The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2190
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Closes #2184. Signed-off-by: Christian Brauner <[email protected]>
From 742644479cae86762ae95f00afd55fd0a2778069 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Mon, 26 Feb 2018 12:48:08 +0100 Subject: [PATCH 1/2] lxc-oci: remove executable bit Signed-off-by: Christian Brauner <[email protected]> --- templates/lxc-oci.in | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 templates/lxc-oci.in diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in old mode 100755 new mode 100644 From 454b7c11dd64d969bbdc2e70e6cca89eeb3182b4 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Mon, 26 Feb 2018 12:49:10 +0100 Subject: [PATCH 2/2] templates: add lxc-local template Closes #2184. Signed-off-by: Christian Brauner <[email protected]> --- configure.ac | 1 + templates/Makefile.am | 1 + templates/lxc-local.in | 242 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 244 insertions(+) create mode 100644 templates/lxc-local.in diff --git a/configure.ac b/configure.ac index 224e1f15e..a4b1c93dd 100644 --- a/configure.ac +++ b/configure.ac @@ -877,6 +877,7 @@ AC_CONFIG_FILES([ templates/lxc-fedora templates/lxc-fedora-legacy templates/lxc-gentoo + templates/lxc-local templates/lxc-oci templates/lxc-openmandriva templates/lxc-opensuse diff --git a/templates/Makefile.am b/templates/Makefile.am index c4a5b9555..63abdf6fb 100644 --- a/templates/Makefile.am +++ b/templates/Makefile.am @@ -12,6 +12,7 @@ templates_SCRIPTS = \ lxc-fedora \ lxc-fedora-legacy \ lxc-gentoo \ + lxc-local \ lxc-oci \ lxc-openmandriva \ lxc-opensuse \ diff --git a/templates/lxc-local.in b/templates/lxc-local.in new file mode 100644 index 000000000..98d38b3c0 --- /dev/null +++ b/templates/lxc-local.in @@ -0,0 +1,242 @@ +#!/bin/sh + +# Client script for LXC container images. +# +# Copyright © 2018 Stéphane Graber <[email protected]> +# Copyright © 2018 Christian Brauner <[email protected]> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 +# USA + +set -eu + +LXC_HOOK_DIR="@LXCHOOKDIR@" +LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" + +LXC_NAME= +LXC_PATH= +LXC_ROOTFS= +LXC_CONFIG= + +# Detect use under userns (unsupported) +for arg in "$@"; do + [ "$arg" = "--" ] && break + if [ "$arg" = "--mapped-uid" ] || [ "$arg" = "--mapped-gid" ]; then + echo "This template can't be used for unprivileged containers." 1>&2 + echo "You may want to try the \"download\" template instead." 1>&2 + exit 1 + fi +done + +# Make sure the usual locations are in PATH +export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin + +in_userns() { + [ -e /proc/self/uid_map ] || { echo no; return; } + + while read -r line; do + fields="$(echo "$line" | awk '{ print $1 " " $2 " " $3 }')" + if [ "${fields}" = "0 0 4294967295" ]; then + echo no; + return; + fi + + if echo "${fields}" | grep -q " 0 1$"; then + echo userns-root; + return; + fi + done < /proc/self/uid_map + + [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; } + echo yes +} + +usage() { + cat <<EOF +LXC container image downloader + +Special arguments: +[ -h | --help ]: Print this help message and exit. +[ -l | --list ]: List all available images and exit. +[ -c | --config ]: List all available images and exit. +[ -f | --fstree ]: List all available images and exit. + +LXC internal arguments (do not pass manually!): +[ --name <name> ]: The container name +[ --path <path> ]: The path to the container +[ --rootfs <rootfs> ]: The path to the container's rootfs + +EOF + return 0 +} + +if ! options=$(getopt -o hc:f: -l help,config:,fstree:,name:,path:,rootfs:,mapped-uid:,mapped-gid: -- "$@"); then + usage + exit 1 +fi +eval set -- "$options" + +while :; do + case "$1" in + -h|--help) usage && exit 1;; + --name) LXC_NAME="$2"; shift 2;; + --path) LXC_PATH="$2"; shift 2;; + --rootfs) LXC_ROOTFS="$2"; shift 2;; + -c|--config) LXC_CONFIG="$2"; shift 2;; + -f|--fstree) LXC_FSTREE="$2"; shift 2;; + *) break;; + esac +done + +# Check for required binaries +for bin in tar xz; do + if ! command -V "${bin}" >/dev/null 2>&1; then + echo "ERROR: Missing required tool: ${bin}" 1>&2 + exit 1 + fi +done + +cleanup() { + if [ -d "${LOCAL_TEMP}" ]; then + rm -Rf "${LOCAL_TEMP}" + fi +} + +# Trap all exit signals +trap cleanup EXIT HUP INT TERM + +# Unpack the rootfs +echo "Unpacking the rootfs" + +# Create temporary directory to +if ! command -V mktemp >/dev/null 2>&1; then + LOCAL_TEMP=/tmp/lxc-local.$$ + mkdir -p "${LOCAL_TEMP}" +else + LOCAL_TEMP=$(mktemp -d) +fi + +# Unpack file that contains meta.tar.xz +if ! tar Jxf "${LXC_CONFIG}" -C "${LOCAL_TEMP}"; then + echo "ERROR: Invalid metadata file" 2>&1 + exit 1 +fi + +EXCLUDES="" +excludelist="${LOCAL_TEMP}/excludes" +if [ -f "${excludelist}" ]; then + while read -r line; do + EXCLUDES="${EXCLUDES} --exclude=${line}" + done < "${excludelist}" +fi + +# Do not surround ${EXCLUDES} by quotes. This does not work. The solution could +# use array but this is not POSIX compliant. The only POSIX compliant solution +# is to use a function wrapper, but the latter can't be used here as the args +# are dynamic. We thus need to ignore the warning brought by shellcheck. +# shellcheck disable=SC2086 +tar --anchored ${EXCLUDES} --numeric-owner -xpJf "${LXC_FSTREE}" -C "${LXC_ROOTFS}" + +mkdir -p "${LXC_ROOTFS}/dev/pts/" + +# Setup the configuration +configfile="${LOCAL_TEMP}/config" +if [ ! -e "${configfile}" ]; then + echo "ERROR: meta tarball is missing the configuration file" 1>&2 + exit 1 +fi + +## Extract all the network config entries +sed -i -e "/lxc.net.0/{w ${LXC_PATH}/config-network" -e "d}" "${LXC_PATH}/config" + +## Extract any other config entry +sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" "${LXC_PATH}/config" + +## Append the defaults +{ + echo "" + echo "# Distribution configuration" + cat "$configfile" +} >> "${LXC_PATH}/config" + +## Add the container-specific config +{ + echo "" + echo "# Container specific configuration" + if [ -e "${LXC_PATH}/config-auto" ]; then + cat "${LXC_PATH}/config-auto" + rm "${LXC_PATH}/config-auto" + fi +} >> "${LXC_PATH}/config" + +fstab="${LOCAL_TEMP}/fstab" +if [ -e "${fstab}" ]; then + echo "lxc.mount.fstab = ${LXC_PATH}/fstab" >> "${LXC_PATH}/config" +fi +echo "lxc.uts.name = ${LXC_NAME}" >> "${LXC_PATH}/config" + +## Re-add the previously removed network config +if [ -e "${LXC_PATH}/config-network" ]; then + { + echo "" + echo "# Network configuration" + cat "${LXC_PATH}/config-network" + rm "${LXC_PATH}/config-network" + } >> "${LXC_PATH}/config" +fi + +TEMPLATE_FILES="${LXC_PATH}/config" + +# Setup the fstab +if [ -e "${fstab}" ]; then + cp "${fstab}" "${LXC_PATH}/fstab" + TEMPLATE_FILES="${TEMPLATE_FILES};${LXC_PATH}/fstab" +fi + +# Look for extra templates +if [ -e "${LOCAL_TEMP}/templates" ]; then + while read -r line; do + fullpath="${LXC_ROOTFS}/${line}" + [ ! -e "${fullpath}" ] && continue + TEMPLATE_FILES="${TEMPLATE_FILES};${fullpath}" + done < "${LOCAL_TEMP}/templates" +fi + +# Replace variables in all templates +OLD_IFS=${IFS} +IFS=";" +for file in ${TEMPLATE_FILES}; do + [ ! -f "${file}" ] && continue + + sed -i "s#LXC_NAME#${LXC_NAME}#g" "${file}" + sed -i "s#LXC_PATH#${LXC_PATH}#g" "${file}" + sed -i "s#LXC_ROOTFS#${LXC_ROOTFS}#g" "${file}" + sed -i "s#LXC_TEMPLATE_CONFIG#${LXC_TEMPLATE_CONFIG}#g" "${file}" + sed -i "s#LXC_HOOK_DIR#${LXC_HOOK_DIR}#g" "${file}" +done +IFS=${OLD_IFS} + +# prevent mingetty from calling vhangup(2) since it fails with userns on CentOS / Oracle +if [ -f "${LXC_ROOTFS}/etc/init/tty.conf" ]; then + sed -i 's|mingetty|mingetty --nohangup|' "${LXC_ROOTFS}/etc/init/tty.conf" +fi + +if [ -e "${LOCAL_TEMP}/create-message" ]; then + echo "" + echo "---" + cat "${LOCAL_TEMP}/create-message" +fi + +exit 0
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
