lxc-alpine.in revision d8953e37edd4128fb0edc3165f98b61e78d245f4
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# vim: set ts=4:
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka# Exit on error and treat unset variables as an error.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# LXC template for Alpine Linux 3+
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Note: Do not replace tabs with spaces, it would break heredocs!
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Jakub Jirutka <jakub@jirutka.cz>
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# This library is free software; you can redistribute it and/or
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# modify it under the terms of the GNU Lesser General Public
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# License as published by the Free Software Foundation; either
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# version 2.1 of the License, or (at your option) any later version.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# This library is distributed in the hope that it will be useful,
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# but WITHOUT ANY WARRANTY; without even the implied warranty of
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Lesser General Public License for more details.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# You should have received a copy of the GNU Lesser General Public
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# License along with this library; if not, write to the Free Software
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#=========================== Constants ============================#
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graber# Make sure the usual locations are in PATH
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkareadonly LXC_TEMPLATE_CONFIG='@LXCTEMPLATECONFIG@'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkareadonly LXC_CACHE_DIR="${LXC_CACHE_PATH:-"$LOCAL_STATE_DIR/cache/lxc"}/alpine"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# SHA256 checksums of GPG keys for APK.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
6460d3c5f006d6cdae72e5c01e3a844986d20ff7Natanael Copa2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub
6460d3c5f006d6cdae72e5c01e3a844986d20ff7Natanael Copaebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
6460d3c5f006d6cdae72e5c01e3a844986d20ff7Natanael Copa1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
6460d3c5f006d6cdae72e5c01e3a844986d20ff7Natanael Copa12f899e55a7691225603d6fb3324940fc51cd7f133e7ead788663c2b7eecb00c alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutkareadonly APK_KEYS_URI='http://alpinelinux.org/keys'
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutkareadonly MIRRORS_LIST_URL='http://rsync.alpinelinux.org/alpine/MIRRORS.txt'
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutkaif ! ls "$APK_KEYS_DIR"/alpine* >/dev/null 2>&1; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaif [ ! -x "$APK" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka APK="$LXC_CACHE_DIR/bootstrap/sbin/apk.static"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#======================== Helper Functions ========================#
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka Template specific options can be passed to lxc-create after a '--' like this:
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka lxc-create --name=NAME [lxc-create-options] -- [template-options] [PKG...]
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka PKG Additional APK package(s) to install into the container.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka Template options:
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -a ARCH, --arch=ARCH The container architecture (e.g. x86, x86_64); defaults
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka to the host arch.
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka -d, --debug Run this script in a debug mode (set -x and wget w/o -q).
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -F, --flush-cache Remove cached files before build.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -m URL --mirror=URL The Alpine mirror to use; defaults to random mirror.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -r VER, --release=VER The Alpine release branch to install; default is the
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka latest stable.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka Environment variables:
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka APK The apk-tools binary to use when building rootfs. If not set
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka or not executable and apk is not on PATH, then the script
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka will download the latest apk-tools-static.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka APK_KEYS_DIR Path to directory with GPG keys for APK. If not set and
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka /etc/apk/keys does not contain alpine keys, then the script
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka will download the keys from ${APK_KEYS_URI}.
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka LXC_CACHE_PATH Path to the cache directory where to store bootstrap files
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka and APK packages.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local retval=$1; shift
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka printf 'ERROR: %s\n' "$@" 1>&2
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka printf "\n==> $1\n"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if [ "$DEBUG" = 'yes' ]; then
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka wget -T 10 -O - $@
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka wget -T 10 -O - -q $@
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkalatest_release_branch() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local arch="$1"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka local branch=$(fetch "$MIRROR_URL/latest-stable/releases/$arch/latest-releases.yaml" \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka | sed -En 's/^[ \t]*branch: (.*)$/\1/p' \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka [ -n "$branch" ] && echo "$branch"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaparse_arch() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka x86 | i[3-6]86) echo 'x86';;
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka x86_64 | amd64) echo 'x86_64';;
ff48886e1d46d86ee8b16ef38672bd4368474706Carlo Landmeter aarch64 | arm64) echo 'aarch64';;
ff48886e1d46d86ee8b16ef38672bd4368474706Carlo Landmeter armv7) echo 'armv7';;
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka arm*) echo 'armhf';;
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka *) return 1;;
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkarandom_mirror_url() {
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka local url=$(fetch "$MIRRORS_LIST_URL" | shuf -n 1)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka [ -n "$url" ] && echo "$url"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkarun_exclusively() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local lock_name="$1"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local timeout=$2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mkdir -p "$LOCAL_STATE_DIR/lock/subsys"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka echo -n "Obtaining an exclusive lock..."
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka if ! flock -x 9; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo ' failed.'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka "$@"; retval=$?
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka } 9> "$LOCAL_STATE_DIR/lock/subsys/lxc-alpine-$lock_name"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka return $retval
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#============================ Bootstrap ===========================#
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka if [ "$FLUSH_CACHE" = 'yes' ] && [ -d "$LXC_CACHE_DIR/bootstrap" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka einfo 'Cleaning cached bootstrap files'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka rm -Rf "$LXC_CACHE_DIR/bootstrap"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka einfo 'Fetching and/or verifying APK keys'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka fetch_apk_keys "$APK_KEYS_DIR"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if [ ! -x "$APK" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka einfo 'Fetching apk-tools static binary'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local host_arch=$(parse_arch $(uname -m))
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka fetch_apk_static "$LXC_CACHE_DIR/bootstrap" "$host_arch"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkafetch_apk_keys() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local dest="$1"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local line keyname
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mkdir -p "$dest"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo "$APK_KEYS_SHA256" | while read -r line; do
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka keyname="${line##* }"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if [ ! -f "$keyname" ]; then
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka fetch "$APK_KEYS_URI/$keyname" > "$keyname"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka echo "$line" | sha256sum -c -
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka done || exit 2
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka cd - >/dev/null
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkafetch_apk_static() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local dest="$1"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local arch="$2"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local pkg_name='apk-tools-static'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mkdir -p "$dest"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka local pkg_ver=$(fetch "$MIRROR_URL/latest-stable/main/$arch/APKINDEX.tar.gz" \
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka | tar -xzO APKINDEX \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka | sed -n "/P:${pkg_name}/,/^$/ s/V:\(.*\)$/\1/p")
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka [ -n "$pkg_ver" ] || die 2 "Cannot find a version of $pkg_name in APKINDEX"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka fetch "$MIRROR_URL/latest-stable/main/$arch/${pkg_name}-${pkg_ver}.apk" \
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka | tar -xz -C "$dest" sbin/ # --extract --gzip --directory
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka [ -f "$dest/sbin/apk.static" ] || die 2 'apk.static not found'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local keyname=$(echo "$dest"/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka openssl dgst -sha1 \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -verify "$APK_KEYS_DIR/$keyname" \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -signature "$dest/sbin/apk.static.SIGN.RSA.$keyname" \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka "$dest/sbin/apk.static" \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka || die 2 'Signature verification for apk.static failed'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Note: apk doesn't return 0 for --version
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local out="$("$dest"/sbin/apk.static --version)"
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka [ "${out%% *}" = 'apk-tools' ] || die 3 'apk.static --version failed'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#============================ Install ============================#
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local dest="$1"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local arch="$2"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local branch="$3"
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka local extra_packages="$4"
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka local apk_cache="$LXC_CACHE_DIR/apk/$arch"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local repo_url="$MIRROR_URL/$branch/main"
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka if [ "$FLUSH_CACHE" = 'yes' ] && [ -d "$apk_cache" ]; then
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka einfo "Cleaning cached APK packages for $arch"
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka rm -Rf "$apk_cache"
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka mkdir -p "$apk_cache"
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka einfo "Installing Alpine Linux in $dest"
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka mkdir -p etc/apk
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka ln -s "$apk_cache" etc/apk/cache
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka echo "$repo_url" > etc/apk/repositories
d8953e37edd4128fb0edc3165f98b61e78d245f4roedie install_packages "$arch" "alpine-base $extra_packages"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka make_dev_nodes
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka setup_inittab
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka setup_network
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka setup_services
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka chroot . /bin/true \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka || die 3 'Failed to execute /bin/true in chroot, the builded rootfs is broken!'
20f39db782ec0d2197cf3a81e6038fb908159ef6Jakub Jirutka rm etc/apk/cache
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka cd - >/dev/null
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutkainstall_packages() {
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka local arch="$1"; shift
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka local packages="$@"
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka $APK --arch="$arch" --root=. --keys-dir="$APK_KEYS_DIR" \
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutka --update-cache --initdb add $packages
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkamake_dev_nodes() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mkdir -p -m 755 dev/pts
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mkdir -p -m 1777 dev/shm
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 666 dev/zero c 1 5
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 666 dev/full c 1 7
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 666 dev/random c 1 8
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 666 dev/urandom c 1 9
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local i; for i in $(seq 0 4); do
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 620 dev/tty$i c 4 $i
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka chown 0:5 dev/tty$i # root:tty
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 666 dev/tty c 5 0
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka chown 0:5 dev/tty # root:tty
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 620 dev/console c 5 1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mknod -m 666 dev/ptmx c 5 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka chown 0:5 dev/ptmx # root:tty
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkasetup_inittab() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Remove unwanted ttys.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka sed -i '/^tty[5-9]\:\:.*$/d' etc/inittab
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka cat <<-EOF >> etc/inittab
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Main LXC console console
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka ::respawn:/sbin/getty 38400 console
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkasetup_hosts() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # This runscript injects localhost entries with the current hostname
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # into /etc/hosts.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka cat <<'EOF' > etc/init.d/hosts
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#!/sbin/openrc-run
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local start_tag='# begin generated'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local end_tag='# end generated'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local content=$(
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka $start_tag by /etc/init.d/hosts
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka 127.0.0.1 $(hostname).local $(hostname) localhost
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka ::1 $(hostname).local $(hostname) localhost
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka if grep -q "^${start_tag}" /etc/hosts; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # escape \n, busybox sed doesn't like them
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka content=${content//$'\n'/\\$'\n'}
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka sed -ni "/^${start_tag}/ {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka a\\${content}
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # read and discard next line and repeat until $end_tag or EOF
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka :a; n; /^${end_tag}/!ba; n
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka }; p" /etc/hosts
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka printf "$content" >> /etc/hosts
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Wipe it, will be generated by the above runscript.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Note: loopback is automatically started by LXC.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka iface eth0 inet dhcp
08a204373170880ac46bc3bb578f399bfacb174aAndrey Kostin hostname \$(hostname)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkasetup_services() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local svc_name
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Specify the LXC subsystem.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka sed -i 's/^#*rc_sys=.*/rc_sys="lxc"/' etc/rc.conf
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # boot runlevel
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka for svc_name in bootmisc hosts syslog; do
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka ln -s /etc/init.d/$svc_name etc/runlevels/boot/$svc_name
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # default runlevel
4674d20e336ae6d465cee7b605d68f3eb37db925Alex Athanasopoulos for svc_name in networking cron crond; do
4674d20e336ae6d465cee7b605d68f3eb37db925Alex Athanasopoulos # issue 1164: alpine renamed cron to crond
4674d20e336ae6d465cee7b605d68f3eb37db925Alex Athanasopoulos # Use the one that exists.
4674d20e336ae6d465cee7b605d68f3eb37db925Alex Athanasopoulos if [ -e etc/init.d/$svc_name ]; then
4674d20e336ae6d465cee7b605d68f3eb37db925Alex Athanasopoulos ln -s /etc/init.d/$svc_name etc/runlevels/default/$svc_name
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#=========================== Configure ===========================#
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaconfigure_container() {
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local config="$1"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local hostname="$2"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka local arch="$3"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka cat <<-EOF >> "$config"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Specify container architecture.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka lxc.arch = $arch
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Set hostname.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka lxc.utsname = $hostname
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # If something doesn't work, try to comment this out.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Dropping sys_admin disables container root from doing a lot of things
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # that could be bad like re-mounting lxc fstab entries rw for example,
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # but also disables some useful things like being able to nfs mount, and
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # things that are already namespaced with ns_capable() kernel checks, like
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # hostname(1).
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka lxc.cap.drop = sys_admin
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka # Include common configuration.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka#============================= Main ==============================#
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaif [ "$(id -u)" != "0" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka die 1 "This script must be run as 'root'"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Parse command options.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaoptions=$(getopt -o a:dFm:n:p:r:h -l arch:,debug,flush-cache,mirror:,name:,\
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutkapath:,release:,rootfs:,help,mapped-uid:,mapped-gid: -- "$@")
5afb809607919f245e635a3883d7d7febb0caffaKaarle Ritvaneneval set -- "$options"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Clean variables and set defaults.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaarch="$(uname -m)"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaflush_cache='no'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Process command options.
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copawhile [ $# -gt 0 ]; do
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka arch=$2; shift 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -d | --debug)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka debug='yes'; shift 1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -F | --flush-cache)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka flush_cache='yes'; shift 1
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -m | --mirror)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka mirror_url=$2; shift 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka name=$2; shift 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka path=$2; shift 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka -r | --release)
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka release=$2; shift 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka rootfs=$2; shift 2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka usage; exit 0
04fa4e125397e022d99cd8448b221caef3c92452Jakub Jirutka --mapped-[ug]id)
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka die 1 "This template can't be used for unprivileged containers." \
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka 'You may want to try the "download" template instead.'
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutka echo "Unknown option: $1" 1>&2
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka usage; exit 1
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutkaextra_packages="$@"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka[ "$debug" = 'yes' ] && set -x
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Set global variables.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkareadonly DEBUG="$debug"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkareadonly FLUSH_CACHE="$flush_cache"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkareadonly MIRROR_URL="${mirror_url:-$(random_mirror_url)}"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka# Validate options.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka[ -n "$name" ] || die 1 'Missing required option --name'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka[ -n "$path" ] || die 1 'Missing required option --path'
5845ac2bb83c2d509cbcb9a869d94b793f18ccccJakub Jirutkaif [ -z "$rootfs" ] && [ -f "$path/config" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka rootfs="$(sed -nE 's/^lxc.rootfs\s*=\s*(.*)$/\1/p' "$path/config")"
2a9a0a08077d88ee1d70ca46ca122216f3d1c89aNatanael Copaif [ -z "$rootfs" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka rootfs="$path/rootfs"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaarch=$(parse_arch "$arch") \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka || die 1 "Unsupported architecture: $arch"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaif [ -z "$release" ]; then
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka release=$(latest_release_branch "$arch") \
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka || die 2 'Failed to resolve Alpine last release branch'
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkarun_exclusively 'bootstrap' 10 bootstrap
1125e053fb0dbaad73437ed02e435f36e766fc2bJakub Jirutkarun_exclusively "$arch" 30 install "$rootfs" "$arch" "$release" "$extra_packages"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaconfigure_container "$path/config" "$name" "$arch"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutkaeinfo "Container's rootfs and config have been created"
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka Edit the config file $path/config to check/enable networking setup.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka The installed system is preconfigured for a loopback and single network
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka interface configured via DHCP.
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka To start the container, run "lxc-start -n $name".
6515faa115664909351ac241763bcb374ff62608Jakub Jirutka The root password is not set; to enter the container run "lxc-attach -n $name".