Package: release.debian.org Severity: normal User: [email protected] Usertags: pu
The "debian" template provided by Wheezy's lxc has been broken from the start due to live-debconfig never making it to wheezy (and inaction from the maintainer). For details: http://bugs.debian.org/680469 I would like to get a usable debian template and after some investigation, I concluded that the easiest solution was to use the upstream provided script. That said I opted to use the latest upstream version of said script because it has been fixed to install the current stable release of Debian instead of using squeeze... Please find the debdiff attached. I did some basic tests to ensure that it works and asked others people on the bug report to do the same and got back a successful report already. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/
diff -Nru lxc-0.8.0~rc1/debian/changelog lxc-0.8.0~rc1/debian/changelog --- lxc-0.8.0~rc1/debian/changelog 2012-08-22 22:44:12.000000000 +0200 +++ lxc-0.8.0~rc1/debian/changelog 2013-12-16 12:13:58.000000000 +0100 @@ -1,3 +1,11 @@ +lxc (0.8.0~rc1-8+deb7u2) wheezy; urgency=medium + + * Non-maintainer upload. + * Use latest upstream provided lxc-debian that actually works. Closes: #680469 + * Add rsync to Recommends since lxc-debian uses it. + + -- Raphaël Hertzog <[email protected]> Mon, 16 Dec 2013 08:51:43 +0100 + lxc (0.8.0~rc1-8+deb7u1) wheezy; urgency=low * Non-maintainer upload. diff -Nru lxc-0.8.0~rc1/debian/control lxc-0.8.0~rc1/debian/control --- lxc-0.8.0~rc1/debian/control 2012-06-30 00:34:08.000000000 +0200 +++ lxc-0.8.0~rc1/debian/control 2013-12-16 12:13:28.000000000 +0100 @@ -13,7 +13,7 @@ Architecture: linux-any Pre-Depends: ${multiarch:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} -Recommends: debootstrap | cdebootstrap, libcap2-bin +Recommends: debootstrap | cdebootstrap, rsync, libcap2-bin Conflicts: cgroup-bin Suggests: lxctl Description: Linux Containers userspace tools diff -Nru lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch --- lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch 1970-01-01 01:00:00.000000000 +0100 +++ lxc-0.8.0~rc1/debian/patches/13-update-lxc-debian.patch 2013-12-16 12:07:48.000000000 +0100 @@ -0,0 +1,423 @@ +Description: Update lxc-debian template script + Use a newer upstream version of that script that correctly installs the + current stable release. +Origin: upstream, https://github.com/lxc/lxc/raw/master/templates/lxc-debian.in +Applied-Upstream: 1.0.0 +--- a/templates/lxc-debian.in ++++ b/templates/lxc-debian.in +@@ -13,14 +13,13 @@ + + # This library is distributed in the hope that it will be useful, + # but WITHOUT ANY WARRANTY; without even the implied warranty of +- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + # Lesser General Public License for more details. + + # You should have received a copy of the GNU Lesser General Public + # License along with this library; if not, write to the Free Software +-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +-SUITE=${SUITE:-squeeze} + MIRROR=${MIRROR:-http://cdn.debian.net/debian} + + configure_debian() +@@ -31,9 +30,9 @@ configure_debian() + # squeeze only has /dev/tty and /dev/tty0 by default, + # therefore creating missing device nodes for tty1-4. + for tty in $(seq 1 4); do +- if [ ! -e $rootfs/dev/tty$tty ]; then +- mknod $rootfs/dev/tty$tty c 4 $tty +- fi ++ if [ ! -e $rootfs/dev/tty$tty ]; then ++ mknod $rootfs/dev/tty$tty c 4 $tty ++ fi + done + + # configure the inittab +@@ -54,6 +53,8 @@ c1:12345:respawn:/sbin/getty 38400 tty1 + c2:12345:respawn:/sbin/getty 38400 tty2 linux + c3:12345:respawn:/sbin/getty 38400 tty3 linux + c4:12345:respawn:/sbin/getty 38400 tty4 linux ++p6::ctrlaltdel:/sbin/init 6 ++p0::powerfail:/sbin/init 0 + EOF + + # disable selinux in debian +@@ -76,11 +77,14 @@ EOF + + # reconfigure some services + if [ -z "$LANG" ]; then +- chroot $rootfs locale-gen en_US.UTF-8 UTF-8 +- chroot $rootfs update-locale LANG=en_US.UTF-8 ++ chroot $rootfs locale-gen en_US.UTF-8 UTF-8 ++ chroot $rootfs update-locale LANG=en_US.UTF-8 + else +- chroot $rootfs locale-gen $LANG $(echo $LANG | cut -d. -f2) +- chroot $rootfs update-locale LANG=$LANG ++ encoding=$(echo $LANG | cut -d. -f2) ++ chroot $rootfs sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \ ++ -i /etc/locale.gen 2>/dev/null ++ chroot $rootfs locale-gen $LANG $encoding ++ chroot $rootfs update-locale LANG=$LANG + fi + + # remove pointless services in a container +@@ -89,12 +93,30 @@ EOF + chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove + chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove + ++ # set initial timezone as on host ++ if [ -f /etc/timezone ]; then ++ cat /etc/timezone > $rootfs/etc/timezone ++ chroot $rootfs dpkg-reconfigure -f noninteractive tzdata ++ elif [ -f /etc/sysconfig/clock ]; then ++ source /etc/sysconfig/clock ++ echo $ZONE > $rootfs/etc/timezone ++ chroot $rootfs dpkg-reconfigure -f noninteractive tzdata ++ else ++ echo "Timezone in container is not configured. Adjust it manually." ++ fi ++ + echo "root:root" | chroot $rootfs chpasswd + echo "Root password is 'root', please change !" + + return 0 + } + ++cleanup() ++{ ++ rm -rf $cache/partial-$release-$arch ++ rm -rf $cache/rootfs-$release-$arch ++} ++ + download_debian() + { + packages=\ +@@ -102,7 +124,7 @@ ifupdown,\ + locales,\ + libui-dialog-perl,\ + dialog,\ +-dhcp3-client,\ ++isc-dhcp-client,\ + netbase,\ + net-tools,\ + iproute,\ +@@ -110,26 +132,32 @@ openssh-server + + cache=$1 + arch=$2 ++ release=$3 + ++ trap cleanup EXIT SIGHUP SIGINT SIGTERM + # check the mini debian was not already downloaded +- mkdir -p "$cache/partial-$SUITE-$arch" ++ mkdir -p "$cache/partial-$release-$arch" + if [ $? -ne 0 ]; then +- echo "Failed to create '$cache/partial-$SUITE-$arch' directory" +- return 1 ++ echo "Failed to create '$cache/partial-$release-$arch' directory" ++ return 1 + fi + + # download a mini debian into a cache + echo "Downloading debian minimal ..." + debootstrap --verbose --variant=minbase --arch=$arch \ +- --include=$packages \ +- "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR ++ --include=$packages \ ++ "$release" "$cache/partial-$release-$arch" $MIRROR + if [ $? -ne 0 ]; then +- echo "Failed to download the rootfs, aborting." +- return 1 ++ echo "Failed to download the rootfs, aborting." ++ return 1 + fi + +- mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch" ++ mv "$1/partial-$release-$arch" "$1/rootfs-$release-$arch" + echo "Download complete." ++ trap EXIT ++ trap SIGINT ++ trap SIGTERM ++ trap SIGHUP + + return 0 + } +@@ -139,11 +167,12 @@ copy_debian() + cache=$1 + arch=$2 + rootfs=$3 ++ release=$4 + + # make a local copy of the minidebian + echo -n "Copying rootfs to $rootfs..." + mkdir -p $rootfs +- rsync -a "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1 ++ rsync -Ha "$cache/rootfs-$release-$arch"/ $rootfs/ || return 1 + return 0 + } + +@@ -151,34 +180,34 @@ install_debian() + { + cache="@LOCALSTATEDIR@/cache/lxc/debian" + rootfs=$1 ++ release=$2 ++ arch=$3 + mkdir -p @LOCALSTATEDIR@/lock/subsys/ + ( +- flock -n -x 200 +- if [ $? -ne 0 ]; then +- echo "Cache repository is busy." +- return 1 +- fi +- +- arch=$(dpkg --print-architecture) +- +- echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... " +- if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then +- download_debian $cache $arch +- if [ $? -ne 0 ]; then +- echo "Failed to download 'debian base'" +- return 1 +- fi +- fi +- +- copy_debian $cache $arch $rootfs +- if [ $? -ne 0 ]; then +- echo "Failed to copy rootfs" +- return 1 +- fi ++ flock -x 200 ++ if [ $? -ne 0 ]; then ++ echo "Cache repository is busy." ++ return 1 ++ fi ++ ++ echo "Checking cache download in $cache/rootfs-$release-$arch ... " ++ if [ ! -e "$cache/rootfs-$release-$arch" ]; then ++ download_debian $cache $arch $release ++ if [ $? -ne 0 ]; then ++ echo "Failed to download 'debian base'" ++ return 1 ++ fi ++ fi ++ ++ copy_debian $cache $arch $rootfs $release ++ if [ $? -ne 0 ]; then ++ echo "Failed to copy rootfs" ++ return 1 ++ fi + +- return 0 ++ return 0 + +- ) 200>@LOCALSTATEDIR@/lock/subsys/lxc ++ ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian + + return $? + } +@@ -188,12 +217,26 @@ copy_configuration() + path=$1 + rootfs=$2 + hostname=$3 ++ arch=$4 ++ ++ # if there is exactly one veth network entry, make sure it has an ++ # associated hwaddr. ++ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` ++ if [ $nics -eq 1 ]; then ++ grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config ++ fi + ++ grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config + cat <<EOF >> $path/config + lxc.tty = 4 + lxc.pts = 1024 +-lxc.rootfs = $rootfs ++lxc.arch = $arch + lxc.utsname = $hostname ++lxc.cap.drop = sys_module mac_admin mac_override sys_time ++ ++# When using LXC with apparmor, uncomment the next line to run unconfined: ++#lxc.aa_profile = unconfined ++ + lxc.cgroup.devices.deny = a + # /dev/null and zero + lxc.cgroup.devices.allow = c 1:3 rwm +@@ -209,16 +252,16 @@ lxc.cgroup.devices.allow = c 1:8 rwm + lxc.cgroup.devices.allow = c 136:* rwm + lxc.cgroup.devices.allow = c 5:2 rwm + # rtc +-lxc.cgroup.devices.allow = c 254:0 rwm ++lxc.cgroup.devices.allow = c 254:0 rm + + # mounts point +-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0 +-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0 ++lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 ++lxc.mount.entry = sysfs sys sysfs defaults 0 0 + EOF + + if [ $? -ne 0 ]; then +- echo "Failed to add configuration" +- return 1 ++ echo "Failed to add configuration" ++ return 1 + fi + + return 0 +@@ -229,46 +272,65 @@ clean() + cache="@LOCALSTATEDIR@/cache/lxc/debian" + + if [ ! -e $cache ]; then +- exit 0 ++ exit 0 + fi + + # lock, so we won't purge while someone is creating a repository + ( +- flock -n -x 200 +- if [ $? != 0 ]; then +- echo "Cache repository is busy." +- exit 1 +- fi +- +- echo -n "Purging the download cache..." +- rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 +- exit 0 ++ flock -x 200 ++ if [ $? != 0 ]; then ++ echo "Cache repository is busy." ++ exit 1 ++ fi ++ ++ echo -n "Purging the download cache..." ++ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 ++ exit 0 + +- ) 200>@LOCALSTATEDIR@/lock/subsys/lxc ++ ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian + } + + usage() + { + cat <<EOF +-$1 -h|--help -p|--path=<path> --clean ++$1 -h|--help -p|--path=<path> [-a|--arch] [-r|--release=<release>] [-c|--clean] ++release: the debian release (e.g. wheezy): defaults to current stable ++arch: the container architecture (e.g. amd64): defaults to host arch + EOF + return 0 + } + +-options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@") ++options=$(getopt -o hp:n:a:r:c -l help,rootfs:,path:,name:,arch:,release:,clean -- "$@") + if [ $? -ne 0 ]; then + usage $(basename $0) +- exit 1 ++ exit 1 + fi + eval set -- "$options" + ++if which dpkg >/dev/null 2>&1 ; then ++ arch=$(dpkg --print-architecture) ++else ++ arch=$(uname -m) ++ if [ "$arch" = "i686" ]; then ++ arch="i386" ++ elif [ "$arch" = "x86_64" ]; then ++ arch="amd64" ++ elif [ "$arch" = "armv7l" ]; then ++ arch="armhf" ++ fi ++fi ++hostarch=$arch ++ + while true + do + case "$1" in +- -h|--help) usage $0 && exit 0;; ++ -h|--help) usage $0 && exit 1;; + -p|--path) path=$2; shift 2;; +- -n|--name) name=$2; shift 2;; +- -c|--clean) clean=$2; shift 2;; ++ --rootfs) rootfs=$2; shift 2;; ++ -a|--arch) arch=$2; shift 2;; ++ -r|--release) release=$2; shift 2;; ++ -n|--name) name=$2; shift 2;; ++ -c|--clean) clean=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +@@ -279,6 +341,30 @@ if [ ! -z "$clean" -a -z "$path" ]; then + exit 0 + fi + ++if [ "$arch" == "i686" ]; then ++ arch=i386 ++fi ++ ++if [ "$arch" == "x86_64" ]; then ++ arch=amd64 ++fi ++ ++if [ $hostarch = "i386" -a $arch = "amd64" ]; then ++ echo "can't create $arch container on $hostarch" ++ exit 1 ++fi ++ ++if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \ ++ [ $arch != "armhf" -a $arch != "armel" ]; then ++ echo "can't create $arch container on $hostarch" ++ exit 1 ++fi ++ ++if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then ++ echo "can't create $arch container on $hostarch" ++ exit 1 ++fi ++ + type debootstrap + if [ $? -ne 0 ]; then + echo "'debootstrap' command is missing" +@@ -295,9 +381,28 @@ if [ "$(id -u)" != "0" ]; then + exit 1 + fi + +-rootfs=$path/rootfs ++current_release=`wget ${MIRROR}/dists/stable/Release -O - 2>/dev/null |\ ++head |awk '/^Codename: (.*)$/ { print $2; }'` ++release=${release:-${current_release}} ++valid_releases=('squeeze' 'wheezy' 'jessie' 'sid') ++if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]] ++then ++ echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}" ++ exit 1 ++fi ++ ++# detect rootfs ++config="$path/config" ++if [ -z "$rootfs" ]; then ++ if grep -q '^lxc.rootfs' $config 2>/dev/null ; then ++ rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config) ++ else ++ rootfs=$path/rootfs ++ fi ++fi ++ + +-install_debian $rootfs ++install_debian $rootfs $release $arch + if [ $? -ne 0 ]; then + echo "failed to install debian" + exit 1 +@@ -309,7 +414,7 @@ if [ $? -ne 0 ]; then + exit 1 + fi + +-copy_configuration $path $rootfs $name ++copy_configuration $path $rootfs $name $arch + if [ $? -ne 0 ]; then + echo "failed write configuration file" + exit 1 diff -Nru lxc-0.8.0~rc1/debian/patches/series lxc-0.8.0~rc1/debian/patches/series --- lxc-0.8.0~rc1/debian/patches/series 2012-06-29 23:14:41.000000000 +0200 +++ lxc-0.8.0~rc1/debian/patches/series 2013-12-16 12:01:29.000000000 +0100 @@ -10,3 +10,4 @@ 10-lxc-clone-trap-name.patch 11-lxc-console-escape.patch 12-lxc-create-rootfs.patch +13-update-lxc-debian.patch diff -Nru lxc-0.8.0~rc1/debian/rules lxc-0.8.0~rc1/debian/rules --- lxc-0.8.0~rc1/debian/rules 2012-06-30 00:34:05.000000000 +0200 +++ lxc-0.8.0~rc1/debian/rules 2013-12-16 11:56:29.000000000 +0100 @@ -36,9 +36,9 @@ cp -r debian/local/lxc-debconf* debian/lxc/usr/share/lxc/templates # replacing upstreams debian template - rm -f debian/tmp/usr/share/lxc/templates/lxc-debian - ln -s lxc-debconf debian/tmp/usr/share/lxc/templates/lxc-debian - ln -s lxc-debconf.d debian/tmp/usr/share/lxc/templates/lxc-debian.d + #rm -f debian/tmp/usr/share/lxc/templates/lxc-debian + #ln -s lxc-debconf debian/tmp/usr/share/lxc/templates/lxc-debian + #ln -s lxc-debconf.d debian/tmp/usr/share/lxc/templates/lxc-debian.d # adding progress template symlink ln -s lxc-debconf debian/tmp/usr/share/lxc/templates/lxc-progress
