
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa#    mknod -m 600 "$rootfs/dev/initctl" p
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/tty" c 5 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/console" c 5 1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    mknod -m 666 "$rootfs/dev/ptmx" c 5 2
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    # start services
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    ln -s /etc/init.d/syslog "$rootfs"/etc/runlevels/default/syslog
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    return 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copacopy_configuration() {
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    path=$1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    rootfs=$2
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    hostname=$3
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    grep -q "^lxc.rootfs" $path/config 2>/dev/null \
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        || echo "lxc.rootfs = $rootfs" >> $path/config
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    if [ -n "$lxc_arch" ]; then
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        echo "lxc.arch = $lxc_arch" >> $path/config
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    fi
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    lxc_network_link_line="# lxc.network.link = br0"
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    for br in lxcbr0 virbr0 br0; do
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa        if [ -d /sys/class/net/$br/bridge ]; then
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa            lxc_network_link_line="lxc.network.link = $br"
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa            break
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa        fi
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    done
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    if ! grep -q "^lxc.network.type" $path/config 2>/dev/null; then
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa        cat <<EOF >> $path/config
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copalxc.network.type = veth
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa$lxc_network_link_line
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copalxc.network.flags = up
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael CopaEOF
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    fi
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    # if there is exactly one veth network entry, make sure it has an
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    # associated mac address.
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    nics=$(grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l)
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config; then
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa        # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa        hwaddr="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa                      head -1 |awk '{print $2}' | cut -c1-10 |\
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa                      sed 's/\(..\)/\1:/g; s/.$//')"
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa        echo "lxc.network.hwaddr = $hwaddr" >> $path/config
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa    fi
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    cat <<EOF >> $path/config
d42277f769d1bed8a4a198a49dbe96582a4fa2ecNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.tty = 4
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.pts = 1024
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.utsname = $hostname
eee3ba81c88e64b8a732694fc4843a39d5bde491Serge Hallynlxc.cap.drop = sys_module mac_admin mac_override sys_time
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# When using LXC with apparmor, uncomment the next line to run unconfined:
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa#lxc.aa_profile = unconfined
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# devices
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.deny = a
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# /dev/null and zero
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 1:3 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 1:5 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# consoles
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 5:1 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 5:0 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 4:0 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 4:1 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# /dev/{,u}random
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 1:9 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 1:8 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 136:* rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.cgroup.devices.allow = c 5:2 rwm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# rtc
eee3ba81c88e64b8a732694fc4843a39d5bde491Serge Hallynlxc.cgroup.devices.allow = c 254:0 rm
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa# mounts point
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copalxc.mount.entry=none dev/pts devpts gid=5,mode=620 0 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael CopaEOF
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    return 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copadie() {
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    echo "$@" >&2
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    exit 1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copausage() {
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael Copa    cat >&2 <<EOF
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle RitvanenUsage: $(basename $0) [-h|--help] [-r|--repository <url>]
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen                   [-R|--release <release>] [-a|--arch <arch>]
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn                   [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn                   [PKG...]
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael CopaEOF
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copausage_err() {
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    usage
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    exit 1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaoptarg_check() {
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    if [ -z "$2" ]; then
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        usage_err "option '$1' requires an argument"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    fi
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa}
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copadefault_path=@LXCPATH@
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanenrelease=
569bee5cc3d647032573db8f72734faa9307d577Natanael Copaarch=$(uname -m)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
5be56973e5e874a142263dfb164b0b03e18a65f3Serge Hallyn# template mknods, requires root
5be56973e5e874a142263dfb164b0b03e18a65f3Serge Hallynif [ $(id -u) -ne 0 ]; then
5be56973e5e874a142263dfb164b0b03e18a65f3Serge Hallyn   echo "$(basename $0): must be run as root" >&2
5be56973e5e874a142263dfb164b0b03e18a65f3Serge Hallyn   exit 1
5be56973e5e874a142263dfb164b0b03e18a65f3Serge Hallynfi
5be56973e5e874a142263dfb164b0b03e18a65f3Serge Hallyn
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copawhile [ $# -gt 0 ]; do
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    opt="$1"
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    shift
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    case "$opt" in
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    -h|--help)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        usage
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        exit 0
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        ;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    -n|--name)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        optarg_check $opt "$1"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        name=$1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        shift
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        ;;
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn    --rootfs)
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn        optarg_check $opt "$1"
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn        rootfs=$1
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn        shift
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn        ;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    -p|--path)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        optarg_check $opt "$1"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        path=$1
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        shift
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        ;;
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael Copa    -r|--repository)
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael Copa        optarg_check $opt "$1"
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael Copa        repository=$1
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael Copa        shift
e5846a6f89db72bdbf3d651e5faf232045d17af8Natanael Copa    ;;
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen    -R|--release)
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen        optarg_check $opt "$1"
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen        release=$1
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen        shift
982e7b6ea40ea57923f4f094858424debc1a5f7fKaarle Ritvanen        ;;
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    -a|--arch)
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        optarg_check $opt "$1"
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        arch=$1
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        shift
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    ;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    --)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        break;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    --*=*)
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa        # split --myopt=foo=bar into --myopt foo=bar
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa        set -- ${opt%=*} ${opt#*=} "$@"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        ;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    -?)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        usage_err "unknown option '$opt'"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        ;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    -*)
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        # split opts -abc into -a -b -c
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        set -- $(echo "${opt#-}" | sed 's/\(.\)/ -\1/g') "$@"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa        ;;
b1aa0624bae5a81d6f6bbc2653a388d148cffef8Natanael Copa    esac
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copadone
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa[ -z "$name" ] && usage_err
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaif [ -z "${path}" ]; then
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa    path="${default_path}/${name}"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copafi
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaif [ -z "$rootfs" ]; then
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn    rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn    if [ -z "$rootfs" ]; then
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn        rootfs="${path}/rootfs"
1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn    fi
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copafi
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copa
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copalxc_arch=$arch
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copaapk_arch=$arch
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copacase "$arch" in
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    i[3-6]86)
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        apk_arch=x86;;
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    x86)
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa        lxc_arch=i686;;
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    x86_64|"") ;;
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa    *)  die "unsupported architecture: $arch";;
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copaesac
2b49de9a3ff182c208148d780f6b26cf8cdd09d8Natanael Copa
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa: ${APK:=apk}
569bee5cc3d647032573db8f72734faa9307d577Natanael Copaif ! which $APK >/dev/null; then
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa    get_static_apk "$rootfs" || die "Failed to download a valid static apk"
569bee5cc3d647032573db8f72734faa9307d577Natanael Copafi
569bee5cc3d647032573db8f72734faa9307d577Natanael Copa
670c6ab8caac48ce5cf043796dd8908114b7f607Natanael Copainstall_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaconfigure_alpine "$rootfs" "$name" || die "Failed to configure $name"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copacopy_configuration "$path" "$rootfs" "$name"