Ubuntu
lxc package

Merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516 into lp:ubuntu/quantal/lxc

Proposed by Ubuntu Package Importer on 2012-10-15

Status:	Rejected
Rejected by:	James Westby on 2012-11-29
Proposed branch:	lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516
Merge into:	lp:ubuntu/quantal/lxc
Diff against target:	1175 lines (+1154/-0) (has conflicts) 3 files modified .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in (+406/-0) .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in (+718/-0) debian/patches/0224-ubuntu-templates-devtmpfs (+30/-0) Conflict adding file .pc/0224-ubuntu-templates-devtmpfs. Moved existing file to .pc/0224-ubuntu-templates-devtmpfs.moved. Conflict adding file debian/patches/0224-ubuntu-templates-devtmpfs. Moved existing file to debian/patches/0224-ubuntu-templates-devtmpfs.moved.
To merge this branch:	bzr merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu branches		2012-10-15	Pending
Review via email: mp+129689@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/quantal/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

Unmerged revisions

164. By Serge Hallyn on 2012-10-04: releasing version 0.8.0~rc1-4ubuntu37
163. By Serge Hallyn on 2012-10-04: 0224-ubuntu-templates-devtmpfs: mount devtmpfs in ubuntu containers.
(LP: #1060404)
162. By Serge Hallyn on 2012-09-21: update 0222-debian-dhcp3-package: use dhcp3-client, not server!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Christian Kampka

Ubuntu branches

 === added directory '.pc/0224-ubuntu-templates-devtmpfs'
 === renamed directory '.pc/0224-ubuntu-templates-devtmpfs' => '.pc/0224-ubuntu-templates-devtmpfs.moved'
 === added file '.pc/0224-ubuntu-templates-devtmpfs/.timestamp'
 === added directory '.pc/0224-ubuntu-templates-devtmpfs/templates'
 === added file '.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu'
 === added file '.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in'
 --- .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in	1970-01-01 00:00:00 +0000
 +++ .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in	2012-10-15 15:25:24 +0000
@@ -0,0 +1,406 @@
++#!/bin/bash
++
++# template script for generating ubuntu container for LXC based on released cloud
++# images
++#
++# Copyright Â© 2012 Serge Hallyn <serge.hallyn@canonical.com>
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 2, as
++# published by the Free Software Foundation.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License along
++# with this program; if not, write to the Free Software Foundation, Inc.,
++# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++
++set -e
++
++if [ -r /etc/default/lxc ]; then
++    . /etc/default/lxc
++fi
++
++copy_configuration()
++{
++    path=$1
++    rootfs=$2
++    name=$3
++    arch=$4
++    release=$5
++
++    if [ $arch = "i386" ]; then
++        arch="i686"
++    fi
++
++    # if there is exactly one veth network entry, make sure it has an
++    # associated hwaddr.
++    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
++    if [ $nics -eq 1 ]; then
++        grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
++lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
++EOF
++    fi
++
++    grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
++    cat <<EOF >> $path/config
++lxc.utsname = $name
++
++lxc.tty = 4
++lxc.pts = 1024
++lxc.mount  = $path/fstab
++lxc.arch = $arch
++lxc.cap.drop = sys_module mac_admin
++lxc.pivotdir = lxc_putold
++
++# uncomment the next line to run the container unconfined:
++#lxc.aa_profile = unconfined
++
++lxc.cgroup.devices.deny = a
++# Allow any mknod (but not using the node)
++lxc.cgroup.devices.allow = c *:* m
++lxc.cgroup.devices.allow = b *:* m
++# /dev/null and zero
++lxc.cgroup.devices.allow = c 1:3 rwm
++lxc.cgroup.devices.allow = c 1:5 rwm
++# consoles
++lxc.cgroup.devices.allow = c 5:1 rwm
++lxc.cgroup.devices.allow = c 5:0 rwm
++#lxc.cgroup.devices.allow = c 4:0 rwm
++#lxc.cgroup.devices.allow = c 4:1 rwm
++# /dev/{,u}random
++lxc.cgroup.devices.allow = c 1:9 rwm
++lxc.cgroup.devices.allow = c 1:8 rwm
++lxc.cgroup.devices.allow = c 136:* rwm
++lxc.cgroup.devices.allow = c 5:2 rwm
++# rtc
++lxc.cgroup.devices.allow = c 254:0 rwm
++#fuse
++lxc.cgroup.devices.allow = c 10:229 rwm
++#tun
++lxc.cgroup.devices.allow = c 10:200 rwm
++#full
++lxc.cgroup.devices.allow = c 1:7 rwm
++#hpet
++lxc.cgroup.devices.allow = c 10:228 rwm
++#kvm
++lxc.cgroup.devices.allow = c 10:232 rwm
++EOF
++
++    cat <<EOF > $path/fstab
++proc            proc         proc    nodev,noexec,nosuid 0 0
++sysfs           sys          sysfs defaults  0 0
++EOF
++
++    # rmdir /dev/shm for containers that have /run/shm
++    # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
++    # get bind mounted to the host's /run/shm.  So try to rmdir
++    # it, and in case that fails move it out of the way.
++    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
++        mv $rootfs/dev/shm $rootfs/dev/shm.bak
++        ln -s /run/shm $rootfs/dev/shm
++    fi
++
++    return 0
++}
++
++usage()
++{
++    cat <<EOF
++LXC Container configuration for Ubuntu Cloud images.
++
++Generic Options
++[ -r | --release <release> ]: Release name of container, defaults to host
++[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
++[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
++[ -T | --tarball ]: Location of tarball
++[ -d | --debug ]: Run with 'set -x' to debug errors
++[ -s | --stream]: Use specified stream rather than 'released'
++
++Options, mutually exclusive of "-C" and "--cloud":
++  [ -i | --hostid ]:    HostID for cloud-init, defaults to random string
++  [ -u | --userdata ]:  Cloud-init user-data file to configure container on start
++  [ -S | --auth-key ]:  SSH Public key file to inject into container
++  [ -L | --nolocales ]: Do not copy host's locales into container
++
++EOF
++    return 0
++}
++
++options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
++if [ $? -ne 0 ]; then
++    usage $(basename $0)
++    exit 1
++fi
++eval set -- "$options"
++
++release=lucid
++if [ -f /etc/lsb-release ]; then
++    . /etc/lsb-release
++    case "$DISTRIB_CODENAME" in
++        lucid|natty|oneiric|precise|quantal)
++            release=$DISTRIB_CODENAME
++        ;;
++    esac
++fi
++
++arch=$(arch)
++
++# Code taken from debootstrap
++if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/dpkg --print-architecture`
++elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/udpkg --print-architecture`
++else
++    arch=$(arch)
++    if [ "$arch" = "i686" ]; then
++        arch="i386"
++    elif [ "$arch" = "x86_64" ]; then
++        arch="amd64"
++    elif [ "$arch" = "armv7l" ]; then
++        # note: arm images don't exist before oneiric;  are called armhf in
++        # precise and later;  and are not supported by the query, so we don't actually
++        # support them yet (see check later on).  When Query2 is available,
++        # we'll use that to enable arm images.
++        arch="armel"
++    fi
++fi
++
++debug=0
++hostarch=$arch
++cloud=0
++locales=1
++flushcache=0
++stream="released"
++while true
++do
++    case "$1" in
++    -h|--help)         usage $0 && exit 0;;
++    -p|--path)         path=$2; shift 2;;
++    -n|--name)         name=$2; shift 2;;
++    -F|--flush-cache)  flushcache=1; shift 1;;
++    -r|--release)      release=$2; shift 2;;
++    -a|--arch)         arch=$2; shift 2;;
++    -i|--hostid)       host_id=$2; shift 2;;
++    -u|--userdata)     userdata=$2; shift 2;;
++    -C|--cloud)        cloud=1; shift 1;;
++    -S|--auth-key)     auth_key=$2; shift 2;;
++    -L|--no_locales)   locales=0; shift 2;;
++    -T|--tarball)      tarball=$2; shift 2;;
++    -d|--debug)        debug=1; shift 1;;
++    -s|--stream)       stream=$2; shift 2;;
++    --)                shift 1; break ;;
++        *)              break ;;
++    esac
++done
++
++if [ $debug -eq 1 ]; then
++    set -x
++fi
++
++if [ "$arch" == "i686" ]; then
++    arch=i386
++fi
++
++if [ $hostarch = "i386" -a $arch = "amd64" ]; then
++    echo "can't create amd64 container on i386"
++    exit 1
++fi
++
++if [ $arch != "i386" -a $arch != "amd64" ]; then
++    echo "Only i386 and amd64 are supported by the ubuntu cloud template."
++    exit 1
++fi
++
++if [ "$stream" != "daily" -a "$stream" != "released" ]; then
++    echo "Only 'daily' and 'released' streams are supported"
++    exit 1
++fi
++
++if [ -n "$userdata" ]; then
++    if [ ! -f "$userdata" ]; then
++        echo "Userdata ($userdata) does not exist"
++        exit 1
++    else
++        userdata=`readlink -f $userdata`
++    fi
++fi
++
++if [ -n "$auth_key" ]; then
++    if [ ! -f "$auth_key" ]; then
++        echo "--auth-key=${auth_key} must reference a file"
++        exit 1
++    fi
++    auth_key=$(readlink -f "${auth_key}") ||
++        { echo "failed to get full path for auth_key"; exit 1; }
++fi
++
++if [ -z "$path" ]; then
++    echo "'path' parameter is required"
++    exit 1
++fi
++
++if [ "$(id -u)" != "0" ]; then
++    echo "This script should be run as 'root'"
++    exit 1
++fi
++
++# detect rootfs
++config="$path/config"
++if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
++    rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
++else
++    rootfs=$path/rootfs
++fi
++
++type ubuntu-cloudimg-query
++type wget
++
++# determine the url, tarball, and directory names
++# download if needed
++cache="/var/cache/lxc/cloud-$release"
++
++mkdir -p $cache
++
++if [ -n "$tarball" ]; then
++    url2="$tarball"
++else
++    url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
++    url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
++fi
++
++filename=`basename $url2`
++
++wgetcleanup()
++{
++    rm -f $filename
++}
++
++buildcleanup()
++{
++    cd $rootfs
++    umount -l $cache/$xdir || true
++    rm -rf $cache
++}
++
++# if the release doesn't have a *-rootfs.tar.gz, then create one from the
++# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
++# a tarball from the mounted image.
++build_root_tgz()
++{
++    url=$1
++    filename=$2
++
++    xdir=`mktemp -d -p .`
++    tarname=`basename $url`
++    imgname="$release-*-cloudimg-$arch.img"
++    trap buildcleanup EXIT SIGHUP SIGINT SIGTERM
++    if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
++        rm -f $tarname
++        echo "Downloading cloud image from $url"
++        wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
++    fi
++    echo "Creating new cached cloud image rootfs"
++    tar --wildcards -zxf $tarname $imgname
++    mount -o loop $imgname $xdir
++    (cd $xdir; tar zcf ../$filename .)
++    umount $xdir
++    rm -f $tarname $imgname
++    rmdir $xdir
++    echo "New cloud image cache created"
++    trap EXIT
++    trap SIGHUP
++    trap SIGINT
++    trap SIGTERM
++}
++
++mkdir -p /var/lock/subsys/
++(
++    flock -x 200
++
++    cd $cache
++    if [ $flushcache -eq 1 ]; then
++        echo "Clearing the cached images"
++        rm -f $filename
++    fi
++
++    trap wgetcleanup EXIT SIGHUP SIGINT SIGTERM
++    if [ ! -f $filename ]; then
++        wget $url2 || build_root_tgz $url1 $filename
++    fi
++    trap EXIT
++    trap SIGHUP
++    trap SIGINT
++    trap SIGTERM
++
++    echo "Extracting container rootfs"
++    mkdir -p $rootfs
++    cd $rootfs
++    tar -zxf $cache/$filename
++
++
++    if [ $cloud -eq 0 ]; then
++        echo "Configuring for running outside of a cloud environment"
++        echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
++
++        seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
++        rhostid=$(uuidgen | cut -c -8)
++        host_id=${hostid:-$rhostid}
++        mkdir -p $seed_d
++
++        cat > "$seed_d/meta-data" <<EOF
++instance-id: lxc-$host_id
++EOF
++        if [ -n "$auth_key" ]; then
++            {
++            echo "public-keys:" &&
++            sed -e '/^$/d' -e 's,^,- ,' "$auth_key" "$auth_key"
++            } >> "$seed_d/meta-data"
++            [ $? -eq 0 ] ||
++                { echo "failed to write public keys to metadata"; exit 1; }
++        fi
++
++        rm $rootfs/etc/hostname
++
++        if [ $locales -eq 1 ]; then
++            cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
++        fi
++
++        if [ -f "$userdata" ]; then
++            echo "Using custom user-data"
++            cp $userdata $seed_d/user-data
++        else
++
++            if [ -z "$MIRROR" ]; then
++                MIRROR="http://archive.ubuntu.com/ubuntu"
++            fi
++
++            cat > "$seed_d/user-data" <<EOF
++#cloud-config
++output: {all: '| tee -a /var/log/cloud-init-output.log'}
++apt_mirror: $MIRROR
++manage_etc_hosts: localhost
++locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
++password: ubuntu
++chpasswd: { expire: False }
++EOF
++        fi
++
++    else
++
++        echo "Configured for running in a cloud environment."
++        echo "If you do not have a meta-data service, this container will likely be useless."
++
++    fi
++) 200>/var/lock/subsys/lxc-ubucloud
++
++copy_configuration $path $rootfs $name $arch $release
++
++echo "Container $name created."
++exit 0
++
++# vi: ts=4 expandtab
 === added file '.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in'
 --- .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in	1970-01-01 00:00:00 +0000
 +++ .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in	2012-10-15 15:25:24 +0000
@@ -0,0 +1,718 @@
++#!/bin/bash
++
++#
++# template script for generating ubuntu container for LXC
++#
++# This script consolidates and extends the existing lxc ubuntu scripts
++#
++
++# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
++# Copyright © 2010 Wilhelm Meier
++# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 2, as
++# published by the Free Software Foundation.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License along
++# with this program; if not, write to the Free Software Foundation, Inc.,
++# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++
++set -e
++
++if [ -r /etc/default/lxc ]; then
++    . /etc/default/lxc
++fi
++
++configure_ubuntu()
++{
++    rootfs=$1
++    hostname=$2
++    release=$3
++
++   # configure the network using the dhcp
++    cat <<EOF > $rootfs/etc/network/interfaces
++# This file describes the network interfaces available on your system
++# and how to activate them. For more information, see interfaces(5).
++
++# The loopback network interface
++auto lo
++iface lo inet loopback
++
++auto eth0
++iface eth0 inet dhcp
++EOF
++
++    # set the hostname
++    cat <<EOF > $rootfs/etc/hostname
++$hostname
++EOF
++    # set minimal hosts
++    cat <<EOF > $rootfs/etc/hosts
++127.0.0.1   localhost
++127.0.1.1   $hostname
++
++# The following lines are desirable for IPv6 capable hosts
++::1     ip6-localhost ip6-loopback
++fe00::0 ip6-localnet
++ff00::0 ip6-mcastprefix
++ff02::1 ip6-allnodes
++ff02::2 ip6-allrouters
++EOF
++
++    if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
++        # suppress log level output for udev
++        sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
++
++        # remove jobs for consoles 5 and 6 since we only create 4 consoles in
++        # this template
++        rm -f $rootfs/etc/init/tty{5,6}.conf
++    fi
++
++    if [ -z "$bindhome" ]; then
++        chroot $rootfs useradd --create-home -s /bin/bash ubuntu
++        echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
++    fi
++
++    return 0
++}
++
++# finish setting up the user in the container by injecting ssh key and
++# adding sudo group membership.
++# passed-in user is either 'ubuntu' or the user to bind in from host.
++finalize_user()
++{
++    user=$1
++
++    sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
++
++    if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
++        groups="sudo"
++    else
++        groups="sudo admin"
++    fi
++
++    for group in $groups; do
++        chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
++        chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
++    done
++
++    if [ -n "$auth_key" -a -f "$auth_key" ]; then
++        u_path="/home/${user}/.ssh"
++        root_u_path="$rootfs/$u_path"
++
++        mkdir -p $root_u_path
++        cp $auth_key "$root_u_path/authorized_keys"
++        chroot $rootfs chown -R ${user}: "$u_path"
++
++        echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
++    fi
++    return 0
++}
++
++write_sourceslist()
++{
++    # $1 => path to the rootfs
++    # $2 => architecture we want to add
++    # $3 => whether to use the multi-arch syntax or not
++
++    case $2 in
++      amd64|i386)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++      *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++    esac
++    if [ -n "$3" ]; then
++        cat >> "$1/etc/apt/sources.list" << EOF
++deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
++deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
++deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
++EOF
++    else
++        cat >> "$1/etc/apt/sources.list" << EOF
++deb $MIRROR ${release} main restricted universe multiverse
++deb $MIRROR ${release}-updates main restricted universe multiverse
++deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
++EOF
++    fi
++}
++
++cleanup()
++{
++    rm -rf $cache/partial-$arch
++    rm -rf $cache/rootfs-$arch
++}
++
++suggest_flush()
++{
++    echo "Container upgrade failed.  The container cache may be out of date,"
++    echo "in which case flushing the case (see -F in the hep output) may help."
++}
++
++download_ubuntu()
++{
++    cache=$1
++    arch=$2
++    release=$3
++
++    packages=vim,ssh
++    echo "installing packages: $packages"
++
++    trap cleanup EXIT SIGHUP SIGINT SIGTERM
++    # check the mini ubuntu was not already downloaded
++    mkdir -p "$cache/partial-$arch"
++    if [ $? -ne 0 ]; then
++        echo "Failed to create '$cache/partial-$arch' directory"
++        return 1
++    fi
++
++    # download a mini ubuntu into a cache
++    echo "Downloading ubuntu $release minimal ..."
++    if [ -n "$(which qemu-debootstrap)" ]; then
++        qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
++    else
++        debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
++    fi
++
++    if [ $? -ne 0 ]; then
++        echo "Failed to download the rootfs, aborting."
++            return 1
++    fi
++
++    # Serge isn't sure whether we should avoid doing this when
++    # $release == `distro-info -d`
++    echo "Installing updates"
++    > $cache/partial-$arch/etc/apt/sources.list
++    write_sourceslist $cache/partial-$arch/ $arch
++
++    chroot "$1/partial-${arch}" apt-get update
++    if [ $? -ne 0 ]; then
++        echo "Failed to update the apt cache"
++        return 1
++    fi
++    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
++#!/bin/sh
++exit 101
++EOF
++    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y || { suggest_flush; false; }
++    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    chroot "$1/partial-${arch}" apt-get clean
++
++    mv "$1/partial-$arch" "$1/rootfs-$arch"
++    trap EXIT
++    trap SIGINT
++    trap SIGTERM
++    trap SIGHUP
++    echo "Download complete"
++    return 0
++}
++
++copy_ubuntu()
++{
++    cache=$1
++    arch=$2
++    rootfs=$3
++
++    # make a local copy of the miniubuntu
++    echo "Copying rootfs to $rootfs ..."
++    mkdir -p $rootfs
++    rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
++    return 0
++}
++
++install_ubuntu()
++{
++    rootfs=$1
++    release=$2
++    flushcache=$3
++    cache="/var/cache/lxc/$release"
++    mkdir -p /var/lock/subsys/
++
++    (
++        flock -x 200
++        if [ $? -ne 0 ]; then
++            echo "Cache repository is busy."
++            return 1
++        fi
++
++
++        if [ $flushcache -eq 1 ]; then
++            echo "Flushing cache..."
++            rm -rf "$cache/partial-$arch"
++            rm -rf "$cache/rootfs-$arch"
++        fi
++
++        echo "Checking cache download in $cache/rootfs-$arch ... "
++        if [ ! -e "$cache/rootfs-$arch" ]; then
++            download_ubuntu $cache $arch $release
++            if [ $? -ne 0 ]; then
++                echo "Failed to download 'ubuntu $release base'"
++                return 1
++            fi
++        fi
++
++        echo "Copy $cache/rootfs-$arch to $rootfs ... "
++        copy_ubuntu $cache $arch $rootfs
++        if [ $? -ne 0 ]; then
++            echo "Failed to copy rootfs"
++            return 1
++        fi
++
++        return 0
++
++    ) 200>/var/lock/subsys/lxc
++
++    return $?
++}
++
++copy_configuration()
++{
++    path=$1
++    rootfs=$2
++    name=$3
++    arch=$4
++    release=$5
++
++    if [ $arch = "i386" ]; then
++        arch="i686"
++    fi
++
++    ttydir=""
++    if [ -f $rootfs/etc/init/container-detect.conf ]; then
++        ttydir=" lxc"
++    fi
++
++    # if there is exactly one veth network entry, make sure it has an
++    # associated hwaddr.
++    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
++    if [ $nics -eq 1 ]; then
++        grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
++lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
++EOF
++    fi
++
++    grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
++    cat <<EOF >> $path/config
++lxc.utsname = $name
++
++lxc.devttydir =$ttydir
++lxc.tty = 4
++lxc.pts = 1024
++lxc.mount  = $path/fstab
++lxc.arch = $arch
++lxc.cap.drop = sys_module mac_admin mac_override
++lxc.pivotdir = lxc_putold
++
++# uncomment the next line to run the container unconfined:
++#lxc.aa_profile = unconfined
++
++lxc.cgroup.devices.deny = a
++# Allow any mknod (but not using the node)
++lxc.cgroup.devices.allow = c *:* m
++lxc.cgroup.devices.allow = b *:* m
++# /dev/null and zero
++lxc.cgroup.devices.allow = c 1:3 rwm
++lxc.cgroup.devices.allow = c 1:5 rwm
++# consoles
++lxc.cgroup.devices.allow = c 5:1 rwm
++lxc.cgroup.devices.allow = c 5:0 rwm
++#lxc.cgroup.devices.allow = c 4:0 rwm
++#lxc.cgroup.devices.allow = c 4:1 rwm
++# /dev/{,u}random
++lxc.cgroup.devices.allow = c 1:9 rwm
++lxc.cgroup.devices.allow = c 1:8 rwm
++lxc.cgroup.devices.allow = c 136:* rwm
++lxc.cgroup.devices.allow = c 5:2 rwm
++# rtc
++lxc.cgroup.devices.allow = c 254:0 rwm
++#fuse
++lxc.cgroup.devices.allow = c 10:229 rwm
++#tun
++lxc.cgroup.devices.allow = c 10:200 rwm
++#full
++lxc.cgroup.devices.allow = c 1:7 rwm
++#hpet
++lxc.cgroup.devices.allow = c 10:228 rwm
++#kvm
++lxc.cgroup.devices.allow = c 10:232 rwm
++EOF
++
++    cat <<EOF > $path/fstab
++proc            proc         proc    nodev,noexec,nosuid 0 0
++sysfs           sys          sysfs defaults  0 0
++EOF
++
++    if [ $? -ne 0 ]; then
++        echo "Failed to add configuration"
++        return 1
++    fi
++
++    return 0
++}
++
++trim()
++{
++    rootfs=$1
++    release=$2
++
++    # provide the lxc service
++    cat <<EOF > $rootfs/etc/init/lxc.conf
++# fake some events needed for correct startup other services
++
++description     "Container Upstart"
++
++start on startup
++
++script
++        rm -rf /var/run/*.pid
++        rm -rf /var/run/network/*
++        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
++        /sbin/initctl emit started JOB=udev --no-wait
++end script
++EOF
++
++    # fix buggus runlevel with sshd
++    cat <<EOF > $rootfs/etc/init/ssh.conf
++# ssh - OpenBSD Secure Shell server
++#
++# The OpenSSH server provides secure shell access to the system.
++
++description	"OpenSSH server"
++
++start on filesystem
++stop on runlevel [!2345]
++
++expect fork
++respawn
++respawn limit 10 5
++umask 022
++# replaces SSHD_OOM_ADJUST in /etc/default/ssh
++oom never
++
++pre-start script
++    test -x /usr/sbin/sshd || { stop; exit 0; }
++    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
++    test -c /dev/null || { stop; exit 0; }
++
++    mkdir -p -m0755 /var/run/sshd
++end script
++
++# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
++# 'exec' line here instead
++exec /usr/sbin/sshd
++EOF
++
++    cat <<EOF > $rootfs/etc/init/console.conf
++# console - getty
++#
++# This service maintains a console on tty1 from the point the system is
++# started until it is shut down again.
++
++start on stopped rc RUNLEVEL=[2345]
++stop on runlevel [!2345]
++
++respawn
++exec /sbin/getty -8 38400 /dev/console
++EOF
++
++    cat <<EOF > $rootfs/lib/init/fstab
++# /lib/init/fstab: cleared out for bare-bones lxc
++EOF
++
++    # reconfigure some services
++    if [ -z "$LANG" ]; then
++        chroot $rootfs locale-gen en_US.UTF-8
++        chroot $rootfs update-locale LANG=en_US.UTF-8
++    else
++        chroot $rootfs locale-gen $LANG
++        chroot $rootfs update-locale LANG=$LANG
++    fi
++
++    # remove pointless services in a container
++    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
++
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
++
++    # if this isn't lucid, then we need to twiddle the network upstart bits :(
++    if [ $release != "lucid" ]; then
++        sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
++    fi
++}
++
++post_process()
++{
++    rootfs=$1
++    release=$2
++    trim_container=$3
++
++    if [ $trim_container -eq 1 ]; then
++        trim $rootfs $release
++    elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
++        # Make sure we have a working resolv.conf
++        cresolvonf="${rootfs}/etc/resolv.conf"
++        mv $cresolvonf ${cresolvonf}.lxcbak
++        cat /etc/resolv.conf > ${cresolvonf}
++
++        # for lucid, if not trimming, then add the ubuntu-virt
++        # ppa and install lxcguest
++        if [ $release = "lucid" ]; then
++            chroot $rootfs apt-get update
++            chroot $rootfs apt-get install --force-yes -y python-software-properties
++            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
++        fi
++
++        chroot $rootfs apt-get update
++        chroot $rootfs apt-get install --force-yes -y lxcguest
++
++        # Restore old resolv.conf
++        rm -f ${cresolvonf}
++        mv ${cresolvonf}.lxcbak ${cresolvonf}
++    fi
++
++    # If the container isn't running a native architecture, setup multiarch
++    if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
++        dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
++        if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
++            chroot $rootfs dpkg --add-architecture ${hostarch}
++        else
++            mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
++            echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
++        fi
++
++        # Save existing value of MIRROR and SECURITY_MIRROR
++        DEFAULT_MIRROR=$MIRROR
++        DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
++
++        # Write a new sources.list containing both native and multiarch entries
++        > ${rootfs}/etc/apt/sources.list
++        write_sourceslist $rootfs $arch "native"
++
++        MIRROR=$DEFAULT_MIRROR
++        SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
++        write_sourceslist $rootfs $hostarch "multiarch"
++
++        # Finally update the lists and install upstart using the host architecture
++        chroot $rootfs apt-get update
++        chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
++    fi
++
++    # rmdir /dev/shm for containers that have /run/shm
++    # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
++    # get bind mounted to the host's /run/shm.  So try to rmdir
++    # it, and in case that fails move it out of the way.
++    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
++        mv $rootfs/dev/shm $rootfs/dev/shm.bak
++        ln -s /run/shm $rootfs/dev/shm
++    fi
++}
++
++do_bindhome()
++{
++    rootfs=$1
++    user=$2
++
++    # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
++    pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
++    echo $pwd >> $rootfs/etc/passwd
++
++    # make sure user's shell exists in the container
++    shell=`echo $pwd | cut -d: -f 7`
++    if [ ! -x $rootfs/$shell ]; then
++        echo "shell $shell for user $user was not found in the container."
++        pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
++        echo "Installing $pkg"
++        chroot $rootfs apt-get --force-yes -y install $pkg
++    fi
++
++    shad=`getent shadow $user`
++    echo "$shad" >> $rootfs/etc/shadow
++
++    # bind-mount the user's path into the container's /home
++    h=`getent passwd $user | cut -d: -f 6`
++    mkdir -p $rootfs/$h
++
++    # use relative path in container
++    h2=${h#/}
++    while [ ${h2:0:1} = "/" ]; do
++        h2=${h2#/}
++    done
++    echo "$h $h2 none bind 0 0" >> $path/fstab
++
++    # Make sure the group exists in container
++    grp=`echo $pwd | cut -d: -f 4`  # group number for $user
++    grpe=`getent group $grp` || return 0  # if host doesn't define grp, ignore in container
++    chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
++}
++
++usage()
++{
++    cat <<EOF
++$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
++   [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
++release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
++trim: make a minimal (faster, but not upgrade-safe) container
++bindhome: bind <user>'s home into the container
++          The ubuntu user will not be created, and <user> will have
++          sudo access.
++arch: the container architecture (e.g. amd64): defaults to host arch
++auth-key: SSH Public key file to inject into container
++EOF
++    return 0
++}
++
++options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
++if [ $? -ne 0 ]; then
++    usage $(basename $0)
++    exit 1
++fi
++eval set -- "$options"
++
++release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
++if [ -f /etc/lsb-release ]; then
++    . /etc/lsb-release
++    if [ "$DISTRIB_ID" = "Ubuntu" ]; then
++        release=$DISTRIB_CODENAME
++    fi
++fi
++
++bindhome=
++arch=$(arch)
++
++# Code taken from debootstrap
++if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/dpkg --print-architecture`
++elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/udpkg --print-architecture`
++else
++    arch=$(arch)
++    if [ "$arch" = "i686" ]; then
++        arch="i386"
++    elif [ "$arch" = "x86_64" ]; then
++        arch="amd64"
++    elif [ "$arch" = "armv7l" ]; then
++        arch="armel"
++    fi
++fi
++
++debug=0
++trim_container=0
++hostarch=$arch
++flushcache=0
++while true
++do
++    case "$1" in
++    -h|--help)      usage $0 && exit 0;;
++    -p|--path)      path=$2; shift 2;;
++    -n|--name)      name=$2; shift 2;;
++    -F|--flush-cache) flushcache=1; shift 1;;
++    -r|--release)   release=$2; shift 2;;
++    -b|--bindhome)  bindhome=$2; shift 2;;
++    -a|--arch)      arch=$2; shift 2;;
++    -x|--trim)      trim_container=1; shift 1;;
++    -S|--auth-key)  auth_key=$2; shift 2;;
++    -d|--debug)     debug=1; shift 1;;
++    --)             shift 1; break ;;
++        *)              break ;;
++    esac
++done
++
++if [ $debug -eq 1 ]; then
++    set -x
++fi
++
++if [ -n "$bindhome" ]; then
++    pwd=`getent passwd $bindhome`
++    if [ $? -ne 0 ]; then
++        echo "Error: no password entry found for $bindhome"
++        exit 1
++    fi
++fi
++
++
++if [ "$arch" == "i686" ]; then
++    arch=i386
++fi
++
++if [ $hostarch = "i386" -a $arch = "amd64" ]; then
++    echo "can't create amd64 container on i386"
++    exit 1
++fi
++
++type debootstrap
++if [ $? -ne 0 ]; then
++    echo "'debootstrap' command is missing"
++    exit 1
++fi
++
++if [ -z "$path" ]; then
++    echo "'path' parameter is required"
++    exit 1
++fi
++
++if [ "$(id -u)" != "0" ]; then
++    echo "This script should be run as 'root'"
++    exit 1
++fi
++
++# detect rootfs
++config="$path/config"
++if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
++    rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
++else
++    rootfs=$path/rootfs
++fi
++
++install_ubuntu $rootfs $release $flushcache
++if [ $? -ne 0 ]; then
++    echo "failed to install ubuntu $release"
++    exit 1
++fi
++
++configure_ubuntu $rootfs $name $release
++if [ $? -ne 0 ]; then
++    echo "failed to configure ubuntu $release for a container"
++    exit 1
++fi
++
++copy_configuration $path $rootfs $name $arch $release
++if [ $? -ne 0 ]; then
++    echo "failed write configuration file"
++    exit 1
++fi
++
++post_process $rootfs $release $trim_container
++
++if [ -n "$bindhome" ]; then
++    do_bindhome $rootfs $bindhome
++    finalize_user $bindhome
++else
++    finalize_user ubuntu
++fi
++
++echo ""
++echo "##"
++if [ -n "$bindhome" ]; then
++	echo "# Log in as user $bindhome"
++else
++	echo "# The default user is 'ubuntu' with password 'ubuntu'!"
++	echo "# Use the 'sudo' command to run tasks as root in the container."
++fi
++echo "##"
++echo ""
 === added file 'debian/patches/0224-ubuntu-templates-devtmpfs'
 --- debian/patches/0224-ubuntu-templates-devtmpfs	1970-01-01 00:00:00 +0000
 +++ debian/patches/0224-ubuntu-templates-devtmpfs	2012-10-15 15:25:24 +0000
@@ -0,0 +1,30 @@
++Description: templates: mount devtmpfs in ubuntu containers
++ That way /dev/disk/ exists.
++Author: Serge Hallyn <serge.hallyn@ubuntu.com>
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1060404
++Forwarded: yes
++
++Index: lxc/templates/lxc-ubuntu-cloud.in
++===================================================================
++--- lxc.orig/templates/lxc-ubuntu-cloud.in	2012-10-04 11:59:00.784184000 -0500
+++++ lxc/templates/lxc-ubuntu-cloud.in	2012-10-04 12:02:27.983278932 -0500
++@@ -94,6 +94,7 @@
++     cat <<EOF > $path/fstab
++ proc            proc         proc    nodev,noexec,nosuid 0 0
++ sysfs           sys          sysfs defaults  0 0
+++devtmpfs        dev          devtmpfs defaults 0 0
++ EOF
++
++     # rmdir /dev/shm for containers that have /run/shm
++Index: lxc/templates/lxc-ubuntu.in
++===================================================================
++--- lxc.orig/templates/lxc-ubuntu.in	2012-10-04 11:59:00.784184000 -0500
+++++ lxc/templates/lxc-ubuntu.in	2012-10-04 12:02:21.439278789 -0500
++@@ -353,6 +353,7 @@
++     cat <<EOF > $path/fstab
++ proc            proc         proc    nodev,noexec,nosuid 0 0
++ sysfs           sys          sysfs defaults  0 0
+++devtmpfs        dev          devtmpfs defaults 0 0
++ EOF
++
++     if [ $? -ne 0 ]; then
 === renamed file 'debian/patches/0224-ubuntu-templates-devtmpfs' => 'debian/patches/0224-ubuntu-templates-devtmpfs.moved'

Ubuntulxc package