lxc/templates/lxc-ubuntu.in

	lxc-ubuntu.in revision 1897e3bcd36af9f3fe6d3649910a9adb93e5e988
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi#!/bin/bash
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# template script for generating ubuntu container for LXC
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# This script consolidates and extends the existing lxc ubuntu scripts
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# Copyright � 2011 Serge Hallyn <serge.hallyn@canonical.com>
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# Copyright � 2010 Wilhelm Meier
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# This program is free software; you can redistribute it and/or modify
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# it under the terms of the GNU General Public License version 2, as
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# published by the Free Software Foundation.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# This program is distributed in the hope that it will be useful,
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# but WITHOUT ANY WARRANTY; without even the implied warranty of
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# GNU General Public License for more details.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# You should have received a copy of the GNU General Public License along
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# with this program; if not, write to the Free Software Foundation, Inc.,
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumiset -e
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumiif [ -r /etc/default/lxc ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    . /etc/default/lxc
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graberfi
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graberconfigure_ubuntu()
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber{
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber    rootfs=$1
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber    hostname=$2
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber    release=$3
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber    # configure the network using the dhcp
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cat <<EOF > $rootfs/etc/network/interfaces
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# This file describes the network interfaces available on your system
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi# and how to activate them. For more information, see interfaces(5).
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi# The loopback network interface
8c3a756ed4cf22f9fdab5f95d067321e6ddcc425KATOH Yasufumiauto lo
8c3a756ed4cf22f9fdab5f95d067321e6ddcc425KATOH Yasufumiiface lo inet loopback
8c3a756ed4cf22f9fdab5f95d067321e6ddcc425KATOH Yasufumi
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumiauto eth0
8c3a756ed4cf22f9fdab5f95d067321e6ddcc425KATOH Yasufumiiface eth0 inet dhcp
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH YasufumiEOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # set the hostname
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cat <<EOF > $rootfs/etc/hostname
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi$hostname
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH YasufumiEOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # set minimal hosts
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cat <<EOF > $rootfs/etc/hosts
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi127.0.0.1   localhost
8adef7614d4340b4ee44a4441fadd530f48515edKATOH Yasufumi127.0.1.1   $hostname
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi# The following lines are desirable for IPv6 capable hosts
8c3a756ed4cf22f9fdab5f95d067321e6ddcc425KATOH Yasufumi::1     ip6-localhost ip6-loopback
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumife00::0 ip6-localnet
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumiff00::0 ip6-mcastprefix
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumiff02::1 ip6-allnodes
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumiff02::2 ip6-allrouters
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH YasufumiEOF
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        # suppress log level output for udev
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        # remove jobs for consoles 5 and 6 since we only create 4 consoles in
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        # this template
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        rm -f $rootfs/etc/init/tty{5,6}.conf
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi    fi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    if [ -z "$bindhome" ]; then
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        chroot $rootfs useradd --create-home -s /bin/bash ubuntu
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    fi
8adef7614d4340b4ee44a4441fadd530f48515edKATOH Yasufumi
8adef7614d4340b4ee44a4441fadd530f48515edKATOH Yasufumi    # make sure we have the current locale defined in the container
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ -z "$LANG" ] || echo $LANG | grep -E -q "^C(\..+)*$"; then
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi        chroot $rootfs locale-gen en_US.UTF-8
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi        chroot $rootfs update-locale LANG=en_US.UTF-8
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi    else
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi        chroot $rootfs locale-gen $LANG
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi        chroot $rootfs update-locale LANG=$LANG
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi    fi
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi    # generate new SSH keys
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi    if [ -x $rootfs@LOCALSTATEDIR@/lib/dpkg/info/openssh-server.postinst ]; then
adf4b4083369a8bb7ed3c2ce3dd85dcaed7323c4KATOH Yasufumi        rm -f $rootfs/etc/ssh/ssh_host_*key*
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        mv $rootfs/etc/init/ssh.conf $rootfs/etc/init/ssh.conf.disabled
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        chroot $rootfs @LOCALSTATEDIR@/lib/dpkg/info/openssh-server.postinst configure
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        mv $rootfs/etc/init/ssh.conf.disabled $rootfs/etc/init/ssh.conf
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    return 0
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# finish setting up the user in the container by injecting ssh key and
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# adding sudo group membership.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# passed-in user is either 'ubuntu' or the user to bind in from host.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumifinalize_user()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    user=$1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        groups="sudo"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    else
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        groups="sudo admin"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    for group in $groups; do
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    done
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi    if [ -n "$auth_key" -a -f "$auth_key" ]; then
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi        u_path="/home/${user}/.ssh"
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi        root_u_path="$rootfs/$u_path"
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi        mkdir -p $root_u_path
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi        cp $auth_key "$root_u_path/authorized_keys"
92cbfdaf682dca9cf60243f23c2e911181bfc7abKATOH Yasufumi        chroot $rootfs chown -R ${user}: "$u_path"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    return 0
8adef7614d4340b4ee44a4441fadd530f48515edKATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# Choose proxies for container
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# http_proxy will be used by debootstrap on the host.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# APT_PROXY will be used to set /etc/apt/apt.conf.d/70proxy in the container.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumichoose_container_proxy()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
420dfb599b22b8e39e6e51437d17213d4f778735Dwight Engen    local rootfs=$1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    local arch=$2
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ -z "$HTTP_PROXY" ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        HTTP_PROXY="none"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    case "$HTTP_PROXY" in
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    none)
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        APT_PROXY=
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        ;;
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    apt)
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        RES=`apt-config shell APT_PROXY Acquire::http::Proxy`
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        eval $RES
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        [ -z "$APT_PROXY" ] || export http_proxy=$APT_PROXY
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        ;;
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    *)
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        APT_PROXY=$HTTP_PROXY
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        export http_proxy=$HTTP_PROXY
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        ;;
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    esac
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumiwrite_sourceslist()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # $1 => path to the rootfs
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # $2 => architecture we want to add
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # $3 => whether to use the multi-arch syntax or not
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ -n "$APT_PROXY" ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        mkdir -p $rootfs/etc/apt/apt.conf.d
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        cat > $rootfs/etc/apt/apt.conf.d/70proxy << EOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH YasufumiAcquire::http::Proxy "$APT_PROXY" ;
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH YasufumiEOF
db821c3a4168c9c1072a433340e6009892e26cf2KATOH Yasufumi    fi
db821c3a4168c9c1072a433340e6009892e26cf2KATOH Yasufumi
db821c3a4168c9c1072a433340e6009892e26cf2KATOH Yasufumi    case $2 in
db821c3a4168c9c1072a433340e6009892e26cf2KATOH Yasufumi      amd64|i386)
db821c3a4168c9c1072a433340e6009892e26cf2KATOH Yasufumi            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
db821c3a4168c9c1072a433340e6009892e26cf2KATOH Yasufumi            SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            ;;
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi      *)
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            ;;
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    esac
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ -n "$3" ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        cat >> "$1/etc/apt/sources.list" << EOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumideb [arch=$2] $MIRROR ${release} main restricted universe multiverse
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumideb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumideb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH YasufumiEOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    else
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        cat >> "$1/etc/apt/sources.list" << EOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumideb $MIRROR ${release} main restricted universe multiverse
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumideb $MIRROR ${release}-updates main restricted universe multiverse
a1e4c206d5373b8ecd7906bff37f2601d65f022cKATOH Yasufumideb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
0dc296145715c36795ad0ad561f115afdd758223KATOH YasufumiEOF
a1e4c206d5373b8ecd7906bff37f2601d65f022cKATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumicleanup()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    rm -rf $cache/partial-$arch
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    rm -rf $cache/rootfs-$arch
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumisuggest_flush()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "Container upgrade failed.  The container cache may be out of date,"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "in which case flushing the case (see -F in the hep output) may help."
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
41e8e807c8e85289bb717a365056b9437555e25aKATOH Yasufumidownload_ubuntu()
41e8e807c8e85289bb717a365056b9437555e25aKATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cache=$1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    arch=$2
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    release=$3
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    packages=vim,ssh
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # Try to guess a list of langpacks to install
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    langpacks="language-pack-en"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if which dpkg >/dev/null 2>&1; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        langpacks=`(echo $langpacks &&
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi                    dpkg -l | grep -E "^ii  language-pack-[a-z]* " |
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi                        cut -d ' ' -f3) | sort -u`
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    packages="$packages,$(echo $langpacks | sed 's/ /,/g')"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "installing packages: $packages"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    trap cleanup EXIT SIGHUP SIGINT SIGTERM
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # check the mini ubuntu was not already downloaded
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    mkdir -p "$cache/partial-$arch"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ $? -ne 0 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        echo "Failed to create '$cache/partial-$arch' directory"
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        return 1
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
bf3e09c00eab82850782ad6ec74e4403d84ae866KATOH Yasufumi    choose_container_proxy $cache/partial-$arch/ $arch
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    # download a mini ubuntu into a cache
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "Downloading ubuntu $release minimal ..."
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    if [ -n "$(which qemu-debootstrap)" ]; then
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    else
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    fi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi    if [ $? -ne 0 ]; then
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi        echo "Failed to download the rootfs, aborting."
7a49a081dd1d4f92e3c82df344709e3206457e46KATOH Yasufumi            return 1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # Serge isn't sure whether we should avoid doing this when
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # $release == `distro-info -d`
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "Installing updates"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    > $cache/partial-$arch/etc/apt/sources.list
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    write_sourceslist $cache/partial-$arch/ $arch
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    chroot "$1/partial-${arch}" apt-get update
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ $? -ne 0 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        echo "Failed to update the apt cache"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        return 1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi#!/bin/sh
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumiexit 101
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH YasufumiEOF
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y || { suggest_flush; false; }
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    chroot "$1/partial-${arch}" apt-get clean
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    mv "$1/partial-$arch" "$1/rootfs-$arch"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    trap EXIT
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    trap SIGINT
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    trap SIGTERM
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    trap SIGHUP
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "Download complete"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    return 0
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumicopy_ubuntu()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cache=$1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    arch=$2
420dfb599b22b8e39e6e51437d17213d4f778735Dwight Engen    rootfs=$3
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # make a local copy of the miniubuntu
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    echo "Copying rootfs to $rootfs ..."
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    mkdir -p $rootfs
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    rsync -Ha $cache/rootfs-$arch/ $rootfs/ || return 1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    return 0
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumiinstall_ubuntu()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    rootfs=$1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    release=$2
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    flushcache=$3
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cache="@LOCALSTATEDIR@/cache/lxc/$release"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    mkdir -p @LOCALSTATEDIR@/lock/subsys/
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    (
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        flock -x 200
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        if [ $? -ne 0 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            echo "Cache repository is busy."
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            return 1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        if [ $flushcache -eq 1 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            echo "Flushing cache..."
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            rm -rf "$cache/partial-$arch"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            rm -rf "$cache/rootfs-$arch"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        echo "Checking cache download in $cache/rootfs-$arch ... "
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        if [ ! -e "$cache/rootfs-$arch" ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            download_ubuntu $cache $arch $release
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            if [ $? -ne 0 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi                echo "Failed to download 'ubuntu $release base'"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi                return 1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        echo "Copy $cache/rootfs-$arch to $rootfs ... "
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        copy_ubuntu $cache $arch $rootfs
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        if [ $? -ne 0 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            echo "Failed to copy rootfs"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi            return 1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        return 0
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-ubuntu
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    return $?
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi}
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumicopy_configuration()
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi{
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    path=$1
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    rootfs=$2
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    name=$3
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    arch=$4
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    release=$5
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ $arch = "i386" ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        arch="i686"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    ttydir=""
8c3a756ed4cf22f9fdab5f95d067321e6ddcc425KATOH Yasufumi    if [ -f $rootfs/etc/init/container-detect.conf ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        ttydir=" lxc"
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # if there is exactly one veth network entry, make sure it has an
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    # associated hwaddr.
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    if [ $nics -eq 1 ]; then
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi        grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    fi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi    cat <<EOF >> $path/config
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.mount = $path/fstab
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.pivotdir = lxc_putold
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.devttydir =$ttydir
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.tty = 4
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.pts = 1024
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.utsname = $name
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.arch = $arch
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumilxc.cap.drop = sys_module mac_admin mac_override sys_time
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi
cab79123082bef9ba265c9c8b9176b8b8afedd64KATOH Yasufumi# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
# To support container nesting on an Ubuntu host, uncomment next two lines:
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups

lxc.cgroup.devices.deny = a
# Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rm
# fuse
lxc.cgroup.devices.allow = c 10:229 rwm
# tun
lxc.cgroup.devices.allow = c 10:200 rwm
# full
lxc.cgroup.devices.allow = c 1:7 rwm
# hpet
lxc.cgroup.devices.allow = c 10:228 rwm
# kvm
lxc.cgroup.devices.allow = c 10:232 rwm
EOF

    cat <<EOF > $path/fstab
proc            proc         proc    nodev,noexec,nosuid 0 0
sysfs           sys          sysfs defaults  0 0
EOF

    if [ $? -ne 0 ]; then
        echo "Failed to add configuration"
        return 1
    fi

    return 0
}

trim()
{
    rootfs=$1
    release=$2

    # provide the lxc service
    cat <<EOF > $rootfs/etc/init/lxc.conf
# fake some events needed for correct startup other services

description     "Container Upstart"

start on startup

script
        rm -rf /var/run/*.pid
        rm -rf /var/run/network/*
        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
        /sbin/initctl emit started JOB=udev --no-wait
end script
EOF

    # fix buggus runlevel with sshd
    cat <<EOF > $rootfs/etc/init/ssh.conf
# ssh - OpenBSD Secure Shell server
#
# The OpenSSH server provides secure shell access to the system.

description "OpenSSH server"

start on filesystem
stop on runlevel [!2345]

expect fork
respawn
respawn limit 10 5
umask 022
# replaces SSHD_OOM_ADJUST in /etc/default/ssh
oom never

pre-start script
    test -x /usr/sbin/sshd || { stop; exit 0; }
    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
    test -c /dev/null || { stop; exit 0; }

    mkdir -p -m0755 /var/run/sshd
end script

# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
# 'exec' line here instead
exec /usr/sbin/sshd
EOF

    cat <<EOF > $rootfs/etc/init/console.conf
# console - getty
#
# This service maintains a console on tty1 from the point the system is
# started until it is shut down again.

start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]

respawn
exec /sbin/getty -8 38400 /dev/console
EOF

    cat <<EOF > $rootfs/lib/init/fstab
# /lib/init/fstab: cleared out for bare-bones lxc
EOF

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove

    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'

    # if this isn't lucid, then we need to twiddle the network upstart bits :(
    if [ $release != "lucid" ]; then
        sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
    fi
}

post_process()
{
    rootfs=$1
    release=$2
    trim_container=$3

    if [ $trim_container -eq 1 ]; then
        trim $rootfs $release
    elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
        # Make sure we have a working resolv.conf
        cresolvonf="${rootfs}/etc/resolv.conf"
        mv $cresolvonf ${cresolvonf}.lxcbak
        cat /etc/resolv.conf > ${cresolvonf}

        # for lucid, if not trimming, then add the ubuntu-virt
        # ppa and install lxcguest
        if [ $release = "lucid" ]; then
            chroot $rootfs apt-get update
            chroot $rootfs apt-get install --force-yes -y python-software-properties
            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
        fi

        chroot $rootfs apt-get update
        chroot $rootfs apt-get install --force-yes -y lxcguest

        # Restore old resolv.conf
        rm -f ${cresolvonf}
        mv ${cresolvonf}.lxcbak ${cresolvonf}
    fi

    # If the container isn't running a native architecture, setup multiarch
    if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
        dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
        if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
            chroot $rootfs dpkg --add-architecture ${hostarch}
        else
            mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
            echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
        fi

        # Save existing value of MIRROR and SECURITY_MIRROR
        DEFAULT_MIRROR=$MIRROR
        DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR

        # Write a new sources.list containing both native and multiarch entries
        > ${rootfs}/etc/apt/sources.list
        write_sourceslist $rootfs $arch "native"

        MIRROR=$DEFAULT_MIRROR
        SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
        write_sourceslist $rootfs $hostarch "multiarch"

        # Finally update the lists and install upstart using the host architecture
        chroot $rootfs apt-get update
        chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
    fi

    # rmdir /dev/shm for containers that have /run/shm
    # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
    # get bind mounted to the host's /run/shm.  So try to rmdir
    # it, and in case that fails move it out of the way.
    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
        mv $rootfs/dev/shm $rootfs/dev/shm.bak
        ln -s /run/shm $rootfs/dev/shm
    fi
}

do_bindhome()
{
    rootfs=$1
    user=$2

    # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
    pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
    echo $pwd >> $rootfs/etc/passwd

    # make sure user's shell exists in the container
    shell=`echo $pwd | cut -d: -f 7`
    if [ ! -x $rootfs/$shell ]; then
        echo "shell $shell for user $user was not found in the container."
        pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
        echo "Installing $pkg"
        chroot $rootfs apt-get --force-yes -y install $pkg
    fi

    shad=`getent shadow $user`
    echo "$shad" >> $rootfs/etc/shadow

    # bind-mount the user's path into the container's /home
    h=`getent passwd $user | cut -d: -f 6`
    mkdir -p $rootfs/$h

    # use relative path in container
    h2=${h#/}
    while [ ${h2:0:1} = "/" ]; do
        h2=${h2#/}
    done
    echo "$h $h2 none bind 0 0" >> $path/fstab

    # Make sure the group exists in container
    grp=`echo $pwd | cut -d: -f 4`  # group number for $user
    grpe=`getent group $grp` || return 0  # if host doesn't define grp, ignore in container
    chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
}

usage()
{
    cat <<EOF
$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
   [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
   [--rootfs <rootfs>]
release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
trim: make a minimal (faster, but not upgrade-safe) container
bindhome: bind <user>'s home into the container
          The ubuntu user will not be created, and <user> will have
          sudo access.
arch: the container architecture (e.g. amd64): defaults to host arch
auth-key: SSH Public key file to inject into container
EOF
    return 0
}

options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug,rootfs: -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
if [ -f /etc/lsb-release ]; then
    . /etc/lsb-release
    if [ "$DISTRIB_ID" = "Ubuntu" ]; then
        release=$DISTRIB_CODENAME
    fi
fi

bindhome=

# Code taken from debootstrap
if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
    arch=`/usr/bin/dpkg --print-architecture`
elif which udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
    arch=`/usr/bin/udpkg --print-architecture`
else
    arch=$(uname -m)
    if [ "$arch" = "i686" ]; then
        arch="i386"
    elif [ "$arch" = "x86_64" ]; then
        arch="amd64"
    elif [ "$arch" = "armv7l" ]; then
        arch="armhf"
    fi
fi

debug=0
trim_container=0
hostarch=$arch
flushcache=0
while true
do
    case "$1" in
    -h|--help)      usage $0 && exit 0;;
    --rootfs)       rootfs=$2; shift 2;;
    -p|--path)      path=$2; shift 2;;
    -n|--name)      name=$2; shift 2;;
    -F|--flush-cache) flushcache=1; shift 1;;
    -r|--release)   release=$2; shift 2;;
    -b|--bindhome)  bindhome=$2; shift 2;;
    -a|--arch)      arch=$2; shift 2;;
    -x|--trim)      trim_container=1; shift 1;;
    -S|--auth-key)  auth_key=$2; shift 2;;
    -d|--debug)     debug=1; shift 1;;
    --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ $debug -eq 1 ]; then
    set -x
fi

if [ -n "$bindhome" ]; then
    pwd=`getent passwd $bindhome`
    if [ $? -ne 0 ]; then
        echo "Error: no password entry found for $bindhome"
        exit 1
    fi
fi


if [ "$arch" == "i686" ]; then
    arch=i386
fi

if [ $hostarch = "i386" -a $arch = "amd64" ]; then
    echo "can't create $arch container on $hostarch"
    exit 1
fi

if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
   [ $arch != "armhf" -a $arch != "armel" ]; then
    echo "can't create $arch container on $hostarch"
    exit 1
fi

if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then
    echo "can't create $arch container on $hostarch"
    exit 1
fi

which debootstrap >/dev/null 2>&1 || { echo "'debootstrap' command is missing" >&2; false; }

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

# detect rootfs
config="$path/config"
# if $rootfs exists here, it was passed in with --rootfs
if [ -z "$rootfs" ]; then
    if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
        rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
    else
        rootfs=$path/rootfs
    fi
fi

install_ubuntu $rootfs $release $flushcache
if [ $? -ne 0 ]; then
    echo "failed to install ubuntu $release"
    exit 1
fi

configure_ubuntu $rootfs $name $release
if [ $? -ne 0 ]; then
    echo "failed to configure ubuntu $release for a container"
    exit 1
fi

copy_configuration $path $rootfs $name $arch $release
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

post_process $rootfs $release $trim_container

if [ -n "$bindhome" ]; then
    do_bindhome $rootfs $bindhome
    finalize_user $bindhome
else
    finalize_user ubuntu
fi

echo ""
echo "##"
if [ -n "$bindhome" ]; then
    echo "# Log in as user $bindhome"
else
    echo "# The default user is 'ubuntu' with password 'ubuntu'!"
    echo "# Use the 'sudo' command to run tasks as root in the container."
fi
echo "##"
echo ""