Bug#806184: freedombox-setup: Remove LXC

2015-11-28 Thread James Valleroy 
I've committed this patch.



signature.asc
Description: OpenPGP digital signature

Bug#806184: freedombox-setup: Remove LXC

2015-11-24 Thread Sunil Mohan Adapa 
Package: freedombox-setup
Version: 0.6
Severity: normal
Tags: patch

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

This patch proposes to remove LXC from freedombox-setup.  The following is the
rationale:

- - LXC has not been used in FreedomBox at all.

- - Maintaining security updates inside all the LXC containers will be
  hard.  At least current implementation seems to indicated that we will
  be creating a container with full Debian root install for each
  application.

- - We have instead decided to provide similar security using systemd's
  unit files and apparmor profiles.  These changes will go into Debian
  and will be maintained by Debian maintainers.

- - During the last hackathon we have agreed to remove LXC infavor of
  working on systemd/apparmor.



- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJWVUAfAAoJEDbDYUQMm8lxDTYQAJZqr1xc5BCI+z4nma0VP6dv
uV79y4ua1/qTBSHHkOujE+JIMhTvgzoX0R313mP048+hr4fAUt0yrcNYp+QmahhO
3CHoUc1uuQTENQuURYQr4bZ93g5xNaVoGhSbLjkfB2fsBCqno88YG3cSH4XhPA4Q
UGQ1/dPgQ16B7HuSbazm53Mq3Bhxf5OUS8eivzfah8H36sYrxVb7Lsd+B8rm2R2k
IRUjoNShE86MsPAb1E9e60tq8k44RU+n2oMpf5SeaFhy93Vzhqv+hq5xheJAE6k/
KBUkGw1ebh80IJZH0oJX3TcE+OZKsy32s4tNsnRe18V+mh8JbMwW2AjljyezmMla
J7SV+54ilvaSGOmr0Ln+Mg8A1oxhsmROPRiqmZstiOrCS9H4sMj/2IodDZwL29VH
I5fcd4fVFl8Mom+jxKuU5AFaKaGFCArqr0d9+bzNqYI2BGoIMEpxK6ltX08IB9f5
GfuXzMaHCVKgHjC/XOP+o4OLldzSjlaPLRJFrdRMt01WqPRnncYPoL0BRmGS7IKC
w7F8O2wD3GXNObYi9bMdWX+VJyOWNUV01KGCWmRc6OO9crMebb59QYLxBHQyMPy3
OM6ZcXt4DaqHzWlPd/7oKm6fF6XfdQ3i+zqVUVqxuu8B2+UG41QTzFSmBQNxPwSY
MLUUAg5fjAUZz5KT9wWh
=Yn8Y
-END PGP SIGNATURE-
>From bb4b4c5f25044c39d58223377eaac4ddf3091371 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa 
Date: Wed, 25 Nov 2015 10:14:57 +0530
Subject: [PATCH] Remove LXC

- LXC has not been used in FreedomBox at all.

- Maintaining security updates inside all the LXC containers will be
  hard.  At least current implementation seems to indicated that we will
  be creating a container with full Debian root install for each
  application.

- We have instead decided to provide similar security using systemd's
  unit files and apparmor profiles.  These changes will go into Debian
  and will be maintained by Debian maintainers.

- During the last hackathon we have agreed to remove LXC infavor of
  working on systemd/apparmor.
---
 data/usr/share/lxc/templates/lxc-debian-freedombox | 370 -
 debian/copyright   |  24 --
 debian/freedombox-setup.freedombox-first-run.init  |   2 +-
 debian/freedombox-setup.install|   1 -
 setup.d/20_lxc |  25 --
 5 files changed, 1 insertion(+), 421 deletions(-)
 delete mode 100755 data/usr/share/lxc/templates/lxc-debian-freedombox
 delete mode 100755 setup.d/20_lxc

diff --git a/data/usr/share/lxc/templates/lxc-debian-freedombox b/data/usr/share/lxc/templates/lxc-debian-freedombox
deleted file mode 100755
index 753bc78..000
--- a/data/usr/share/lxc/templates/lxc-debian-freedombox
+++ /dev/null
@@ -1,370 +0,0 @@
-#!/bin/bash
-
-#
-# lxc: linux Container library
-
-# Authors:
-# Daniel Lezcano 
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-# ==
-# This is a slightly modified version by Rob van der Hoeven
-# I use it for my FreedomBox project: http://freedomboxblog.nl
-# ==
-
-SUITE=${SUITE:-squeeze}
-MIRROR=${MIRROR:-http://http.debian.net/debian}
-
-configure_debian()
-{
-rootfs=$1
-hostname=$2
-
-# squeeze only has /dev/tty and /dev/tty0 by default,
-# therefore creating missing device nodes for tty1-4.
-for tty in $(seq 1 4); do
-if [ ! -e $rootfs/dev/tty$tty ]; then
-mknod $rootfs/dev/tty$tty c 4 $tty
-fi
-done
-
-# configure the inittab
-cat < $rootfs/etc/inittab