lxc/templates/lxc-gentoo.in

	lxc-gentoo.in revision b69e7bf14e8182912bfda2472ca7caffd60cef41
2454dfa32c93c20a8522c6ed42fe057baaac9f9aStephan Bosch#!/bin/bash
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainen# LXC template for gentoo
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen#
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen# Author: Guillaume Zitta <lxc@zitta.fr>
58be9d6bcc3800f5b3d76a064ee767fbe31a5a8aTimo Sirainen#
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen# Widely inspired from lxc-gentoo script at https://github.com/globalcitizen/lxc-gentoo
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen# this version is reworked with :
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# - out of the lxc-create compat
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# - vanilla gentoo config
e9594e86dc601b72c1636f2b901dcfbf4ffaf47fAki Tuomi# - ready to use cache
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# Detect use under userns (unsupported)
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainenfor arg in "$@"; do
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen    [ "$arg" = "--" ] && break
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        echo "This template can't be used for unprivileged containers." 1>&2
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        echo "You may want to try the \"download\" template instead." 1>&2
e8fd7988ec183fb6c104aed19a61f1a096c51d34Timo Sirainen        exit 1
e8fd7988ec183fb6c104aed19a61f1a096c51d34Timo Sirainen    fi
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainendone
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainen# Make sure the usual locations are in PATH
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainenexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
fafa6393128960c70a9979af1c23cea41027fdd1Josef 'Jeff' Sipek
0b2c958d1cdcbeb46c2ce7ada0917b304ad89dc1Timo Sirainen# Ensure strict root's umask doesen't render the VM unusable
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainenumask 022
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainen
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo SirainenLXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainen################################################################################
ad850190d946d34966a56838cfdb216e021b5b5fTimo Sirainen#                        Various helper functions
ad850190d946d34966a56838cfdb216e021b5b5fTimo Sirainen################################################################################
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainen
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainen# param: $1: the name of the lock
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainen# param: $2: the timeout for the lock
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainen# The rest contain the command to execute and its parameters
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainenexecute_exclusively()
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainen{
d35fee8d1e5e31614dba5e64d45ed23c7d6bfa53Timo Sirainen    mkdir -p @LOCALSTATEDIR@/lock/subsys/
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    local lock_name="$1"
19e8adccba16ff419f5675b1575358c2956dce83Timo Sirainen    local timeout="$2"
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen    shift 2
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen    {
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen        printf "Attempting to obtain an exclusive lock (timeout: %s sec) named \"%s\"...\n" "${timeout}" "$lock_name"
19e8adccba16ff419f5675b1575358c2956dce83Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        flock -x -w "${timeout}" 50
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        if [[ $? -ne 0 ]]; then
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen            printf " => unable to obtain lock, aborting.\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            return 2
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        else
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            printf " => done.\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        fi
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        printf " => Executing \"%s\"\n" "$*"
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        "$@"
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        retval=$?
5bd1c1d4fe3265d5e6b6054044fd6d78e42c9d0aTimo Sirainen    } 50> "@LOCALSTATEDIR@/lock/subsys/lxc-gentoo-${lock_name}"
5bd1c1d4fe3265d5e6b6054044fd6d78e42c9d0aTimo Sirainen    return $retval
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen}
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# a die function is always a good idea
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainendie()
6e235046e1d8e9d89fc948f5c623676c20421a28Timo Sirainen{
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf "\n[the last exit code leading to this death was: %s ]\n" "$?"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    local retval="$1"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    shift 1
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    printf "$@"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    exit "$retval"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen}
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# gentoo arch/variant detection
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenset_default_arch()
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen{
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen    printf "### set_default_arch: default arch/variant autodetect...\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    arch=$(uname -m)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if [[ $arch =~ i.86 ]]; then
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        arch="x86"
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        variant="x86"
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen    elif [[ $arch == "x86_64" ]]; then
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        arch="amd64"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        variant="amd64"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    elif [[ $arch =~ arm.* ]]; then
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        arch="arm"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        variant="armv7a"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    else
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        #who knows, it may work...
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        printf " => warn: unexpected arch:${arch} let me knows if it works :)\n"
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen        variant="${arch}"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    fi
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen    printf " => Got: arch=%s variant=%s\n" "${arch}" "${variant}"
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen}
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainenstore_user_message()
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen{
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    user_message="${user_message}=> $@\n"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen}
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen################################################################################
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen#                    CACHE Preparation
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen################################################################################
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen# during setup cachedir is $cacheroot/partial-$arch-$variant
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen# at the end, it will be   $cacheroot/rootfs-$arch-$variant
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainencache_setup(){
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen    partialfs="${cacheroot}/partial-${arch}-${variant}"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    #if cache exists and flush not needed, return
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    [[ -d "${cachefs}" && -z "${flush_cache}" ]] && return 0
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    printf "###### cache_setup(): doing cache preparation\n"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    local retval=1
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    #clean from failed previous run
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    rm -rf "${partialfs}"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    mkdir -p "${partialfs}"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    #let's go
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    cache_precheck && \
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    cache_stage3 && \
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    cache_portage && \
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen    cache_inittab && \
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen    cache_net && \
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    cache_dev && \
f330b7d9e14255fc06bc82908d9bc5a12cccb424Timo Sirainen    cache_openrc && \
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    cache_locale && \
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    rm -rf "${cachefs}" && \
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    mv "${partialfs}" "${cachefs}" && \
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    printf "###### cache_setup: Cache should be ready\n"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen    return $?
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen}
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainencache_precheck()
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen{
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    printf "### cache_precheck(): doing some pre-start checks ...\n"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    # never hurts to have a fail-safe.
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    [[ -n "${cacheroot//\/}" ]] \
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        || die 8 "\$cacheroot (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${cacheroot}"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen}
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen#get latest stage3 tarball
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainencache_stage3()
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen{
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    printf "### cache_stage3(): stage3 cache deployment...\n"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    if [ -z "${tarball}" ]; then
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen        #variables init
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        local stage3_baseurl="${mirror}/releases/${arch}/autobuilds"
04b8a90af181cc4c7959266855e8ed50a22ed413Timo Sirainen
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        # get latest-stage3....txt file for subpath
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen        local stage3_pointer="${stage3_baseurl}/latest-stage3-${variant}.txt"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        printf "Determining path to latest Gentoo %s (%s) stage3 archive...\n" "${arch}" "${variant}"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        printf " => downloading and processing %s\n" "${stage3_pointer}"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        local stage3_latest_tarball=$(wget -q -O - "${stage3_pointer}" | tail -n1 ) \
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen            || die 6 "Error: unable to fetch\n"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        printf " => Got: %s\n" "${stage3_latest_tarball}"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        printf "Downloading/untarring the actual stage3 tarball...\n"
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen        wget -O - "${stage3_baseurl}/${stage3_latest_tarball}" | tar -xjpf - -C "${partialfs}" \
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen            || die 6 "Error: unable to fetch or untar\n"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        printf " => extracted to: %s\n" "${partialfs}"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    else
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen        printf "Extracting the stage3 tarball...\n"
85da8c055280cd45553b6b335e9fb226d6e2801eTimo Sirainen        tar -xpf "${tarball}" -C "${partialfs}" || die 6 "unable to untar ${tarball} to ${partialfs}"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    fi
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    #check if it chroots
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    printf "chroot test..."
2131ef7a3390f15ea6a958256ea54908f1096350Timo Sirainen    chroot ${partialfs} /bin/true || die 1 "Error: chroot %s /bin/true, failed" "${partialfs}"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    printf " OK\n"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    printf " => stage3 cache extracted in : %s\n" "${partialfs}"
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    return 0
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen}
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainencache_portage()
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen{
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf "### cache_portage: caching portage tree tarball...\n"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    [[ -z "${flush_cache}" && -f "${portage_cache}" ]] && return 0
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    rm -f ${portage_cache}
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf "Downloading Gentoo portage (software build database) snapshot...\n"
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    execute_exclusively portage 60 wget -O "${portage_cache}" "${mirror}/snapshots/portage-latest.tar.bz2" \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    || die 6 "Error: unable to fetch\n"
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    printf " => done.\n"
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen}
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen# custom inittab
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainencache_inittab()
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen{
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    printf "### cache_inittab: tuning inittab...\n"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
58be9d6bcc3800f5b3d76a064ee767fbe31a5a8aTimo Sirainen    INITTAB="${partialfs}/etc/inittab"
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    [[ -w "$INITTAB" ]] || die 1 "Error: $INITTAB is not writeable"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    # create console
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen    echo "# Lxc main console" >> "$INITTAB"
6b85bc4b03e552cfaeeae872d63c2d8ac5fcb7c4Timo Sirainen    echo "1:12345:respawn:/sbin/agetty -a root --noclear 115200 console linux" >> "$INITTAB"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    # finally we add a pf line to enable clean shutdown on SIGPWR (issue 60)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    echo "# clean container shutdown on SIGPWR" >> "$INITTAB"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    echo "pf:12345:powerwait:/sbin/halt" >> "$INITTAB"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    # we also blank out /etc/issue here in order to prevent delays spawning login
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    # caused by attempts to determine domainname on disconnected containers
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    sed -i 's/[\][Oo]//g' "${partialfs}/etc/issue"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen}
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainencache_net()
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen{
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    printf "### cache_net: doing some useful net tuning...\n"
620b5ed41650da63b0ba15c489f9f312231d5d9bTimo Sirainen    # useful for chroot
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    # /etc/resolv.conf
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    grep -i 'search ' /etc/resolv.conf > "${partialfs}/etc/resolv.conf"
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    grep -i 'nameserver ' /etc/resolv.conf >> "${partialfs}/etc/resolv.conf"
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    # fix boot-time interface config wipe under aggressive cap drop
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    # (openrc 0.9.8.4 ~sep 2012 - https://bugs.gentoo.org/show_bug.cgi?id=436266)
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    # initial warkaround was: sed -i -e 's/^#rc_nostop=""/rc_nostop="net.eth0 net.lo"/' "${partialfs}/etc/rc.conf"
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    # but this one does not depends on interfaces names
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    echo 'rc_keyword="-stop"' >> "${partialfs}/etc/conf.d/net"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen}
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainencache_dev()
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen{
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    printf "### cache_dev(): /dev tuning...\n"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    mkdir "${partialfs}/dev/pts"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    mkdir "${partialfs}/dev/shm"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    mkdir "${partialfs}/dev/mqueue"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    mkdir -m 755 "${partialfs}/dev/net"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    mknod -m 666 "${partialfs}/dev/net/tun"        c 10 200
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    return 0
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen}
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen# fix openrc system
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainencache_openrc()
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen{
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    printf "### cache_openrc(): doing openrc tuning\n"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    chroot "${partialfs}" sed s/-lxc//g -i "/etc/init.d/devfs"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen    return 0
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen}
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainencache_locale()
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen{
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen   printf "### cache_locale(): initiating minimale locale en_US.UTF-8 \n"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen   echo "en_US.UTF-8 UTF-8" >> "${partialfs}/etc/locale.gen"
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen   chroot "${partialfs}" locale-gen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen   return 0
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen}
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen################################################################################
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen#                    CONTAINER Preparation
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen################################################################################
f0ff961282e618945dfe997dc45ff95d656e5790Timo Sirainen
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainencontainer_setup() {
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    printf "##### container_setup(): starting container setup\n"
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen
25c22e54d1071d120641e9eecd0023e7373e65ffTimo Sirainen    #in most cases lxc-create should have provided a copy of default lxc.conf
8ac66221e8fdc2c5523cff1893e0d1c5de25fa49Timo Sirainen    #let's tag where template starts, or just create the files
8ac66221e8fdc2c5523cff1893e0d1c5de25fa49Timo Sirainen    echo '### lxc-gentoo template stuff starts here' >> "$path/config"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    #Determine rootfs
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    #If backingstore was specified, lxc.rootfs should be present or --rootfs did the rootfs var creation
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if [ -z "${rootfs}" ]; then
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen        rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        if [ -z "${rootfs}" ]; then
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            #OK it's default
920b9f0fdfa5a5d7763e05736601a31bcb291a53Timo Sirainen            rootfs="${path}/rootfs"
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen        fi
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainen    fi
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen    store_user_message "rootfs of container is : ${rootfs}"
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen    store_user_message "config of container is : ${path}/config"
e192a3b1ca8ae857e7d87298ea507d32977ba570Timo Sirainen
e192a3b1ca8ae857e7d87298ea507d32977ba570Timo Sirainen    container_precheck && \
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainen    container_rootfs && \
e192a3b1ca8ae857e7d87298ea507d32977ba570Timo Sirainen    container_consoles && \
811f2e26d9782d9cb99fdf82e18ffa0a77564fe2Timo Sirainen    container_tz && \
a40d26f83af808a0ea1e212c001d682a96d870b0Timo Sirainen    container_portage && \
f501ad38c51cf1d8f4f84313922c785e6ae6e81fTimo Sirainen    container_net && \
c4877db8b6559846f4b58be8e42422dc734c193fTimo Sirainen    container_hostname && \
6bc0f424bcdb9119d8159874cf98adfa53eefd9aTimo Sirainen    container_auth && \
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    container_sshd && \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    container_conf
f501ad38c51cf1d8f4f84313922c785e6ae6e81fTimo Sirainen    if [ $? -ne 0 ]; then
8b9342aa96b2f297e23afb261f9f7dd859800952Timo Sirainen        die 1 "container_setup(): one step didn't complete, sorry\n"
8b9342aa96b2f297e23afb261f9f7dd859800952Timo Sirainen    fi
8b9342aa96b2f297e23afb261f9f7dd859800952Timo Sirainen
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    printf "###### container_setup(): container should be ready to start!\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf "\n\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf "You could now use you container with: lxc-start -n %s\n" "${name}"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf "little things you should know about your container:\n"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf "${user_message}"
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    return 0
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen}
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainencontainer_precheck()
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen{
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    printf "### container_precheck(): doing some pre-start checks ...\n"
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    # never hurts to have a fail-safe.
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    [[ -n "${name//\/}" ]] \
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        || die 8 "\$name (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${name}"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    [[ -n "${rootfs//\/}" ]] \
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        || die 8 "\$rootfs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${rootfs}"
9af06b76539445d2d84d6e1bcb91685b6abeb4e0Timo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    [[ -n "${cachefs//\/}" ]] \
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        || die 8 "\$cachefs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${cachefs}"
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    # check if the rootfs already exists
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    [[ -d "${rootfs}/etc" ]] && die 18 "Error: \$rootfs (%s) already exists!" "${rootfs}"
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    # check cache
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    [[ ! -d "${cachefs}/etc" ]] && die 1 "Error: \$cachefs (%s) not found!" "${cachefs}"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    return 0
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen}
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainencontainer_rootfs()
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen{
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf "#### container_rootfs(): copying rootfs %s from cache %s ...\n" "${rootfs}" "${cachefs}"
9af06b76539445d2d84d6e1bcb91685b6abeb4e0Timo Sirainen    tar -c -f - -C "${cachefs}" . | tar -x -p -f - -C "${rootfs}" || die 1 "Error: cache copy to rootfs failed"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf "chroot test..."
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    chroot "${rootfs}" /bin/true || die 1 "Error: 'chroot %s /bin/true' failed"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf " OK\n"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf " => done\n"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    return 0
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen}
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainencontainer_consoles() {
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    printf "#### container_consoles(): setting container consoles ...\n"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    # disable unwanted ttys
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    if [[ ${tty} < 6 ]]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        local mindis=$(( ${tty} + 1 ))
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        sed -i "s/^c[${mindis}-6]/#&/" "${rootfs}/etc/inittab"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    fi
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf " => main console + ${tty} ttys\n"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    if [[ -z "${autologin}" ]]; then
bb86f8f22f2561438ce710d2113f04a4d0082b50Timo Sirainen        sed 's/agetty -a root/agetty/' -i "${rootfs}/etc/inittab"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    elif [[ "${user}" != "root" ]]; then
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen        sed "s/agetty -a root/agetty -a ${user}/" -i "${rootfs}/etc/inittab"
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen        printf " => Autologin on main console for %s enabled\n" "${user}"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        [[ -z "${forced_password}" ]] && unset password
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        store_user_message "${user} has autologin on main console"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    else
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen        printf " => Autologin on main console for root enabled\n"
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen        [[ -z "${forced_password}" ]] && unset password
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen        store_user_message "${user} has autologin on main console"
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen    fi
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen    printf " => done\n"
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen}
ab1e5b156d1b5480d36ed6e8e06197339d803038Timo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainencontainer_tz()
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen{
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    printf "#### container_tz(): setting container timezone ...\n"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    #let's try to copy it from host
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    if [ -L "/etc/localtime" ]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        #host has a symlink
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        #let see if we can reproduct symlink
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        target=$(readlink /etc/localtime)
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        if [[ "$target" != "" ]]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen            if [ -f "${rootfs}/${target}" ]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen                #same target exists in container
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen                chroot "${rootfs}" ln -sf "${target}" "/etc/localtime"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen                printf " => host symlink reproducted in container : %s\n" "${target}"
dad1d7b721e80a7e6c0282ace93aef86312fa579Timo Sirainen                store_user_message "timezone copyed from host"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen                return 0
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen            fi
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen        fi
dad1d7b721e80a7e6c0282ace93aef86312fa579Timo Sirainen    fi
dad1d7b721e80a7e6c0282ace93aef86312fa579Timo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    if [ -e /etc/localtime ]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        # duplicate host timezone
82ed69779f49bd71ef1b570ce8aca67d357dbee8Timo Sirainen        cat /etc/localtime > "${rootfs}/etc/localtime"
82ed69779f49bd71ef1b570ce8aca67d357dbee8Timo Sirainen        printf " => host localtime copyed to container\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        store_user_message "timezone was staticly copyed from host"
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    else
82ed69779f49bd71ef1b570ce8aca67d357dbee8Timo Sirainen        # otherwise set up UTC
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        chroot "${rootfs}" ln -sf /usr/share/zoneinfo/UTC /etc/localtime
6b85bc4b03e552cfaeeae872d63c2d8ac5fcb7c4Timo Sirainen        printf " => fallback: fixed to UTC\n"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen        store_user_message "timezone was fixed to UTC"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen    fi
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen}
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainencontainer_portage()
97144a346898fb62f9fae44fa5c076986553c66bTimo Sirainen{
97144a346898fb62f9fae44fa5c076986553c66bTimo Sirainen    printf "#### container_portage(): setting container portage... \n"
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    #default entry for conf
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    portage_mount="#container set with private portage tree, no mount here"
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    printf "Warnings are normal here, don't worry\n"
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    #container repos detection
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    if chroot ${rootfs} portageq get_repo_path / gentoo > /dev/null ; then
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen        portage_container="$(chroot ${rootfs} portageq get_repo_path / gentoo)"
97144a346898fb62f9fae44fa5c076986553c66bTimo Sirainen    else
97144a346898fb62f9fae44fa5c076986553c66bTimo Sirainen        die 1 "Failed to figure out container portage tree location with portageq get_repo_path / gentoo\n"
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen    fi
9bd08aa09ea0cbd7b221aae9fc0534eb762d3de6Timo Sirainen
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    if [[ -n "${private_portage}" ]]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        container_private_portage
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        return 0
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    fi
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    if [ -z "${portage_dir}" ]; then
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        #gentoo host detection
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen        printf "trying to guess portage_dir from host...\n"
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen        portage_dir="$(portageq get_repo_path / gentoo 2>/dev/null)"
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen        if [ ! -d "${portage_dir}/profiles" ]; then
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen            printf " => host portage detection failed (not gentoo host), fallback to private portage tree\n"
211c638d81d382517d196ad47565e0d85012c927klemens            container_private_portage
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen            return 0
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen        fi
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen    else
1e47cfede3a0b62654105daab00e97b5d660bc6bTimo Sirainen        if [ ! -d "${portage_dir}/profiles" ]; then
9af06b76539445d2d84d6e1bcb91685b6abeb4e0Timo Sirainen            die 1 "specified portage_dir (%s) does not contains profiles, is it a portage tree ?\n" "${portage_dir}"
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        fi
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    fi
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen
8ac66221e8fdc2c5523cff1893e0d1c5de25fa49Timo Sirainen    printf "trying to guess portage distfiles dir from host ...\n"
8ac66221e8fdc2c5523cff1893e0d1c5de25fa49Timo Sirainen    portage_distfiles_dir="$(portageq distdir 2>/dev/null)"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    if [ ! -d "${portage_distfiles_dir}" ]; then
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    portage_distfiles_dir="${portage_dir}/distfiles"
9af06b76539445d2d84d6e1bcb91685b6abeb4e0Timo Sirainen    fi
9af06b76539445d2d84d6e1bcb91685b6abeb4e0Timo Sirainen
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    # if we are here, we have shared portage_dir
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    #ensure dir exists
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    chroot "${rootfs}" mkdir ${portage_container}
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen        portage_mount="#container set with shared portage
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.mount.entry=${portage_dir} ${portage_container/\//} none ro,bind 0 0
de9b2ee7878a73346ba0eee34798abb22ffcfcb6Timo Sirainenlxc.mount.entry=${portage_distfiles_dir} ${portage_container/\//}/distfiles none rw,bind 0 0
82ed69779f49bd71ef1b570ce8aca67d357dbee8Timo Sirainen#If you use eix, you should uncomment this
82ed69779f49bd71ef1b570ce8aca67d357dbee8Timo Sirainen#lxc.mount.entry=/var/cache/eix var/cache/eix none ro,bind 0 0"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    store_user_message "container has a shared portage from host's ${portage_dir} to ${portage_container/\//}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        #Let's propose binary packages
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    cat <<- EOF >> "${rootfs}/etc/portage/make.conf"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen# enable this to store built binary packages
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#FEATURES="\$FEATURES buildpkg"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen# enable this to use built binary packages
4b231ca0bbe3b536acbd350101e183441ce0247aTimo Sirainen#EMERGE_DEFAULT_OPTS="\${EMERGE_DEFAULT_OPTS} --usepkg"
4b231ca0bbe3b536acbd350101e183441ce0247aTimo Sirainen
58be9d6bcc3800f5b3d76a064ee767fbe31a5a8aTimo Sirainen# enable and *tune* this kind of entry to slot binaries, specialy if you use multiples archs and variants
4b231ca0bbe3b536acbd350101e183441ce0247aTimo Sirainen#PKGDIR="\${PKGDIR}/amd64
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen#or PKGDIR="\${PKGDIR}/hardened"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo SirainenEOF
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf " => portage stuff done, see /etc/portage/make.conf for additionnal tricks\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen}
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainencontainer_private_portage()
5bd1c1d4fe3265d5e6b6054044fd6d78e42c9d0aTimo Sirainen{
5bd1c1d4fe3265d5e6b6054044fd6d78e42c9d0aTimo Sirainen    #called from container_portage() do not call directly from container_setup
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    printf "# untaring private portage to %s from %s ... \n" "${rootfs}/${portage_container}" "${portage_cache}"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    mkdir -p "${rootfs}/${portage_container}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    execute_exclusively portage 60 tar -xp --strip-components 1 -C "${rootfs}/${portage_container}" -f "${portage_cache}" \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        || die 2 "Error: unable to extract the portage tree.\n"
e9594e86dc601b72c1636f2b901dcfbf4ffaf47fAki Tuomi    store_user_message "container has its own portage tree at ${portage_container}"
e9594e86dc601b72c1636f2b901dcfbf4ffaf47fAki Tuomi    printf "=> done\n"
e9594e86dc601b72c1636f2b901dcfbf4ffaf47fAki Tuomi}
e9594e86dc601b72c1636f2b901dcfbf4ffaf47fAki Tuomi
e9594e86dc601b72c1636f2b901dcfbf4ffaf47fAki Tuomi#helper func for container_genconf_net()
7707c4b35b868eda75b585c863d97726ff23f80fMartti Rannanjärvinic_write()
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen{
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    #display with gentoo's confd.net format
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    echo "config_${nic_name}=\"${nic_conf}\""
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen    #add to managed list
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    [[ "${nic_conf}" == "dhcp" ]] && nic_managed="${nic_managed} ${nic_name}"
f81801789c71f64a2fc3c44d09f9864bbc68cd45Timo Sirainen    [[ "${nic_conf}" == "null" ]] && nic_unmanaged="${nic_unmanaged} ${nic_name}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    [[ -z "${nic_hwaddr}" && ${nic_type} == "veth" ]] && nic_wo_hwaddr="${nic_wo_hwaddr} ${nic_name}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    nic_writed=1
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen}
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen#Analyse lxc.conf and print conf.d/net content
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainencontainer_conf_net()
46d91e9ea8bf41e56c5436c064372171c5876d81Timo Sirainen{
46d91e9ea8bf41e56c5436c064372171c5876d81Timo Sirainen    local file=${1}
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    [[ -z "${nic_last}" ]] && nic_last=-1
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    [[ -z "${nic_named}" ]] && nic_named=0
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    OLDIFS=$IFS
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    IFS="
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen"
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    #let's do some drity bash things to parse lxc network conf
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    for line in $( sed -r "s/[ ]*=[ ]*/_real_ugly_sep_42_/" "${file}" ); do
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen        key=$(echo "${line}" | sed 's/_real_ugly_sep_42_.*$//')
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen        value=$(echo "${line}" | sed 's/^.*_real_ugly_sep_42_//')
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        #new nic !
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen        if [[ "${key}" == "lxc.network.type" ]]; then
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            #we don't know what to do with it.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            [[ "${value}" == "empty" ]] && continue
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            #write conf from previous loops
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            [[ "${nic_writed}" == "0" ]] && nic_write
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen            #init defaults
a835194f9a9dae88528367a791cbc282589f6c01Timo Sirainen            let nic_last=nic_last+1
0b878c6a17c608fcd8b52a5762ed2c6a5cf4700aTimo Sirainen
678d0463849ba777106eb7875f27db07a5d8e3dfTimo Sirainen            nic_writed=0
678d0463849ba777106eb7875f27db07a5d8e3dfTimo Sirainen            #if 1 named between 2 not named: last is eth1
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            #=> Number is ID munis number of named NIC before
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen            nic_name="eth$(( ${nic_last} - ${nic_named} ))"
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen            nic_conf="dhcp"
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen            nic_type="${value}"
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen        fi
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainen
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainen                if [[ "${key}" == "lxc.network.hwaddr" ]]; then
13c6532dc104d23061e6901783ceb1ff8872c206Timo Sirainen                nic_hwaddr=1
13c6532dc104d23061e6901783ceb1ff8872c206Timo Sirainen        fi
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen
66ecc94150cbce23aad3240135e0782e0a74d479Timo Sirainen        if [[ "${key}" =~ ^lxc.network.ipv(4|6) ]]; then
17018da24e7dbb419c5047c316caadcb2fc5364aTimo Sirainen            #tell openrc to not manage this NIC as LXC set there address
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen            nic_conf="null"
18d92dbbb752c79dc461514e52f7ef11847e636bTimo Sirainen        fi
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        if [[ "${key}" =~ ^lxc.network.name ]]; then
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen            nic_name="${value}"
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen            let nic_named=nic_named+1
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen        fi
59151b71059df1190acd75d8717ed04a7920c862Timo Sirainen        if [[ "${key}" == "lxc.include" ]]; then
59151b71059df1190acd75d8717ed04a7920c862Timo Sirainen            #recursive into include
da5d50534cfca45d0aaaf0bdac17b287b4588809Timo Sirainen            container_conf_net "${value}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        fi
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    done
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen    #write conf from previous loops
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen    [[ "${nic_writed}" == "0" ]] && nic_write
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen    IFS=$OLDIFS
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen}
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainencontainer_net()
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen{
f239eb76f77afcbc0bfc97c9b52b4407d1bc3fe6Timo Sirainen    printf "container_net(): setting container network conf... \n"
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    #Analyse network configuration in config
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen    container_conf_net "$path/config" >> "${rootfs}/etc/conf.d/net"
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen        # found how much nic finaly have
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen    nic_count=$(( ${nic_last} + 1 ))
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        # unless openrc manage a nic, we now have to force openrc to automatic
519e0a461271843833a2b42626ad93f6e7ddc497Timo Sirainen    # provision of the 'net' dep. If we do not, network dependent services
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    # will fail to load
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if [[ -z "${nic_managed}" ]]; then
122ee3c9e8cf7f51c323204626970c314a32df05Timo Sirainen        #tell openrc that lxc already did the work
122ee3c9e8cf7f51c323204626970c314a32df05Timo Sirainen        echo 'rc_provide="net"' >> "${rootfs}/etc/rc.conf"
3ccab0bac68040f179a7de45c516cec258e28fdbTimo Sirainen    fi
648d24583c1574441c4fa0331a90bd4d6e7996c5Timo Sirainen
0cea9b1f4fa0495a48f5f097e40492517d67e1baTimo Sirainen    #No NIC ?
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    if [[ ${nic_count} == 0 ]]; then
0cea9b1f4fa0495a48f5f097e40492517d67e1baTimo Sirainen        #If no Nic, no need to continue
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        bridge=$(brctl show | awk 'NR==2 {print $1}')
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        if [[ "${bridge}" != "" ]]; then
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                        store_user_message "No network interface for this container
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenIt's a pitty, you have bridge, ${bridge}.
d0bbbc7057aa33b52ee378196dee7d773437468fTimo SirainenIf it is for Lxc, use it next time by adding this to your default.conf :
2af769daebd83719ac696a440e06f6020471cec0Timo Sirainenlxc.network.type = veth
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainenlxc.network.link = ${bridge}
51b979b6414b940f04677a7e2d064be119345954Timo Sirainenlxc.network.flags = up
51b979b6414b940f04677a7e2d064be119345954Timo Sirainenlxc.network.hwaddr = fe:xx:xx:xx:xx:xx"
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen                        return 0
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen        else
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen                store_user_message "No network interface for this container"
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen                        return 0
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen        fi
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen    fi
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    #For each openrc managed nic, activate
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainen    sys_nic_index=1
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainen    for nic in ${nic_managed}
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainen    do
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen        chroot "${rootfs}" ln -s net.lo "/etc/init.d/net.${nic}"
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen        chroot "${rootfs}" rc-update add net.${nic} default
036626b19f14bef582f96e556913ae91b1d67881Timo Sirainen        #fake sysfs for openrc, in case settings does not provide it
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen        mkdir -p "${rootfs}/sys/class/net/${nic}"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen        echo ${sys_nic_index} > "${rootfs}/sys/class/net/${nic}/ifindex"
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen        echo up > "${rootfs}/sys/class/net/${nic}/operstate"
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen        let sys_nic_index=sys_nic_index+1
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen    done
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen        #Warn about dynamic hwaddr
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen    if [[ -n "${nic_wo_hwaddr}" ]]; then
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen                store_user_message "Warning, these veth NIC don't have fixed hwaddr :
4aae8acbcfa9cac96b4af39bfabcbe569e804827Timo Sirainen${nic_wo_hwaddr}
5bdad39213d28ab35e615a7f4ea1712ab25b6a80Timo Sirainen
5bdad39213d28ab35e615a7f4ea1712ab25b6a80Timo Sirainensee http://lists.linuxcontainers.org/pipermail/lxc-devel/2013-December/006736.html
5bdad39213d28ab35e615a7f4ea1712ab25b6a80Timo Sirainenand man lxc.conf"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    fi
763f83d3cc47bce05cbc396419c4db2b71dd8e68Timo Sirainen
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen    printf " => network conf done.\n"
4aae8acbcfa9cac96b4af39bfabcbe569e804827Timo Sirainen}
4aae8acbcfa9cac96b4af39bfabcbe569e804827Timo Sirainen
4aae8acbcfa9cac96b4af39bfabcbe569e804827Timo Sirainen# custom hostname
51b979b6414b940f04677a7e2d064be119345954Timo Sirainencontainer_hostname()
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen{
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen    printf "#### container_hostname(): setting hostname... \n"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    printf "hostnale=%s\n" "${name}" > "${rootfs}/etc/conf.d/hostname"
bc564f1d3d953cf724828322b11ae89e0f59ffc9Timo Sirainen    printf " => done.\n"
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen}
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainencontainer_auth()
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen{
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    printf "#### container_auth(): setting authentification... \n"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen    if [[ "${user}" != "root" ]]; then
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen        printf " non root user requested, creating... \n"
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen        chroot "${rootfs}" useradd --create-home -s /bin/bash "${user}" || die 1 "failed to create user ${user}"
6cb2c6ecddcdbeac9e6c73a292244747e12a793eTimo Sirainen        printf "  => user %s created\n" "${user}"
2af769daebd83719ac696a440e06f6020471cec0Timo Sirainen    fi
2af769daebd83719ac696a440e06f6020471cec0Timo Sirainen    store_user_message "Connection user is ${user}"
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen    #Home of user
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    auth_home=$(chroot "${rootfs}" getent passwd "${user}" | cut -d : -f 6)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if [[ -r "${auth_key}" ]]; then
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen        printf " deploying auth_key %s for user %s ...\n" "${auth_key}" "${user}"
82ed69779f49bd71ef1b570ce8aca67d357dbee8Timo Sirainen        mkdir -p "${rootfs}/${auth_home}/.ssh"
df6478c4cf605bd81b3891c148b84c14eb6c4035Timo Sirainen        cat >> "${rootfs}/${auth_home}/.ssh/authorized_keys"
df6478c4cf605bd81b3891c148b84c14eb6c4035Timo Sirainen        chroot "${rootfs}" chown "${user}:" "${auth_home}/.ssh/authorized_keys"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        printf "  => inserted public key in %s/.ssh/authorized_keys\n" "${auth_home}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        [[ -z "${forced_password}" ]] && unset password
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen        store_user_message "${user} has the ssh key you gived us"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    fi
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen    if [[ -n "${password}" ]]; then
6a8a4c9f530668cd8961b73d702856ed94f05f80Timo Sirainen        printf " setting password for %s ...\n" "${user}"
0d0451206a91e9f96e522075dce28a89adc2325dTimo Sirainen        echo "${user}:${password}" | chroot "${rootfs}" chpasswd || die 1 "failed to change password"
1c0590b2729567ad60dafde4d2c5f19635755a3dTimo Sirainen        printf "  => done. if you didn't specify , default is 'toor'\n"
1c0590b2729567ad60dafde4d2c5f19635755a3dTimo Sirainen        if [[ -n "${forced_password}" ]]; then
ba482d3624ca4f1b3d638e6e8470ba5134f21493Timo Sirainen            store_user_message "${user} has the password you give for him"
ba482d3624ca4f1b3d638e6e8470ba5134f21493Timo Sirainen        else
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen            store_user_message "${user} has the default password 'toor', please change it ASAP"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        fi
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    fi
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    printf " => done.\n"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen}
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
84da9c6d6e162b064608cbfa9a47e0d60553c593Timo Sirainencontainer_sshd() {
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    printf "#### container_sshd(): enabling sshd... \n"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    chroot "${rootfs}" rc-update add sshd || die 1 "failed to enable sshd\n"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    printf " => done.\n"
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen}
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen################################################################################
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen#                        lxc configuration files
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen################################################################################
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainencontainer_conf()
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen{
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    printf "container_configuration(): making lxc configuration file... \n"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    #at this point if there
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    conf_file="${path}/config"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    if grep -q "^lxc.rootfs" "${conf_file}" ; then
425cbcea60cf689b0069698c83f8bdc474d70693Timo Sirainen        #lxc-create already provided one
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        conf_rootfs_line=""
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    else
114a0f74e0f825c6bd8aeadfafb248a030762a1fTimo Sirainen        conf_rootfs_line="lxc.rootfs = $(readlink -f "${rootfs}")"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    fi
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    if [[ "${arch}" == "x86" || "${arch}" == "amd64" ]]; then
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen        local conf_arch_line="lxc.arch = ${arch}"
6fdf8b5e4e71a69f5974f59eec2b8c19bc421fe2Timo Sirainen    else
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen        local conf_arch_line="# lxc.arch = ${arch}"
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    fi
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    cat <<- EOF >> "${conf_file}"
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen# sets container architecture
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen# If desired architecture != amd64 or x86, then we leave it unset as
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen# LXC does not oficially support anything other than x86 or amd64.
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen${conf_arch_line}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen# set the hostname
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainenlxc.utsname = ${name}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainenlxc.tty = ${tty}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen${conf_rootfs_line}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen${portage_mount}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen${conf_sysfs}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen${conf_mounts}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc.include = ${LXC_TEMPLATE_CONFIG}/gentoo.${settings}.conf
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenEOF
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen    printf  " => done.\n"
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen}
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainenusage()
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen{
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen    cat <<EOF
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen$1 -h|--help [-a|--arch <arch>] [-v|--variant <variant>] [-P|--private-portage] [--portage-dir <protagedir>] [-t|--tarball <stage3file>]
ab70f55bb8d824ca1ed7c74196f2f502edd29cc7Timo Sirainen [-F|--flush-cache] [-c|--cache-only] [-u|--user <username>] [-w|--password <password>] [--autologin] [-S|--auth-key <keyfile>]
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen [-s|--settings <name>] [-m|--mirror <gentoomirror>] [--tty <number>]
d0bbbc7057aa33b52ee378196dee7d773437468fTimo Sirainen
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainenarch: the container architecture (e.g. amd64): defaults to host arch (currently: '${arch}')
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    If you choose one that needs emulation
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainen    tested: amd64, x86
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainen    You could try any other gentoo arch, why not...
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenvariant: gentoo's Architecture variant as of dec 2013 : (currently: '${variant}')
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen    for amd64 arch: amd64 (default), amd64-hardened+nomultilib, amd64-hardened, amd64-nomultilib, x32
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainen    for x86 arch: i686 (default), i486, i686-hardened
4bbee99b3aef449a9a2a11a5b5cf1ca486915c49Timo Sirainen    for arm arch: armv7a (default), armv7a_hardfp, armv6j, armv6j_hardfp, armv5tel, armv4tl
62cfc346eb7b0a4fd9e1ab6edd63b98711161229Timo Sirainen
62cfc346eb7b0a4fd9e1ab6edd63b98711161229Timo Sirainenprivate-portage: by default, /usr/portage is mount-binded with host one if exists (currently: '${private_portage}')
62cfc346eb7b0a4fd9e1ab6edd63b98711161229Timo Sirainen    this force container to have his own copy
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainenportage-dir: portage dir used for shared portage
62cfc346eb7b0a4fd9e1ab6edd63b98711161229Timo Sirainen    by default the host on if any (currently: '${portage_dir}')
62cfc346eb7b0a4fd9e1ab6edd63b98711161229Timo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainentarball: force usage of local stage3 archive (currently: '${arch}')
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen    If empty, latest will be downloaded
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainen
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainenflush-cache: do like there is no previous cache
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainen
f501ad38c51cf1d8f4f84313922c785e6ae6e81fTimo Sirainencache-only: just ensure cache is present
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    if cache exists and "flush-cache" not specified, does nothing
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainen
72cbf33ae81fde08384d30c779ff540752d9256cTimo Sirainenuser: user used in auth oriented options (currently: '${user}')
b780aa272b742a43579cdb523cc79cc8d4521306Timo Sirainen
51b979b6414b940f04677a7e2d064be119345954Timo Sirainenpassword: password for user (currently: '${password}')
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen    if default, usage of auth-key will disable password setting
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen
51b979b6414b940f04677a7e2d064be119345954Timo Sirainenautologin: enable autologin for user (currently: '${autologin}')
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    This unset default password setting
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen
a817fdcc43aedf423e2134091d5f83f91d64bcc9Timo Sirainenauth-key: SSH Public key file to inject into container for user (currently: '${auth_key}')
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    This unset default password setting
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainensettings: choose common configuration (currently: '${settings}')
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainen    see ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainen    Available settings:
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    $(ls -1 ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf | xargs basename -a -s .conf | sed 's/^gentoo.//')
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainenmirror: gentoo mirror for download (currently: '${mirror}')
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainen
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainentty: number of tty (6 max) (currently: '${tty}')
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo SirainenEOF
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainen    exit 0
8ac66221e8fdc2c5523cff1893e0d1c5de25fa49Timo Sirainen}
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainen
bba52ecbb0cfb6585f1a4ff29695dd2d27af98d2Timo Sirainen#some overridable defaults
bba52ecbb0cfb6585f1a4ff29695dd2d27af98d2Timo Sirainenset_default_arch
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainen
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainenmirror="http://distfiles.gentoo.org"
dbd9604da561399cc6255289d5b6f6f662ab2d00Timo Sirainenuser="root"
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainenpassword="toor"
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainentty=1
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainensettings="common"
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainenoptions=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth_key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Siraineneval set -- "$options"
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainenwhile true
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainendo
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen    case "$1" in
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen    -h|--help)             usage $0 && exit 0;;
044b0557e92ae0bb3b25af49d5468bad3d17db43Timo Sirainen    --rootfs)              rootfs=$2; shift 2;;
044b0557e92ae0bb3b25af49d5468bad3d17db43Timo Sirainen    -p|--path)             path=$2; shift 2;;
044b0557e92ae0bb3b25af49d5468bad3d17db43Timo Sirainen    -n|--name)             name=$2; shift 2;;
044b0557e92ae0bb3b25af49d5468bad3d17db43Timo Sirainen    -a|--arch)             arch=$2; shift 2;;
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen    -F|--flush-cache)      flush_cache=1; shift 1;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -c|--cache-only)       cache_only=1; shitf 1;;
044b0557e92ae0bb3b25af49d5468bad3d17db43Timo Sirainen    -P|--private-portage)  private_portage=1; shift 1;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -v|--variant)          variant=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    --portage-dir)         portage_dir=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -t|--tarball)          tarball=$2; shift 2;;
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen    -S|--auth-key)         auth_key=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -u|--user)             user=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -w|--password)         forced_password=1; password=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -s|--settings)         settings=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    -m|--mirror)           mirror=$2; shift 2;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    --tty)                 [[ $2 -lt 6 ]] && tty=$2; shift 2;;
131b073bdc3650083b00616dc778dd3017c2bbb5Timo Sirainen    --autologin)            autologin=1; shift 1;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    --) shift 1; break ;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    *)           break ;;
289064eb21595d3e4460439eccdc48232d13f5e1Timo Sirainen    esac
f3976df875193529127d584cb713983e8160bdcfTimo Sirainendone
f3976df875193529127d584cb713983e8160bdcfTimo Sirainen
f3976df875193529127d584cb713983e8160bdcfTimo Sirainencacheroot="@LOCALSTATEDIR@/cache/lxc/gentoo"
f3976df875193529127d584cb713983e8160bdcfTimo Sirainenportage_cache="${cacheroot}/portage.tbz"
f3976df875193529127d584cb713983e8160bdcfTimo Sirainencachefs="${cacheroot}/rootfs-${arch}-${variant}"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenalias wget="wget --timeout=8 --read-timeout=15 -c -t10 -nd"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainendo_all() {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    cache_setup
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if [ -z "${cache_only}" ]; then
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        container_setup
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    fi
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen}
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen
4b058f90f9e8a2c6b2eed275de4eb8cc5195a71dTimo Sirainenexecute_exclusively "cache-${arch}-${variant}" 60 do_all
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen