Merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108 into lp:ubuntu/quantal/lxc

Proposed by Ubuntu Package Importer
Status: Rejected
Rejected by: James Westby
Proposed branch: lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108
Merge into: lp:ubuntu/quantal/lxc
Diff against target: 1910 lines (+1869/-0) (has conflicts)
6 files modified
.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in (+716/-0)
.pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in (+377/-0)
.pc/0085-pivot-dir/templates/lxc-ubuntu.in (+688/-0)
debian/lxc.dnsmasq (+2/-0)
debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch (+53/-0)
debian/patches/0085-pivot-dir (+33/-0)
Conflict adding file .pc/0084-lxc-ubuntu-drop-duplicate-code.patch.  Moved existing file to .pc/0084-lxc-ubuntu-drop-duplicate-code.patch.moved.
Conflict adding file .pc/0085-pivot-dir.  Moved existing file to .pc/0085-pivot-dir.moved.
Conflict adding file debian/lxc.dnsmasq.  Moved existing file to debian/lxc.dnsmasq.moved.
Conflict adding file debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch.  Moved existing file to debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch.moved.
Conflict adding file debian/patches/0085-pivot-dir.  Moved existing file to debian/patches/0085-pivot-dir.moved.
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+107881@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/quantal/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

112. By Stéphane Graber

releasing version 0.8.0~rc1-4ubuntu10

111. By Stéphane Graber

Add bug number

110. By Stéphane Graber

Don't force remove the apparmor rules in postrm

109. By Stéphane Graber

We actually want to get rid of the dnsmasq configuration on removal, not only on purge

108. By Stéphane Graber

Silence postinst

107. By Stéphane Graber

Fix wrong option name

106. By Stéphane Graber

Ship a dnsmasq.d hook in the package to workaround dnsmasq related bugs

105. By Serge Hallyn

0085-pivot-dir: use a directory other than /mnt to put the pivot_root
old dir into (LP: #986385)

104. By Serge Hallyn

  add bug # in changelog

103. By Serge Hallyn

0084-lxc-ubuntu-drop-duplicate-code.patch: drop some duplicate code from
the ubuntu template.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch'
2=== renamed directory '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch' => '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch.moved'
3=== added file '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/.timestamp'
4=== added directory '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates'
5=== added file '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in'
6--- .pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000
7+++ .pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in 2012-05-29 21:13:22 +0000
8@@ -0,0 +1,716 @@
9+#!/bin/bash
10+
11+#
12+# template script for generating ubuntu container for LXC
13+#
14+# This script consolidates and extends the existing lxc ubuntu scripts
15+#
16+
17+# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
18+# Copyright © 2010 Wilhelm Meier
19+# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
20+#
21+# This program is free software; you can redistribute it and/or modify
22+# it under the terms of the GNU General Public License version 2, as
23+# published by the Free Software Foundation.
24+
25+# This program is distributed in the hope that it will be useful,
26+# but WITHOUT ANY WARRANTY; without even the implied warranty of
27+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28+# GNU General Public License for more details.
29+
30+# You should have received a copy of the GNU General Public License along
31+# with this program; if not, write to the Free Software Foundation, Inc.,
32+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
33+#
34+
35+set -e
36+
37+if [ -r /etc/default/lxc ]; then
38+ . /etc/default/lxc
39+fi
40+
41+configure_ubuntu()
42+{
43+ rootfs=$1
44+ hostname=$2
45+ release=$3
46+
47+ # configure the network using the dhcp
48+ cat <<EOF > $rootfs/etc/network/interfaces
49+# This file describes the network interfaces available on your system
50+# and how to activate them. For more information, see interfaces(5).
51+
52+# The loopback network interface
53+auto lo
54+iface lo inet loopback
55+
56+auto eth0
57+iface eth0 inet dhcp
58+EOF
59+
60+ # set the hostname
61+ cat <<EOF > $rootfs/etc/hostname
62+$hostname
63+EOF
64+ # set minimal hosts
65+ cat <<EOF > $rootfs/etc/hosts
66+127.0.0.1 localhost
67+127.0.1.1 $hostname
68+
69+# The following lines are desirable for IPv6 capable hosts
70+::1 ip6-localhost ip6-loopback
71+fe00::0 ip6-localnet
72+ff00::0 ip6-mcastprefix
73+ff02::1 ip6-allnodes
74+ff02::2 ip6-allrouters
75+EOF
76+
77+ if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
78+ # suppress log level output for udev
79+ sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
80+
81+ # remove jobs for consoles 5 and 6 since we only create 4 consoles in
82+ # this template
83+ rm -f $rootfs/etc/init/tty{5,6}.conf
84+ fi
85+
86+ if [ -z "$bindhome" ]; then
87+ chroot $rootfs useradd --create-home -s /bin/bash ubuntu
88+ echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
89+ fi
90+
91+ return 0
92+}
93+
94+# finish setting up the user in the container by injecting ssh key and
95+# adding sudo group membership.
96+# passed-in user is either 'ubuntu' or the user to bind in from host.
97+finalize_user()
98+{
99+ user=$1
100+
101+ sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
102+
103+ if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
104+ groups="sudo"
105+ else
106+ groups="sudo admin"
107+ fi
108+
109+ for group in $groups; do
110+ chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
111+ chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
112+ done
113+
114+ if [ -n "$auth_key" -a -f "$auth_key" ]; then
115+ u_path="/home/${user}/.ssh"
116+ root_u_path="$rootfs/$u_path"
117+
118+ mkdir -p $root_u_path
119+ cp $auth_key "$root_u_path/authorized_keys"
120+ chroot $rootfs chown -R ${user}: "$u_path"
121+
122+ echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
123+ fi
124+ return 0
125+}
126+
127+write_sourceslist()
128+{
129+ # $1 => path to the rootfs
130+ # $2 => architecture we want to add
131+ # $3 => whether to use the multi-arch syntax or not
132+
133+ case $2 in
134+ amd64|i386)
135+ MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
136+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
137+ ;;
138+ *)
139+ MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
140+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
141+ ;;
142+ esac
143+ if [ -n "$3" ]; then
144+ cat >> "$1/etc/apt/sources.list" << EOF
145+deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
146+deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
147+deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
148+EOF
149+ else
150+ cat >> "$1/etc/apt/sources.list" << EOF
151+deb $MIRROR ${release} main restricted universe multiverse
152+deb $MIRROR ${release}-updates main restricted universe multiverse
153+deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
154+EOF
155+ fi
156+}
157+
158+download_ubuntu()
159+{
160+ cache=$1
161+ arch=$2
162+ release=$3
163+
164+ packages=vim,ssh
165+ echo "installing packages: $packages"
166+
167+ # check the mini ubuntu was not already downloaded
168+ mkdir -p "$cache/partial-$arch"
169+ if [ $? -ne 0 ]; then
170+ echo "Failed to create '$cache/partial-$arch' directory"
171+ return 1
172+ fi
173+
174+ # download a mini ubuntu into a cache
175+ echo "Downloading ubuntu $release minimal ..."
176+ if [ -n "$(which qemu-debootstrap)" ]; then
177+ qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
178+ else
179+ debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
180+ fi
181+
182+ if [ $? -ne 0 ]; then
183+ echo "Failed to download the rootfs, aborting."
184+ return 1
185+ fi
186+
187+ echo "Installing updates"
188+ if [ -z "$MIRROR" ]; then
189+ MIRROR="http://archive.ubuntu.com/ubuntu"
190+ fi
191+ cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
192+deb $MIRROR ${release}-updates main universe
193+deb http://security.ubuntu.com/ubuntu ${release}-security main universe
194+EOF
195+ chroot "$1/partial-${arch}" apt-get update
196+ if [ $? -ne 0 ]; then
197+ echo "Failed to update the apt cache"
198+ return 1
199+ fi
200+ cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
201+#!/bin/sh
202+exit 101
203+EOF
204+ chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
205+
206+ chroot "$1/partial-${arch}" apt-get dist-upgrade -y
207+ ret=$?
208+
209+ rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
210+ if [ $ret -ne 0 ]; then
211+ echo "Failed to upgrade the cache"
212+ return 1
213+ fi
214+
215+ # Serge isn't sure whether we should avoid doing this when
216+ # $release == `distro-info -d`
217+ echo "Installing updates"
218+ > $cache/partial-$arch/etc/apt/sources.list
219+ write_sourceslist $cache/partial-$arch/ $arch
220+
221+ chroot "$1/partial-${arch}" apt-get update
222+ if [ $? -ne 0 ]; then
223+ echo "Failed to update the apt cache"
224+ return 1
225+ fi
226+ cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
227+#!/bin/sh
228+exit 101
229+EOF
230+ chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
231+
232+ lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
233+ ret=$?
234+ rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
235+
236+ if [ $ret -ne 0 ]; then
237+ echo "Failed to upgrade the cache"
238+ return 1
239+ fi
240+
241+ mv "$1/partial-$arch" "$1/rootfs-$arch"
242+ echo "Download complete"
243+ return 0
244+}
245+
246+copy_ubuntu()
247+{
248+ cache=$1
249+ arch=$2
250+ rootfs=$3
251+
252+ # make a local copy of the miniubuntu
253+ echo "Copying rootfs to $rootfs ..."
254+ mkdir -p $rootfs
255+ rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
256+ return 0
257+}
258+
259+install_ubuntu()
260+{
261+ rootfs=$1
262+ release=$2
263+ flushcache=$3
264+ cache="/var/cache/lxc/$release"
265+ mkdir -p /var/lock/subsys/
266+
267+ (
268+ flock -n -x 200
269+ if [ $? -ne 0 ]; then
270+ echo "Cache repository is busy."
271+ return 1
272+ fi
273+
274+
275+ if [ $flushcache -eq 1 ]; then
276+ echo "Flushing cache..."
277+ rm -rf "$cache/partial-$arch"
278+ rm -rf "$cache/rootfs-$arch"
279+ fi
280+
281+ echo "Checking cache download in $cache/rootfs-$arch ... "
282+ if [ ! -e "$cache/rootfs-$arch" ]; then
283+ download_ubuntu $cache $arch $release
284+ if [ $? -ne 0 ]; then
285+ echo "Failed to download 'ubuntu $release base'"
286+ return 1
287+ fi
288+ fi
289+
290+ echo "Copy $cache/rootfs-$arch to $rootfs ... "
291+ copy_ubuntu $cache $arch $rootfs
292+ if [ $? -ne 0 ]; then
293+ echo "Failed to copy rootfs"
294+ return 1
295+ fi
296+
297+ return 0
298+
299+ ) 200>/var/lock/subsys/lxc
300+
301+ return $?
302+}
303+
304+copy_configuration()
305+{
306+ path=$1
307+ rootfs=$2
308+ name=$3
309+ arch=$4
310+ release=$5
311+
312+ if [ $arch = "i386" ]; then
313+ arch="i686"
314+ fi
315+
316+ ttydir=""
317+ if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
318+ ttydir=" lxc"
319+ fi
320+
321+ # if there is exactly one veth network entry, make sure it has an
322+ # associated hwaddr.
323+ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
324+ if [ $nics -eq 1 ]; then
325+ grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
326+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
327+EOF
328+ fi
329+
330+ cat <<EOF >> $path/config
331+lxc.utsname = $name
332+
333+lxc.devttydir =$ttydir
334+lxc.tty = 4
335+lxc.pts = 1024
336+lxc.rootfs = $rootfs
337+lxc.mount = $path/fstab
338+lxc.arch = $arch
339+lxc.cap.drop = sys_module mac_admin mac_override
340+# uncomment the next line to run the container unconfined:
341+#lxc.aa_profile = unconfined
342+
343+lxc.cgroup.devices.deny = a
344+# Allow any mknod (but not using the node)
345+lxc.cgroup.devices.allow = c *:* m
346+lxc.cgroup.devices.allow = b *:* m
347+# /dev/null and zero
348+lxc.cgroup.devices.allow = c 1:3 rwm
349+lxc.cgroup.devices.allow = c 1:5 rwm
350+# consoles
351+lxc.cgroup.devices.allow = c 5:1 rwm
352+lxc.cgroup.devices.allow = c 5:0 rwm
353+#lxc.cgroup.devices.allow = c 4:0 rwm
354+#lxc.cgroup.devices.allow = c 4:1 rwm
355+# /dev/{,u}random
356+lxc.cgroup.devices.allow = c 1:9 rwm
357+lxc.cgroup.devices.allow = c 1:8 rwm
358+lxc.cgroup.devices.allow = c 136:* rwm
359+lxc.cgroup.devices.allow = c 5:2 rwm
360+# rtc
361+lxc.cgroup.devices.allow = c 254:0 rwm
362+#fuse
363+lxc.cgroup.devices.allow = c 10:229 rwm
364+#tun
365+lxc.cgroup.devices.allow = c 10:200 rwm
366+#full
367+lxc.cgroup.devices.allow = c 1:7 rwm
368+#hpet
369+lxc.cgroup.devices.allow = c 10:228 rwm
370+#kvm
371+lxc.cgroup.devices.allow = c 10:232 rwm
372+EOF
373+
374+ cat <<EOF > $path/fstab
375+proc proc proc nodev,noexec,nosuid 0 0
376+sysfs sys sysfs defaults 0 0
377+EOF
378+
379+ if [ $? -ne 0 ]; then
380+ echo "Failed to add configuration"
381+ return 1
382+ fi
383+
384+ return 0
385+}
386+
387+trim()
388+{
389+ rootfs=$1
390+ release=$2
391+
392+ # provide the lxc service
393+ cat <<EOF > $rootfs/etc/init/lxc.conf
394+# fake some events needed for correct startup other services
395+
396+description "Container Upstart"
397+
398+start on startup
399+
400+script
401+ rm -rf /var/run/*.pid
402+ rm -rf /var/run/network/*
403+ /sbin/initctl emit stopped JOB=udevtrigger --no-wait
404+ /sbin/initctl emit started JOB=udev --no-wait
405+end script
406+EOF
407+
408+ # fix buggus runlevel with sshd
409+ cat <<EOF > $rootfs/etc/init/ssh.conf
410+# ssh - OpenBSD Secure Shell server
411+#
412+# The OpenSSH server provides secure shell access to the system.
413+
414+description "OpenSSH server"
415+
416+start on filesystem
417+stop on runlevel [!2345]
418+
419+expect fork
420+respawn
421+respawn limit 10 5
422+umask 022
423+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
424+oom never
425+
426+pre-start script
427+ test -x /usr/sbin/sshd || { stop; exit 0; }
428+ test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
429+ test -c /dev/null || { stop; exit 0; }
430+
431+ mkdir -p -m0755 /var/run/sshd
432+end script
433+
434+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
435+# 'exec' line here instead
436+exec /usr/sbin/sshd
437+EOF
438+
439+ cat <<EOF > $rootfs/etc/init/console.conf
440+# console - getty
441+#
442+# This service maintains a console on tty1 from the point the system is
443+# started until it is shut down again.
444+
445+start on stopped rc RUNLEVEL=[2345]
446+stop on runlevel [!2345]
447+
448+respawn
449+exec /sbin/getty -8 38400 /dev/console
450+EOF
451+
452+ cat <<EOF > $rootfs/lib/init/fstab
453+# /lib/init/fstab: cleared out for bare-bones lxc
454+EOF
455+
456+ # reconfigure some services
457+ if [ -z "$LANG" ]; then
458+ chroot $rootfs locale-gen en_US.UTF-8
459+ chroot $rootfs update-locale LANG=en_US.UTF-8
460+ else
461+ chroot $rootfs locale-gen $LANG
462+ chroot $rootfs update-locale LANG=$LANG
463+ fi
464+
465+ # remove pointless services in a container
466+ chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
467+
468+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
469+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
470+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
471+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
472+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
473+
474+ # if this isn't lucid, then we need to twiddle the network upstart bits :(
475+ if [ $release != "lucid" ]; then
476+ sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
477+ fi
478+}
479+
480+post_process()
481+{
482+ rootfs=$1
483+ release=$2
484+ trim_container=$3
485+
486+ if [ $trim_container -eq 1 ]; then
487+ trim $rootfs $release
488+ elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
489+ # Make sure we have a working resolv.conf
490+ cresolvonf="${rootfs}/etc/resolv.conf"
491+ mv $cresolvonf ${cresolvonf}.lxcbak
492+ cat /etc/resolv.conf > ${cresolvonf}
493+
494+ # for lucid, if not trimming, then add the ubuntu-virt
495+ # ppa and install lxcguest
496+ if [ $release = "lucid" ]; then
497+ chroot $rootfs apt-get install --force-yes -y python-software-properties
498+ chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
499+ fi
500+
501+ chroot $rootfs apt-get update
502+ chroot $rootfs apt-get install --force-yes -y lxcguest
503+
504+ # Restore old resolv.conf
505+ rm -f ${cresolvonf}
506+ mv ${cresolvonf}.lxcbak ${cresolvonf}
507+ fi
508+
509+ # If the container isn't running a native architecture, setup multiarch
510+ if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
511+ mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
512+ echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
513+
514+ # Save existing value of MIRROR and SECURITY_MIRROR
515+ DEFAULT_MIRROR=$MIRROR
516+ DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
517+
518+ # Write a new sources.list containing both native and multiarch entries
519+ > ${rootfs}/etc/apt/sources.list
520+ write_sourceslist $rootfs $arch "native"
521+
522+ MIRROR=$DEFAULT_MIRROR
523+ SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
524+ write_sourceslist $rootfs $hostarch "multiarch"
525+
526+ # Finally update the lists and install upstart using the host architecture
527+ chroot $rootfs apt-get update
528+ chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
529+ fi
530+
531+ # rmdir /dev/shm for containers that have /run/shm
532+ # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
533+ # get bind mounted to the host's /run/shm. So try to rmdir
534+ # it, and in case that fails move it out of the way.
535+ if [ -d $rootfs/run/shm ]; then
536+ [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
537+ [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
538+ ln -s /run/shm $rootfs/dev/shm
539+ fi
540+}
541+
542+do_bindhome()
543+{
544+ rootfs=$1
545+ user=$2
546+
547+ # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
548+ pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
549+ echo $pwd >> $rootfs/etc/passwd
550+
551+ # make sure user's shell exists in the container
552+ shell=`echo $pwd | cut -d: -f 7`
553+ if [ ! -x $rootfs/$shell ]; then
554+ echo "shell $shell for user $user was not found in the container."
555+ pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
556+ echo "Installing $pkg"
557+ chroot $rootfs apt-get --force-yes -y install $pkg
558+ fi
559+
560+ shad=`getent shadow $user`
561+ echo "$shad" >> $rootfs/etc/shadow
562+
563+ # bind-mount the user's path into the container's /home
564+ h=`getent passwd $user | cut -d: -f 6`
565+ mkdir -p $rootfs/$h
566+
567+ # use relative path in container
568+ h2=${h#/}
569+ while [ ${h2:0:1} = "/" ]; do
570+ h2=${h2#/}
571+ done
572+ echo "$h $h2 none bind 0 0" >> $path/fstab
573+
574+ # Make sure the group exists in container
575+ grp=`echo $pwd | cut -d: -f 4` # group number for $user
576+ grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container
577+ chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
578+}
579+
580+usage()
581+{
582+ cat <<EOF
583+$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
584+ [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
585+release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
586+trim: make a minimal (faster, but not upgrade-safe) container
587+bindhome: bind <user>'s home into the container
588+ The ubuntu user will not be created, and <user> will have
589+ sudo access.
590+arch: the container architecture (e.g. amd64): defaults to host arch
591+auth-key: SSH Public key file to inject into container
592+EOF
593+ return 0
594+}
595+
596+options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
597+if [ $? -ne 0 ]; then
598+ usage $(basename $0)
599+ exit 1
600+fi
601+eval set -- "$options"
602+
603+release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
604+if [ -f /etc/lsb-release ]; then
605+ . /etc/lsb-release
606+ if [ "$DISTRIB_ID" = "Ubuntu" ]; then
607+ release=$DISTRIB_CODENAME
608+ fi
609+fi
610+
611+bindhome=
612+arch=$(arch)
613+
614+# Code taken from debootstrap
615+if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
616+ arch=`/usr/bin/dpkg --print-architecture`
617+elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
618+ arch=`/usr/bin/udpkg --print-architecture`
619+else
620+ arch=$(arch)
621+ if [ "$arch" = "i686" ]; then
622+ arch="i386"
623+ elif [ "$arch" = "x86_64" ]; then
624+ arch="amd64"
625+ elif [ "$arch" = "armv7l" ]; then
626+ arch="armel"
627+ fi
628+fi
629+
630+debug=0
631+trim_container=0
632+hostarch=$arch
633+flushcache=0
634+while true
635+do
636+ case "$1" in
637+ -h|--help) usage $0 && exit 0;;
638+ -p|--path) path=$2; shift 2;;
639+ -n|--name) name=$2; shift 2;;
640+ -F|--flush-cache) flushcache=1; shift 1;;
641+ -r|--release) release=$2; shift 2;;
642+ -b|--bindhome) bindhome=$2; shift 2;;
643+ -a|--arch) arch=$2; shift 2;;
644+ -x|--trim) trim_container=1; shift 1;;
645+ -S|--auth-key) auth_key=$2; shift 2;;
646+ -d|--debug) debug=1; shift 1;;
647+ --) shift 1; break ;;
648+ *) break ;;
649+ esac
650+done
651+
652+if [ $debug -eq 1 ]; then
653+ set -x
654+fi
655+
656+if [ -n "$bindhome" ]; then
657+ pwd=`getent passwd $bindhome`
658+ if [ $? -ne 0 ]; then
659+ echo "Error: no password entry found for $bindhome"
660+ exit 1
661+ fi
662+fi
663+
664+
665+if [ "$arch" == "i686" ]; then
666+ arch=i386
667+fi
668+
669+if [ $hostarch = "i386" -a $arch = "amd64" ]; then
670+ echo "can't create amd64 container on i386"
671+ exit 1
672+fi
673+
674+type debootstrap
675+if [ $? -ne 0 ]; then
676+ echo "'debootstrap' command is missing"
677+ exit 1
678+fi
679+
680+if [ -z "$path" ]; then
681+ echo "'path' parameter is required"
682+ exit 1
683+fi
684+
685+if [ "$(id -u)" != "0" ]; then
686+ echo "This script should be run as 'root'"
687+ exit 1
688+fi
689+
690+rootfs=$path/rootfs
691+
692+install_ubuntu $rootfs $release $flushcache
693+if [ $? -ne 0 ]; then
694+ echo "failed to install ubuntu $release"
695+ exit 1
696+fi
697+
698+configure_ubuntu $rootfs $name $release
699+if [ $? -ne 0 ]; then
700+ echo "failed to configure ubuntu $release for a container"
701+ exit 1
702+fi
703+
704+copy_configuration $path $rootfs $name $arch $release
705+if [ $? -ne 0 ]; then
706+ echo "failed write configuration file"
707+ exit 1
708+fi
709+
710+post_process $rootfs $release $trim_container
711+
712+if [ -n "$bindhome" ]; then
713+ do_bindhome $rootfs $bindhome
714+ finalize_user $bindhome
715+else
716+ finalize_user ubuntu
717+fi
718+
719+echo ""
720+echo "##"
721+echo "# The default user is 'ubuntu' with password 'ubuntu'!"
722+echo "# Use the 'sudo' command to run tasks as root in the container."
723+echo "##"
724+echo ""
725
726=== added directory '.pc/0085-pivot-dir'
727=== renamed directory '.pc/0085-pivot-dir' => '.pc/0085-pivot-dir.moved'
728=== added file '.pc/0085-pivot-dir/.timestamp'
729=== added directory '.pc/0085-pivot-dir/templates'
730=== added file '.pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in'
731--- .pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in 1970-01-01 00:00:00 +0000
732+++ .pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in 2012-05-29 21:13:22 +0000
733@@ -0,0 +1,377 @@
734+#!/bin/bash
735+
736+# template script for generating ubuntu container for LXC based on released cloud
737+# images
738+#
739+# Copyright © 2012 Serge Hallyn <serge.hallyn@canonical.com>
740+#
741+# This program is free software; you can redistribute it and/or modify
742+# it under the terms of the GNU General Public License version 2, as
743+# published by the Free Software Foundation.
744+
745+# This program is distributed in the hope that it will be useful,
746+# but WITHOUT ANY WARRANTY; without even the implied warranty of
747+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
748+# GNU General Public License for more details.
749+
750+# You should have received a copy of the GNU General Public License along
751+# with this program; if not, write to the Free Software Foundation, Inc.,
752+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
753+#
754+
755+set -e
756+
757+if [ -r /etc/default/lxc ]; then
758+ . /etc/default/lxc
759+fi
760+
761+copy_configuration()
762+{
763+ path=$1
764+ rootfs=$2
765+ name=$3
766+ arch=$4
767+ release=$5
768+
769+ if [ $arch = "i386" ]; then
770+ arch="i686"
771+ fi
772+
773+ # if there is exactly one veth network entry, make sure it has an
774+ # associated hwaddr.
775+ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
776+ if [ $nics -eq 1 ]; then
777+ grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
778+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
779+EOF
780+ fi
781+
782+ cat <<EOF >> $path/config
783+lxc.utsname = $name
784+
785+lxc.tty = 4
786+lxc.pts = 1024
787+lxc.rootfs = $rootfs
788+lxc.mount = $path/fstab
789+lxc.arch = $arch
790+lxc.cap.drop = sys_module mac_admin
791+# uncomment the next line to run the container unconfined:
792+#lxc.aa_profile = unconfined
793+
794+lxc.cgroup.devices.deny = a
795+# Allow any mknod (but not using the node)
796+lxc.cgroup.devices.allow = c *:* m
797+lxc.cgroup.devices.allow = b *:* m
798+# /dev/null and zero
799+lxc.cgroup.devices.allow = c 1:3 rwm
800+lxc.cgroup.devices.allow = c 1:5 rwm
801+# consoles
802+lxc.cgroup.devices.allow = c 5:1 rwm
803+lxc.cgroup.devices.allow = c 5:0 rwm
804+#lxc.cgroup.devices.allow = c 4:0 rwm
805+#lxc.cgroup.devices.allow = c 4:1 rwm
806+# /dev/{,u}random
807+lxc.cgroup.devices.allow = c 1:9 rwm
808+lxc.cgroup.devices.allow = c 1:8 rwm
809+lxc.cgroup.devices.allow = c 136:* rwm
810+lxc.cgroup.devices.allow = c 5:2 rwm
811+# rtc
812+lxc.cgroup.devices.allow = c 254:0 rwm
813+#fuse
814+lxc.cgroup.devices.allow = c 10:229 rwm
815+#tun
816+lxc.cgroup.devices.allow = c 10:200 rwm
817+#full
818+lxc.cgroup.devices.allow = c 1:7 rwm
819+#hpet
820+lxc.cgroup.devices.allow = c 10:228 rwm
821+#kvm
822+lxc.cgroup.devices.allow = c 10:232 rwm
823+EOF
824+
825+ cat <<EOF > $path/fstab
826+proc proc proc nodev,noexec,nosuid 0 0
827+sysfs sys sysfs defaults 0 0
828+EOF
829+
830+ # rmdir /dev/shm in precise and quantal containers.
831+ # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
832+ # get bind mounted to the host's /run/shm. So try to rmdir
833+ # it, and in case that fails move it out of the way.
834+ if [ $release = "precise" ] || [ $release = "quantal" ]; then
835+ [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
836+ [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
837+ ln -s /run/shm $rootfs/dev/shm
838+ fi
839+
840+ return 0
841+}
842+
843+usage()
844+{
845+ cat <<EOF
846+LXC Container configuration for Ubuntu Cloud images.
847+
848+Generic Options
849+[ -r | --release <release> ]: Release name of container, defaults to host
850+[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
851+[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
852+[ -T | --tarball ]: Location of tarball
853+[ -d | --debug ]: Run with 'set -x' to debug errors
854+[ -s | --stream]: Use specified stream rather than 'released'
855+
856+Options, mutually exclusive of "-C" and "--cloud":
857+ [ -i | --hostid ]: HostID for cloud-init, defaults to random string
858+ [ -u | --userdata ]: Cloud-init user-data file to configure container on start
859+ [ -S | --auth-key ]: SSH Public key file to inject into container
860+ [ -L | --nolocales ]: Do not copy host's locales into container
861+
862+EOF
863+ return 0
864+}
865+
866+options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
867+if [ $? -ne 0 ]; then
868+ usage $(basename $0)
869+ exit 1
870+fi
871+eval set -- "$options"
872+
873+release=lucid
874+if [ -f /etc/lsb-release ]; then
875+ . /etc/lsb-release
876+ case "$DISTRIB_CODENAME" in
877+ lucid|natty|oneiric|precise|quantal)
878+ release=$DISTRIB_CODENAME
879+ ;;
880+ esac
881+fi
882+
883+arch=$(arch)
884+
885+# Code taken from debootstrap
886+if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
887+ arch=`/usr/bin/dpkg --print-architecture`
888+elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
889+ arch=`/usr/bin/udpkg --print-architecture`
890+else
891+ arch=$(arch)
892+ if [ "$arch" = "i686" ]; then
893+ arch="i386"
894+ elif [ "$arch" = "x86_64" ]; then
895+ arch="amd64"
896+ elif [ "$arch" = "armv7l" ]; then
897+ # note: arm images don't exist before oneiric; are called armhf in
898+ # precise and later; and are not supported by the query, so we don't actually
899+ # support them yet (see check later on). When Query2 is available,
900+ # we'll use that to enable arm images.
901+ arch="armel"
902+ fi
903+fi
904+
905+debug=0
906+hostarch=$arch
907+cloud=0
908+locales=1
909+flushcache=0
910+stream="released"
911+while true
912+do
913+ case "$1" in
914+ -h|--help) usage $0 && exit 0;;
915+ -p|--path) path=$2; shift 2;;
916+ -n|--name) name=$2; shift 2;;
917+ -F|--flush-cache) flushcache=1; shift 1;;
918+ -r|--release) release=$2; shift 2;;
919+ -a|--arch) arch=$2; shift 2;;
920+ -i|--hostid) host_id=$2; shift 2;;
921+ -u|--userdata) userdata=$2; shift 2;;
922+ -C|--cloud) cloud=1; shift 1;;
923+ -S|--auth-key) auth_key=$2; shift 2;;
924+ -L|--no_locales) locales=0; shift 2;;
925+ -T|--tarball) tarball=$2; shift 2;;
926+ -d|--debug) debug=1; shift 1;;
927+ -s|--stream) stream=$2; shift 2;;
928+ --) shift 1; break ;;
929+ *) break ;;
930+ esac
931+done
932+
933+if [ $debug -eq 1 ]; then
934+ set -x
935+fi
936+
937+if [ "$arch" == "i686" ]; then
938+ arch=i386
939+fi
940+
941+if [ $hostarch = "i386" -a $arch = "amd64" ]; then
942+ echo "can't create amd64 container on i386"
943+ exit 1
944+fi
945+
946+if [ $arch != "i386" -a $arch != "amd64" ]; then
947+ echo "Only i386 and amd64 are supported by the ubuntu cloud template."
948+ exit 1
949+fi
950+
951+if [ "$stream" != "daily" -a "$stream" != "released" ]; then
952+ echo "Only 'daily' and 'released' streams are supported"
953+ exit 1
954+fi
955+
956+if [ -n "$userdata" -a ! -f "$userdata" ]; then
957+ echo "Userdata does not exist"
958+ exit 1
959+fi
960+
961+if [ -z "$path" ]; then
962+ echo "'path' parameter is required"
963+ exit 1
964+fi
965+
966+if [ "$(id -u)" != "0" ]; then
967+ echo "This script should be run as 'root'"
968+ exit 1
969+fi
970+
971+rootfs=$path/rootfs
972+
973+type ubuntu-cloudimg-query
974+type wget
975+
976+# determine the url, tarball, and directory names
977+# download if needed
978+cache="/var/cache/lxc/cloud-$release"
979+
980+mkdir -p $cache
981+
982+if [ -n "$tarball" ]; then
983+ url2="$tarball"
984+else
985+ url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
986+ url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
987+fi
988+
989+filename=`basename $url2`
990+
991+buildcleanup()
992+{
993+ cd $rootfs
994+ umount -l $cache/$xdir || true
995+ rm -rf $cache
996+}
997+
998+# if the release doesn't have a *-rootfs.tar.gz, then create one from the
999+# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
1000+# a tarball from the mounted image.
1001+build_root_tgz()
1002+{
1003+ url=$1
1004+ filename=$2
1005+
1006+ xdir=`mktemp -d -p .`
1007+ tarname=`basename $url`
1008+ imgname="$release-*-cloudimg-$arch.img"
1009+ trap buildcleanup EXIT
1010+ if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
1011+ rm -f $tarname
1012+ echo "Downloading cloud image from $url"
1013+ wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
1014+ fi
1015+ echo "Creating new cached cloud image rootfs"
1016+ tar --wildcards -zxf $tarname $imgname
1017+ mount -o loop $imgname $xdir
1018+ (cd $xdir; tar zcf ../$filename .)
1019+ umount $xdir
1020+ rm -f $tarname $imgname
1021+ rmdir $xdir
1022+ echo "New cloud image cache created"
1023+ trap EXIT
1024+}
1025+
1026+mkdir -p /var/lock/subsys/
1027+(
1028+ flock -n -x 200
1029+
1030+ cd $cache
1031+ if [ $flushcache -eq 1 ]; then
1032+ echo "Clearing the cached images"
1033+ rm -f $filename
1034+ fi
1035+
1036+ if [ ! -f $filename ]; then
1037+ wget $url2 || build_root_tgz $url1 $filename
1038+ fi
1039+
1040+ echo "Extracting container rootfs"
1041+ mkdir -p $rootfs
1042+ cd $rootfs
1043+ tar -zxf $cache/$filename
1044+
1045+
1046+ if [ $cloud -eq 0 ]; then
1047+ echo "Configuring for running outside of a cloud environment"
1048+ echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
1049+
1050+ seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
1051+ rhostid=$(uuidgen | cut -c -8)
1052+ host_id=${hostid:-$rhostid}
1053+ mkdir -p $seed_d
1054+
1055+ cat > "$seed_d/meta-data" <<EOF
1056+instance_id: lxc-$host_id
1057+EOF
1058+
1059+ rm $rootfs/etc/hostname
1060+
1061+ if [ $locales -eq 1 ]; then
1062+ cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
1063+ fi
1064+
1065+
1066+ if [ -n "$auth_key" -a -f "$auth_key" ]; then
1067+ u_path="/home/ubuntu/.ssh"
1068+ root_u_path="$rootfs/$u_path"
1069+ mkdir -p $root_u_path
1070+ cp $auth_key "$root_u_path/authorized_keys"
1071+ chroot $rootfs chown -R ubuntu: "$u_path"
1072+
1073+ echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
1074+ fi
1075+
1076+ if [ -f "$userdata" ]; then
1077+ echo "Using custom user-data"
1078+ cp $userdata $seed_d/user-data
1079+ else
1080+
1081+ if [ -z "$MIRROR" ]; then
1082+ MIRROR="http://archive.ubuntu.com/ubuntu"
1083+ fi
1084+
1085+ cat > "$seed_d/user-data" <<EOF
1086+#cloud-config
1087+output: {all: '| tee -a /var/log/cloud-init-output.log'}
1088+apt-mirror: $MIRROR
1089+manage_etc_hosts: localhost
1090+locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
1091+EOF
1092+ fi
1093+
1094+ chroot $rootfs /usr/sbin/usermod -U ubuntu
1095+ echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
1096+ echo "Please login as user ubuntu with password ubuntu."
1097+
1098+ else
1099+
1100+ echo "Configured for running in a cloud environment."
1101+ echo "If you do not have a meta-data service, this container will likely be useless."
1102+
1103+ fi
1104+
1105+) 200>/var/lock/subsys/lxc-ubucloud
1106+
1107+copy_configuration $path $rootfs $name $arch $release
1108+
1109+echo "Container $name created."
1110+exit 0
1111
1112=== added file '.pc/0085-pivot-dir/templates/lxc-ubuntu.in'
1113--- .pc/0085-pivot-dir/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000
1114+++ .pc/0085-pivot-dir/templates/lxc-ubuntu.in 2012-05-29 21:13:22 +0000
1115@@ -0,0 +1,688 @@
1116+#!/bin/bash
1117+
1118+#
1119+# template script for generating ubuntu container for LXC
1120+#
1121+# This script consolidates and extends the existing lxc ubuntu scripts
1122+#
1123+
1124+# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
1125+# Copyright © 2010 Wilhelm Meier
1126+# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
1127+#
1128+# This program is free software; you can redistribute it and/or modify
1129+# it under the terms of the GNU General Public License version 2, as
1130+# published by the Free Software Foundation.
1131+
1132+# This program is distributed in the hope that it will be useful,
1133+# but WITHOUT ANY WARRANTY; without even the implied warranty of
1134+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1135+# GNU General Public License for more details.
1136+
1137+# You should have received a copy of the GNU General Public License along
1138+# with this program; if not, write to the Free Software Foundation, Inc.,
1139+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
1140+#
1141+
1142+set -e
1143+
1144+if [ -r /etc/default/lxc ]; then
1145+ . /etc/default/lxc
1146+fi
1147+
1148+configure_ubuntu()
1149+{
1150+ rootfs=$1
1151+ hostname=$2
1152+ release=$3
1153+
1154+ # configure the network using the dhcp
1155+ cat <<EOF > $rootfs/etc/network/interfaces
1156+# This file describes the network interfaces available on your system
1157+# and how to activate them. For more information, see interfaces(5).
1158+
1159+# The loopback network interface
1160+auto lo
1161+iface lo inet loopback
1162+
1163+auto eth0
1164+iface eth0 inet dhcp
1165+EOF
1166+
1167+ # set the hostname
1168+ cat <<EOF > $rootfs/etc/hostname
1169+$hostname
1170+EOF
1171+ # set minimal hosts
1172+ cat <<EOF > $rootfs/etc/hosts
1173+127.0.0.1 localhost
1174+127.0.1.1 $hostname
1175+
1176+# The following lines are desirable for IPv6 capable hosts
1177+::1 ip6-localhost ip6-loopback
1178+fe00::0 ip6-localnet
1179+ff00::0 ip6-mcastprefix
1180+ff02::1 ip6-allnodes
1181+ff02::2 ip6-allrouters
1182+EOF
1183+
1184+ if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
1185+ # suppress log level output for udev
1186+ sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
1187+
1188+ # remove jobs for consoles 5 and 6 since we only create 4 consoles in
1189+ # this template
1190+ rm -f $rootfs/etc/init/tty{5,6}.conf
1191+ fi
1192+
1193+ if [ -z "$bindhome" ]; then
1194+ chroot $rootfs useradd --create-home -s /bin/bash ubuntu
1195+ echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
1196+ fi
1197+
1198+ return 0
1199+}
1200+
1201+# finish setting up the user in the container by injecting ssh key and
1202+# adding sudo group membership.
1203+# passed-in user is either 'ubuntu' or the user to bind in from host.
1204+finalize_user()
1205+{
1206+ user=$1
1207+
1208+ sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
1209+
1210+ if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
1211+ groups="sudo"
1212+ else
1213+ groups="sudo admin"
1214+ fi
1215+
1216+ for group in $groups; do
1217+ chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
1218+ chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
1219+ done
1220+
1221+ if [ -n "$auth_key" -a -f "$auth_key" ]; then
1222+ u_path="/home/${user}/.ssh"
1223+ root_u_path="$rootfs/$u_path"
1224+
1225+ mkdir -p $root_u_path
1226+ cp $auth_key "$root_u_path/authorized_keys"
1227+ chroot $rootfs chown -R ${user}: "$u_path"
1228+
1229+ echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
1230+ fi
1231+ return 0
1232+}
1233+
1234+write_sourceslist()
1235+{
1236+ # $1 => path to the rootfs
1237+ # $2 => architecture we want to add
1238+ # $3 => whether to use the multi-arch syntax or not
1239+
1240+ case $2 in
1241+ amd64|i386)
1242+ MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
1243+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
1244+ ;;
1245+ *)
1246+ MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
1247+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
1248+ ;;
1249+ esac
1250+ if [ -n "$3" ]; then
1251+ cat >> "$1/etc/apt/sources.list" << EOF
1252+deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
1253+deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
1254+deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
1255+EOF
1256+ else
1257+ cat >> "$1/etc/apt/sources.list" << EOF
1258+deb $MIRROR ${release} main restricted universe multiverse
1259+deb $MIRROR ${release}-updates main restricted universe multiverse
1260+deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
1261+EOF
1262+ fi
1263+}
1264+
1265+download_ubuntu()
1266+{
1267+ cache=$1
1268+ arch=$2
1269+ release=$3
1270+
1271+ packages=vim,ssh
1272+ echo "installing packages: $packages"
1273+
1274+ # check the mini ubuntu was not already downloaded
1275+ mkdir -p "$cache/partial-$arch"
1276+ if [ $? -ne 0 ]; then
1277+ echo "Failed to create '$cache/partial-$arch' directory"
1278+ return 1
1279+ fi
1280+
1281+ # download a mini ubuntu into a cache
1282+ echo "Downloading ubuntu $release minimal ..."
1283+ if [ -n "$(which qemu-debootstrap)" ]; then
1284+ qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
1285+ else
1286+ debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
1287+ fi
1288+
1289+ if [ $? -ne 0 ]; then
1290+ echo "Failed to download the rootfs, aborting."
1291+ return 1
1292+ fi
1293+
1294+ # Serge isn't sure whether we should avoid doing this when
1295+ # $release == `distro-info -d`
1296+ echo "Installing updates"
1297+ > $cache/partial-$arch/etc/apt/sources.list
1298+ write_sourceslist $cache/partial-$arch/ $arch
1299+
1300+ chroot "$1/partial-${arch}" apt-get update
1301+ if [ $? -ne 0 ]; then
1302+ echo "Failed to update the apt cache"
1303+ return 1
1304+ fi
1305+ cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
1306+#!/bin/sh
1307+exit 101
1308+EOF
1309+ chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
1310+
1311+ lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
1312+ ret=$?
1313+ rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
1314+
1315+ if [ $ret -ne 0 ]; then
1316+ echo "Failed to upgrade the cache"
1317+ return 1
1318+ fi
1319+
1320+ mv "$1/partial-$arch" "$1/rootfs-$arch"
1321+ echo "Download complete"
1322+ return 0
1323+}
1324+
1325+copy_ubuntu()
1326+{
1327+ cache=$1
1328+ arch=$2
1329+ rootfs=$3
1330+
1331+ # make a local copy of the miniubuntu
1332+ echo "Copying rootfs to $rootfs ..."
1333+ mkdir -p $rootfs
1334+ rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
1335+ return 0
1336+}
1337+
1338+install_ubuntu()
1339+{
1340+ rootfs=$1
1341+ release=$2
1342+ flushcache=$3
1343+ cache="/var/cache/lxc/$release"
1344+ mkdir -p /var/lock/subsys/
1345+
1346+ (
1347+ flock -n -x 200
1348+ if [ $? -ne 0 ]; then
1349+ echo "Cache repository is busy."
1350+ return 1
1351+ fi
1352+
1353+
1354+ if [ $flushcache -eq 1 ]; then
1355+ echo "Flushing cache..."
1356+ rm -rf "$cache/partial-$arch"
1357+ rm -rf "$cache/rootfs-$arch"
1358+ fi
1359+
1360+ echo "Checking cache download in $cache/rootfs-$arch ... "
1361+ if [ ! -e "$cache/rootfs-$arch" ]; then
1362+ download_ubuntu $cache $arch $release
1363+ if [ $? -ne 0 ]; then
1364+ echo "Failed to download 'ubuntu $release base'"
1365+ return 1
1366+ fi
1367+ fi
1368+
1369+ echo "Copy $cache/rootfs-$arch to $rootfs ... "
1370+ copy_ubuntu $cache $arch $rootfs
1371+ if [ $? -ne 0 ]; then
1372+ echo "Failed to copy rootfs"
1373+ return 1
1374+ fi
1375+
1376+ return 0
1377+
1378+ ) 200>/var/lock/subsys/lxc
1379+
1380+ return $?
1381+}
1382+
1383+copy_configuration()
1384+{
1385+ path=$1
1386+ rootfs=$2
1387+ name=$3
1388+ arch=$4
1389+ release=$5
1390+
1391+ if [ $arch = "i386" ]; then
1392+ arch="i686"
1393+ fi
1394+
1395+ ttydir=""
1396+ if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
1397+ ttydir=" lxc"
1398+ fi
1399+
1400+ # if there is exactly one veth network entry, make sure it has an
1401+ # associated hwaddr.
1402+ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
1403+ if [ $nics -eq 1 ]; then
1404+ grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
1405+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
1406+EOF
1407+ fi
1408+
1409+ cat <<EOF >> $path/config
1410+lxc.utsname = $name
1411+
1412+lxc.devttydir =$ttydir
1413+lxc.tty = 4
1414+lxc.pts = 1024
1415+lxc.rootfs = $rootfs
1416+lxc.mount = $path/fstab
1417+lxc.arch = $arch
1418+lxc.cap.drop = sys_module mac_admin mac_override
1419+# uncomment the next line to run the container unconfined:
1420+#lxc.aa_profile = unconfined
1421+
1422+lxc.cgroup.devices.deny = a
1423+# Allow any mknod (but not using the node)
1424+lxc.cgroup.devices.allow = c *:* m
1425+lxc.cgroup.devices.allow = b *:* m
1426+# /dev/null and zero
1427+lxc.cgroup.devices.allow = c 1:3 rwm
1428+lxc.cgroup.devices.allow = c 1:5 rwm
1429+# consoles
1430+lxc.cgroup.devices.allow = c 5:1 rwm
1431+lxc.cgroup.devices.allow = c 5:0 rwm
1432+#lxc.cgroup.devices.allow = c 4:0 rwm
1433+#lxc.cgroup.devices.allow = c 4:1 rwm
1434+# /dev/{,u}random
1435+lxc.cgroup.devices.allow = c 1:9 rwm
1436+lxc.cgroup.devices.allow = c 1:8 rwm
1437+lxc.cgroup.devices.allow = c 136:* rwm
1438+lxc.cgroup.devices.allow = c 5:2 rwm
1439+# rtc
1440+lxc.cgroup.devices.allow = c 254:0 rwm
1441+#fuse
1442+lxc.cgroup.devices.allow = c 10:229 rwm
1443+#tun
1444+lxc.cgroup.devices.allow = c 10:200 rwm
1445+#full
1446+lxc.cgroup.devices.allow = c 1:7 rwm
1447+#hpet
1448+lxc.cgroup.devices.allow = c 10:228 rwm
1449+#kvm
1450+lxc.cgroup.devices.allow = c 10:232 rwm
1451+EOF
1452+
1453+ cat <<EOF > $path/fstab
1454+proc proc proc nodev,noexec,nosuid 0 0
1455+sysfs sys sysfs defaults 0 0
1456+EOF
1457+
1458+ if [ $? -ne 0 ]; then
1459+ echo "Failed to add configuration"
1460+ return 1
1461+ fi
1462+
1463+ return 0
1464+}
1465+
1466+trim()
1467+{
1468+ rootfs=$1
1469+ release=$2
1470+
1471+ # provide the lxc service
1472+ cat <<EOF > $rootfs/etc/init/lxc.conf
1473+# fake some events needed for correct startup other services
1474+
1475+description "Container Upstart"
1476+
1477+start on startup
1478+
1479+script
1480+ rm -rf /var/run/*.pid
1481+ rm -rf /var/run/network/*
1482+ /sbin/initctl emit stopped JOB=udevtrigger --no-wait
1483+ /sbin/initctl emit started JOB=udev --no-wait
1484+end script
1485+EOF
1486+
1487+ # fix buggus runlevel with sshd
1488+ cat <<EOF > $rootfs/etc/init/ssh.conf
1489+# ssh - OpenBSD Secure Shell server
1490+#
1491+# The OpenSSH server provides secure shell access to the system.
1492+
1493+description "OpenSSH server"
1494+
1495+start on filesystem
1496+stop on runlevel [!2345]
1497+
1498+expect fork
1499+respawn
1500+respawn limit 10 5
1501+umask 022
1502+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
1503+oom never
1504+
1505+pre-start script
1506+ test -x /usr/sbin/sshd || { stop; exit 0; }
1507+ test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
1508+ test -c /dev/null || { stop; exit 0; }
1509+
1510+ mkdir -p -m0755 /var/run/sshd
1511+end script
1512+
1513+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
1514+# 'exec' line here instead
1515+exec /usr/sbin/sshd
1516+EOF
1517+
1518+ cat <<EOF > $rootfs/etc/init/console.conf
1519+# console - getty
1520+#
1521+# This service maintains a console on tty1 from the point the system is
1522+# started until it is shut down again.
1523+
1524+start on stopped rc RUNLEVEL=[2345]
1525+stop on runlevel [!2345]
1526+
1527+respawn
1528+exec /sbin/getty -8 38400 /dev/console
1529+EOF
1530+
1531+ cat <<EOF > $rootfs/lib/init/fstab
1532+# /lib/init/fstab: cleared out for bare-bones lxc
1533+EOF
1534+
1535+ # reconfigure some services
1536+ if [ -z "$LANG" ]; then
1537+ chroot $rootfs locale-gen en_US.UTF-8
1538+ chroot $rootfs update-locale LANG=en_US.UTF-8
1539+ else
1540+ chroot $rootfs locale-gen $LANG
1541+ chroot $rootfs update-locale LANG=$LANG
1542+ fi
1543+
1544+ # remove pointless services in a container
1545+ chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
1546+
1547+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
1548+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
1549+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
1550+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
1551+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
1552+
1553+ # if this isn't lucid, then we need to twiddle the network upstart bits :(
1554+ if [ $release != "lucid" ]; then
1555+ sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
1556+ fi
1557+}
1558+
1559+post_process()
1560+{
1561+ rootfs=$1
1562+ release=$2
1563+ trim_container=$3
1564+
1565+ if [ $trim_container -eq 1 ]; then
1566+ trim $rootfs $release
1567+ elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
1568+ # Make sure we have a working resolv.conf
1569+ cresolvonf="${rootfs}/etc/resolv.conf"
1570+ mv $cresolvonf ${cresolvonf}.lxcbak
1571+ cat /etc/resolv.conf > ${cresolvonf}
1572+
1573+ # for lucid, if not trimming, then add the ubuntu-virt
1574+ # ppa and install lxcguest
1575+ if [ $release = "lucid" ]; then
1576+ chroot $rootfs apt-get install --force-yes -y python-software-properties
1577+ chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
1578+ fi
1579+
1580+ chroot $rootfs apt-get update
1581+ chroot $rootfs apt-get install --force-yes -y lxcguest
1582+
1583+ # Restore old resolv.conf
1584+ rm -f ${cresolvonf}
1585+ mv ${cresolvonf}.lxcbak ${cresolvonf}
1586+ fi
1587+
1588+ # If the container isn't running a native architecture, setup multiarch
1589+ if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
1590+ mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
1591+ echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
1592+
1593+ # Save existing value of MIRROR and SECURITY_MIRROR
1594+ DEFAULT_MIRROR=$MIRROR
1595+ DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
1596+
1597+ # Write a new sources.list containing both native and multiarch entries
1598+ > ${rootfs}/etc/apt/sources.list
1599+ write_sourceslist $rootfs $arch "native"
1600+
1601+ MIRROR=$DEFAULT_MIRROR
1602+ SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
1603+ write_sourceslist $rootfs $hostarch "multiarch"
1604+
1605+ # Finally update the lists and install upstart using the host architecture
1606+ chroot $rootfs apt-get update
1607+ chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
1608+ fi
1609+
1610+ # rmdir /dev/shm for containers that have /run/shm
1611+ # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
1612+ # get bind mounted to the host's /run/shm. So try to rmdir
1613+ # it, and in case that fails move it out of the way.
1614+ if [ -d $rootfs/run/shm ]; then
1615+ [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
1616+ [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
1617+ ln -s /run/shm $rootfs/dev/shm
1618+ fi
1619+}
1620+
1621+do_bindhome()
1622+{
1623+ rootfs=$1
1624+ user=$2
1625+
1626+ # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
1627+ pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
1628+ echo $pwd >> $rootfs/etc/passwd
1629+
1630+ # make sure user's shell exists in the container
1631+ shell=`echo $pwd | cut -d: -f 7`
1632+ if [ ! -x $rootfs/$shell ]; then
1633+ echo "shell $shell for user $user was not found in the container."
1634+ pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
1635+ echo "Installing $pkg"
1636+ chroot $rootfs apt-get --force-yes -y install $pkg
1637+ fi
1638+
1639+ shad=`getent shadow $user`
1640+ echo "$shad" >> $rootfs/etc/shadow
1641+
1642+ # bind-mount the user's path into the container's /home
1643+ h=`getent passwd $user | cut -d: -f 6`
1644+ mkdir -p $rootfs/$h
1645+
1646+ # use relative path in container
1647+ h2=${h#/}
1648+ while [ ${h2:0:1} = "/" ]; do
1649+ h2=${h2#/}
1650+ done
1651+ echo "$h $h2 none bind 0 0" >> $path/fstab
1652+
1653+ # Make sure the group exists in container
1654+ grp=`echo $pwd | cut -d: -f 4` # group number for $user
1655+ grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container
1656+ chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
1657+}
1658+
1659+usage()
1660+{
1661+ cat <<EOF
1662+$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
1663+ [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
1664+release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
1665+trim: make a minimal (faster, but not upgrade-safe) container
1666+bindhome: bind <user>'s home into the container
1667+ The ubuntu user will not be created, and <user> will have
1668+ sudo access.
1669+arch: the container architecture (e.g. amd64): defaults to host arch
1670+auth-key: SSH Public key file to inject into container
1671+EOF
1672+ return 0
1673+}
1674+
1675+options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
1676+if [ $? -ne 0 ]; then
1677+ usage $(basename $0)
1678+ exit 1
1679+fi
1680+eval set -- "$options"
1681+
1682+release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
1683+if [ -f /etc/lsb-release ]; then
1684+ . /etc/lsb-release
1685+ if [ "$DISTRIB_ID" = "Ubuntu" ]; then
1686+ release=$DISTRIB_CODENAME
1687+ fi
1688+fi
1689+
1690+bindhome=
1691+arch=$(arch)
1692+
1693+# Code taken from debootstrap
1694+if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
1695+ arch=`/usr/bin/dpkg --print-architecture`
1696+elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
1697+ arch=`/usr/bin/udpkg --print-architecture`
1698+else
1699+ arch=$(arch)
1700+ if [ "$arch" = "i686" ]; then
1701+ arch="i386"
1702+ elif [ "$arch" = "x86_64" ]; then
1703+ arch="amd64"
1704+ elif [ "$arch" = "armv7l" ]; then
1705+ arch="armel"
1706+ fi
1707+fi
1708+
1709+debug=0
1710+trim_container=0
1711+hostarch=$arch
1712+flushcache=0
1713+while true
1714+do
1715+ case "$1" in
1716+ -h|--help) usage $0 && exit 0;;
1717+ -p|--path) path=$2; shift 2;;
1718+ -n|--name) name=$2; shift 2;;
1719+ -F|--flush-cache) flushcache=1; shift 1;;
1720+ -r|--release) release=$2; shift 2;;
1721+ -b|--bindhome) bindhome=$2; shift 2;;
1722+ -a|--arch) arch=$2; shift 2;;
1723+ -x|--trim) trim_container=1; shift 1;;
1724+ -S|--auth-key) auth_key=$2; shift 2;;
1725+ -d|--debug) debug=1; shift 1;;
1726+ --) shift 1; break ;;
1727+ *) break ;;
1728+ esac
1729+done
1730+
1731+if [ $debug -eq 1 ]; then
1732+ set -x
1733+fi
1734+
1735+if [ -n "$bindhome" ]; then
1736+ pwd=`getent passwd $bindhome`
1737+ if [ $? -ne 0 ]; then
1738+ echo "Error: no password entry found for $bindhome"
1739+ exit 1
1740+ fi
1741+fi
1742+
1743+
1744+if [ "$arch" == "i686" ]; then
1745+ arch=i386
1746+fi
1747+
1748+if [ $hostarch = "i386" -a $arch = "amd64" ]; then
1749+ echo "can't create amd64 container on i386"
1750+ exit 1
1751+fi
1752+
1753+type debootstrap
1754+if [ $? -ne 0 ]; then
1755+ echo "'debootstrap' command is missing"
1756+ exit 1
1757+fi
1758+
1759+if [ -z "$path" ]; then
1760+ echo "'path' parameter is required"
1761+ exit 1
1762+fi
1763+
1764+if [ "$(id -u)" != "0" ]; then
1765+ echo "This script should be run as 'root'"
1766+ exit 1
1767+fi
1768+
1769+rootfs=$path/rootfs
1770+
1771+install_ubuntu $rootfs $release $flushcache
1772+if [ $? -ne 0 ]; then
1773+ echo "failed to install ubuntu $release"
1774+ exit 1
1775+fi
1776+
1777+configure_ubuntu $rootfs $name $release
1778+if [ $? -ne 0 ]; then
1779+ echo "failed to configure ubuntu $release for a container"
1780+ exit 1
1781+fi
1782+
1783+copy_configuration $path $rootfs $name $arch $release
1784+if [ $? -ne 0 ]; then
1785+ echo "failed write configuration file"
1786+ exit 1
1787+fi
1788+
1789+post_process $rootfs $release $trim_container
1790+
1791+if [ -n "$bindhome" ]; then
1792+ do_bindhome $rootfs $bindhome
1793+ finalize_user $bindhome
1794+else
1795+ finalize_user ubuntu
1796+fi
1797+
1798+echo ""
1799+echo "##"
1800+echo "# The default user is 'ubuntu' with password 'ubuntu'!"
1801+echo "# Use the 'sudo' command to run tasks as root in the container."
1802+echo "##"
1803+echo ""
1804
1805=== added file 'debian/lxc.dnsmasq'
1806--- debian/lxc.dnsmasq 1970-01-01 00:00:00 +0000
1807+++ debian/lxc.dnsmasq 2012-05-29 21:13:22 +0000
1808@@ -0,0 +1,2 @@
1809+bind-interfaces
1810+except-interface=lxcbr0
1811
1812=== renamed file 'debian/lxc.dnsmasq' => 'debian/lxc.dnsmasq.moved'
1813=== added file 'debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch'
1814--- debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch 1970-01-01 00:00:00 +0000
1815+++ debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch 2012-05-29 21:13:22 +0000
1816@@ -0,0 +1,53 @@
1817+From d163cf279f26f44ad0d2a43c087d97c2b1063e7e Mon Sep 17 00:00:00 2001
1818+From: Serge Hallyn <serge.hallyn@ubuntu.com>
1819+Date: Thu, 24 May 2012 14:19:57 -0500
1820+Subject: [PATCH 1/1] lxc-ubuntu.in: drop duplicate code
1821+
1822+Commits 15da01b3938d7ba45472e6c9d3b183a94dd86ca9 and
1823+2e44ed1e647d9fd1544b7ad855bda22ca71abd12 conflicted and resulted in
1824+some duplicate functionality. Drop the poorer version of that block.
1825+
1826+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
1827+---
1828+ templates/lxc-ubuntu.in | 28 ----------------------------
1829+ 1 file changed, 28 deletions(-)
1830+
1831+Index: lxc/templates/lxc-ubuntu.in
1832+===================================================================
1833+--- lxc.orig/templates/lxc-ubuntu.in 2012-05-24 14:24:14.836363000 -0500
1834++++ lxc/templates/lxc-ubuntu.in 2012-05-24 14:26:55.384221133 -0500
1835+@@ -176,34 +176,6 @@
1836+ return 1
1837+ fi
1838+
1839+- echo "Installing updates"
1840+- if [ -z "$MIRROR" ]; then
1841+- MIRROR="http://archive.ubuntu.com/ubuntu"
1842+- fi
1843+- cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
1844+-deb $MIRROR ${release}-updates main universe
1845+-deb http://security.ubuntu.com/ubuntu ${release}-security main universe
1846+-EOF
1847+- chroot "$1/partial-${arch}" apt-get update
1848+- if [ $? -ne 0 ]; then
1849+- echo "Failed to update the apt cache"
1850+- return 1
1851+- fi
1852+- cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
1853+-#!/bin/sh
1854+-exit 101
1855+-EOF
1856+- chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
1857+-
1858+- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
1859+- ret=$?
1860+-
1861+- rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
1862+- if [ $ret -ne 0 ]; then
1863+- echo "Failed to upgrade the cache"
1864+- return 1
1865+- fi
1866+-
1867+ # Serge isn't sure whether we should avoid doing this when
1868+ # $release == `distro-info -d`
1869+ echo "Installing updates"
1870
1871=== renamed file 'debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch' => 'debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch.moved'
1872=== added file 'debian/patches/0085-pivot-dir'
1873--- debian/patches/0085-pivot-dir 1970-01-01 00:00:00 +0000
1874+++ debian/patches/0085-pivot-dir 2012-05-29 21:13:22 +0000
1875@@ -0,0 +1,33 @@
1876+Description: use lxc_putold as the pivot_root put dir
1877+ By default we use mnt, but that means that lxc fstab entries do not work
1878+ when placed under the container's /mnt/.
1879+Author: Serge Hallyn <serge.hallyn@ubuntu.com>
1880+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/986385
1881+Forwarded: yes
1882+
1883+Index: lxc/templates/lxc-ubuntu-cloud.in
1884+===================================================================
1885+--- lxc.orig/templates/lxc-ubuntu-cloud.in 2012-05-24 14:24:14.836363000 -0500
1886++++ lxc/templates/lxc-ubuntu-cloud.in 2012-05-25 11:24:39.800430880 -0500
1887+@@ -55,6 +55,8 @@
1888+ lxc.mount = $path/fstab
1889+ lxc.arch = $arch
1890+ lxc.cap.drop = sys_module mac_admin
1891++lxc.pivotdir = lxc_putold
1892++
1893+ # uncomment the next line to run the container unconfined:
1894+ #lxc.aa_profile = unconfined
1895+
1896+Index: lxc/templates/lxc-ubuntu.in
1897+===================================================================
1898+--- lxc.orig/templates/lxc-ubuntu.in 2012-05-24 14:26:55.384221133 -0500
1899++++ lxc/templates/lxc-ubuntu.in 2012-05-25 11:24:28.688431175 -0500
1900+@@ -301,6 +301,8 @@
1901+ lxc.mount = $path/fstab
1902+ lxc.arch = $arch
1903+ lxc.cap.drop = sys_module mac_admin mac_override
1904++lxc.pivotdir = lxc_putold
1905++
1906+ # uncomment the next line to run the container unconfined:
1907+ #lxc.aa_profile = unconfined
1908+
1909
1910=== renamed file 'debian/patches/0085-pivot-dir' => 'debian/patches/0085-pivot-dir.moved'

Subscribers

People subscribed via source and target branches