Line 0
Link Here
|
|
|
1 |
# Copyright 1999-2018 Gentoo Foundation |
2 |
# Distributed under the terms of the GNU General Public License v2 |
3 |
|
4 |
EAPI=6 |
5 |
|
6 |
PYTHON_COMPAT=( python3_{4,5,6} ) |
7 |
DISTUTILS_OPTIONAL=1 |
8 |
|
9 |
inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd readme.gentoo-r1 |
10 |
DESCRIPTION="LinuX Containers userspace utilities" |
11 |
HOMEPAGE="https://linuxcontainers.org/" |
12 |
SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz" |
13 |
|
14 |
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" |
15 |
|
16 |
LICENSE="LGPL-3" |
17 |
SLOT="0" |
18 |
IUSE="cgmanager examples lua python seccomp selinux" |
19 |
|
20 |
RDEPEND=" |
21 |
net-libs/gnutls |
22 |
sys-libs/libcap |
23 |
cgmanager? ( app-admin/cgmanager ) |
24 |
lua? ( >=dev-lang/lua-5.1:= ) |
25 |
python? ( ${PYTHON_DEPS} ) |
26 |
seccomp? ( sys-libs/libseccomp ) |
27 |
selinux? ( sys-libs/libselinux )" |
28 |
|
29 |
DEPEND="${RDEPEND} |
30 |
app-text/docbook-sgml-utils |
31 |
>=sys-kernel/linux-headers-3.2" |
32 |
|
33 |
RDEPEND="${RDEPEND} |
34 |
sys-apps/util-linux |
35 |
app-misc/pax-utils |
36 |
virtual/awk" |
37 |
|
38 |
CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE |
39 |
~CPUSETS ~CGROUP_CPUACCT |
40 |
~CGROUP_SCHED |
41 |
|
42 |
~NAMESPACES |
43 |
~IPC_NS ~USER_NS ~PID_NS |
44 |
|
45 |
~NETLINK_DIAG ~PACKET_DIAG |
46 |
~INET_UDP_DIAG ~INET_TCP_DIAG |
47 |
~UNIX_DIAG ~CHECKPOINT_RESTORE |
48 |
|
49 |
~CGROUP_FREEZER |
50 |
~UTS_NS ~NET_NS |
51 |
~VETH ~MACVLAN |
52 |
|
53 |
~POSIX_MQUEUE |
54 |
~!NETPRIO_CGROUP |
55 |
|
56 |
~!GRKERNSEC_CHROOT_MOUNT |
57 |
~!GRKERNSEC_CHROOT_DOUBLE |
58 |
~!GRKERNSEC_CHROOT_PIVOT |
59 |
~!GRKERNSEC_CHROOT_CHMOD |
60 |
~!GRKERNSEC_CHROOT_CAPS |
61 |
~!GRKERNSEC_PROC |
62 |
~!GRKERNSEC_SYSFS_RESTRICT |
63 |
" |
64 |
|
65 |
ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container" |
66 |
|
67 |
ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers" |
68 |
|
69 |
ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info" |
70 |
ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network" |
71 |
|
72 |
ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking" |
73 |
ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking" |
74 |
|
75 |
ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG: needed for lxc-checkpoint" |
76 |
ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG: needed for lxc-checkpoint" |
77 |
ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG: needed for lxc-checkpoint" |
78 |
ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG: needed for lxc-checkpoint" |
79 |
ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG: needed for lxc-checkpoint" |
80 |
ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE: needed for lxc-checkpoint" |
81 |
|
82 |
ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command" |
83 |
|
84 |
ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP: as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting." |
85 |
|
86 |
ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT: some GRSEC features make LXC unusable see postinst notes" |
87 |
ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC features make LXC unusable see postinst notes" |
88 |
ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes" |
89 |
ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes" |
90 |
ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes" |
91 |
ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers" |
92 |
ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers" |
93 |
|
94 |
DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt) |
95 |
|
96 |
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
97 |
|
98 |
pkg_setup() { |
99 |
kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES" |
100 |
linux-info_pkg_setup |
101 |
} |
102 |
|
103 |
src_prepare() { |
104 |
eapply "${FILESDIR}"/${PN}-2.0.6-bash-completion.patch |
105 |
#558854 |
106 |
eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch |
107 |
eapply "${FILESDIR}"/${PN}-2.1.1-fix-cgroup2-detection.patch |
108 |
eapply "${FILESDIR}"/${PN}-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch |
109 |
eapply "${FILESDIR}"/${PN}-2.1.1-cve-2018-6556.patch |
110 |
eapply_user |
111 |
eautoreconf |
112 |
} |
113 |
|
114 |
src_configure() { |
115 |
append-flags -fno-strict-aliasing |
116 |
|
117 |
if use python; then |
118 |
#541932 |
119 |
python_setup "python3*" |
120 |
export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}" |
121 |
fi |
122 |
|
123 |
# I am not sure about the --with-rootfs-path |
124 |
# /var/lib/lxc is probably more appropriate than |
125 |
# /usr/lib/lxc. |
126 |
# Note by holgersson: Why is apparmor disabled? |
127 |
|
128 |
# --enable-doc is for manpages which is why we don't link it to a "doc" |
129 |
# USE flag. We always want man pages. |
130 |
econf \ |
131 |
--localstatedir=/var \ |
132 |
--bindir=/usr/bin \ |
133 |
--sbindir=/usr/bin \ |
134 |
--with-config-path=/var/lib/lxc \ |
135 |
--with-rootfs-path=/var/lib/lxc/rootfs \ |
136 |
--with-distro=gentoo \ |
137 |
--with-runtime-path=/run \ |
138 |
--disable-apparmor \ |
139 |
--disable-werror \ |
140 |
--enable-doc \ |
141 |
$(use_enable cgmanager) \ |
142 |
$(use_enable examples) \ |
143 |
$(use_enable lua) \ |
144 |
$(use_enable python) \ |
145 |
$(use_enable seccomp) \ |
146 |
$(use_enable selinux) |
147 |
} |
148 |
|
149 |
python_compile() { |
150 |
distutils-r1_python_compile build_ext -I.. -L../lxc/.libs --no-pkg-config |
151 |
} |
152 |
|
153 |
src_compile() { |
154 |
default |
155 |
|
156 |
if use python; then |
157 |
pushd "${S}/src/python-${PN}" > /dev/null |
158 |
distutils-r1_src_compile |
159 |
popd > /dev/null |
160 |
fi |
161 |
} |
162 |
|
163 |
src_install() { |
164 |
default |
165 |
|
166 |
mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die |
167 |
# start-ephemeral is no longer a command but removing it here |
168 |
# generates QA warnings (still in upstream completion script) |
169 |
bashcomp_alias ${PN}-start \ |
170 |
${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait} |
171 |
|
172 |
if use python; then |
173 |
pushd "${S}/src/python-lxc" > /dev/null |
174 |
# Unset DOCS. This has been handled by the default target |
175 |
unset DOCS |
176 |
distutils-r1_src_install |
177 |
popd > /dev/null |
178 |
fi |
179 |
|
180 |
keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc |
181 |
|
182 |
find "${D}" -name '*.la' -delete |
183 |
|
184 |
# Gentoo-specific additions! |
185 |
newinitd "${FILESDIR}/${PN}.initd.7" ${PN} |
186 |
|
187 |
# Remember to compare our systemd unit file with the upstream one |
188 |
# config/init/systemd/lxc.service.in |
189 |
systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service" |
190 |
|
191 |
DOC_CONTENTS=" |
192 |
Starting from version ${PN}-1.1.0-r3, the default lxc path has been |
193 |
moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc |
194 |
please add the following to your /etc/lxc/lxc.conf |
195 |
|
196 |
lxc.lxcpath = /etc/lxc |
197 |
|
198 |
For openrc, there is an init script provided with the package. |
199 |
You _should_ only need to symlink /etc/init.d/lxc to |
200 |
/etc/init.d/lxc.configname to start the container defined in |
201 |
/etc/lxc/configname.conf. |
202 |
|
203 |
Correspondingly, for systemd a service file lxc@.service is installed. |
204 |
Enable and start lxc@configname in order to start the container defined |
205 |
in /etc/lxc/configname.conf. |
206 |
|
207 |
If you want checkpoint/restore functionality, please install criu |
208 |
(sys-process/criu)." |
209 |
DISABLE_AUTOFORMATTING=true |
210 |
readme.gentoo_create_doc |
211 |
} |
212 |
|
213 |
pkg_postinst() { |
214 |
readme.gentoo_print_elog |
215 |
} |