[crux-commits] ports/contrib (3.5): lxc: 3.2.1 -> 4.0.2

crux at crux.nu crux at crux.nu
Mon Jun 1 13:23:11 UTC 2020


commit 99800a354b1e1fbef05ee34696d0f0bb063a0888
Author: Tim Biermann <tbier at posteo.de>
Date:   Mon Jun 1 13:17:14 2020 +0000

    lxc: 3.2.1 -> 4.0.2

diff --git a/lxc/.footprint b/lxc/.footprint
old mode 100755
new mode 100644
index bdcfdc893..3c156c940
--- a/lxc/.footprint
+++ b/lxc/.footprint
@@ -49,8 +49,8 @@ drwxr-xr-x	root/root	usr/lib/
 -rw-r--r--	root/root	usr/lib/liblxc.a
 -rwxr-xr-x	root/root	usr/lib/liblxc.la
 lrwxrwxrwx	root/root	usr/lib/liblxc.so -> liblxc.so.1
-lrwxrwxrwx	root/root	usr/lib/liblxc.so.1 -> liblxc.so.1.6.0
--rwxr-xr-x	root/root	usr/lib/liblxc.so.1.6.0
+lrwxrwxrwx	root/root	usr/lib/liblxc.so.1 -> liblxc.so.1.7.0
+-rwxr-xr-x	root/root	usr/lib/liblxc.so.1.7.0
 drwxr-xr-x	root/root	usr/lib/lxc/
 drwxr-xr-x	root/root	usr/lib/lxc/hooks/
 -rwxr-xr-x	root/root	usr/lib/lxc/hooks/unmount-namespace
@@ -99,9 +99,9 @@ drwxr-xr-x	root/root	usr/share/man/man1/
 -rw-r--r--	root/root	usr/share/man/man1/lxc-cgroup.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-checkconfig.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-checkpoint.1.gz
--rw-r--r--	root/root	usr/share/man/man1/lxc-clone.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-config.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-console.1.gz
+-rw-r--r--	root/root	usr/share/man/man1/lxc-copy.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-create.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-destroy.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-device.1.gz
@@ -111,12 +111,12 @@ drwxr-xr-x	root/root	usr/share/man/man1/
 -rw-r--r--	root/root	usr/share/man/man1/lxc-ls.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-monitor.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-snapshot.1.gz
--rw-r--r--	root/root	usr/share/man/man1/lxc-start-ephemeral.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-start.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-stop.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-top.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-unfreeze.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-unshare.1.gz
+-rw-r--r--	root/root	usr/share/man/man1/lxc-update-config.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-user-nic.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-usernsexec.1.gz
 -rw-r--r--	root/root	usr/share/man/man1/lxc-wait.1.gz
diff --git a/lxc/.signature b/lxc/.signature
index e63b0cb9c..c221c75be 100644
--- a/lxc/.signature
+++ b/lxc/.signature
@@ -1,9 +1,9 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF32YPWV8VCQ8eU8iHiVsBws5LIbE0Qrtv707K47A/MuEY7xcGtGSdN3bXcHo6KJg5g+SVNteVov9lGYzv5jj9TQc=
-SHA256 (Pkgfile) = 54c1895e84fb203b10441f88ac3d857fbc438dbced5abbce8781d790aed0c47e
-SHA256 (.footprint) = 609a2aa78593b12a664aec16e0653d6a796c4fc80c00277735b10113db7e9319
-SHA256 (lxc-3.2.1.tar.gz) = 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4
-SHA256 (man-pages.tar.xz) = 9c78897c8057cf8be5873382d6d03bf54fb3e032279126560552166c0ea7481a
+RWSagIOpLGJF39swBC4Sh9YID5lmUy86k6POxXmzTvc12HMEnHCpm807pOaAcAhh0j20eptCZSx2hfw8anp0r0v/7xl1ZgDgTw4=
+SHA256 (Pkgfile) = 0a908418500caf00597af8560e8929b8eafeeff7d5ebaec63643227e359720ae
+SHA256 (.footprint) = 9fe6acac2fae505a8d46a745ee9b6c7ce5bd51e92d747392e86443553695d19c
+SHA256 (lxc-4.0.2.tar.gz) = ca336dcdf303fea5ff231d89a9b6278b061c4cffb14f0db0a71a15bdd95a5cb0
+SHA256 (man-pages.tar.xz) = 28e6602414149ca4cc1afbabb203afe12b2e694436b23d7a2501a2b6a868e473
 SHA256 (default.conf) = 6739fe54ffe7924a63fd47d8ff4b453e08b78bbd1b08e4426504b8f740e8b55f
 SHA256 (lxc-usernet) = 83c30e9489fffd7bf815e312860e2c9b3022a0f422570d35a19eb021b433fe0f
 SHA256 (lxc-users-setup) = 995f72d2284334ab84790951cfbf91d9b7016f4a93a3c51d774dea0e04e8000b
diff --git a/lxc/Pkgfile b/lxc/Pkgfile
index 2e44a9f80..5f90a589f 100644
--- a/lxc/Pkgfile
+++ b/lxc/Pkgfile
@@ -1,20 +1,22 @@
 # Description: container namespace cgroup virtualisation for linux guests
 # URL: https://linuxcontainers.org/lxc
-# Maintainer: Thomas Penteker, tek at serverop dot de
+# Maintainer: Tim Biermann, tbier at posteo dot de
+# Packager: ryuo, James Buren
+# Packager: Thomas Penteker, tek at serverop dot de
 # Depends: libseccomp
 # Optional: gnupg dnsmasq
 
 name=lxc
-version=3.2.1
+version=4.0.2
 release=1
 source=(https://linuxcontainers.org/downloads/$name/$name-$version.tar.gz
-        man-pages.tar.xz
-        default.conf
-        lxc-usernet
-        lxc-users-setup
-        lxc-users
-        lxc-cgroups
-        lxc-net)
+  man-pages.tar.xz
+  default.conf
+  lxc-usernet
+  lxc-users-setup
+  lxc-users
+  lxc-cgroups
+  lxc-net)
 
 build() {
   cd $name-$version
diff --git a/lxc/README b/lxc/README
new file mode 100644
index 000000000..a9e191232
--- /dev/null
+++ b/lxc/README
@@ -0,0 +1,93 @@
+First, your kernel needs to be configured correctly to be able to use LXC.
+Enable the following options in your kernel config:
+CONFIG_NAMESPACES
+CONFIG_UTS_NS
+CONFIG_IPC_NS
+CONFIG_PID_NS
+CONFIG_USER_NS
+CONFIG_NET_NS
+CONFIG_CGROUPS
+CONFIG_CGROUP_NS
+CONFIG_CGROUP_DEVICE
+CONFIG_CGROUP_SCHED
+CONFIG_CGROUP_CPUACCT
+CONFIG_CGROUP_FREEZER
+CONFIG_CGROUP_RDMA
+CONFIG_CGROUP_PIDS
+CONFIG_BLK_CGROUP
+CONFIG_MEMCG
+CONFIG_MEMCG_SWAP
+CONFIG_CPUSETS
+CONFIG_VETH
+CONFIG_BRIDGE
+CONFIG_MACVLAN
+CONFIG_VLAN_8021Q
+CONFIG_NETFILTER_ADVANCED
+CONFIG_NF_NAT_IPV4
+CONFIG_NF_NAT_IPV6
+CONFIG_IP_NF_TARGET_MASQUERADE
+CONFIG_IP6_NF_TARGET_MASQUERADE
+CONFIG_NETFILTER_XT_TARGET_CHECKSUM
+CONFIG_NETFILTER_XT_MATCH_COMMENT
+CONFIG_FUSE_FS
+CONFIG_CHECKPOINT_RESTORE
+CONFIG_FHANDLE
+CONFIG_EVENTFD
+CONFIG_EPOLL
+CONFIG_UNIX_DIAG
+CONFIG_INET_DIAG
+CONFIG_PACKET_DIAG
+CONFIG_NETLINK_DIAG
+
+Second, you need to edit /etc/lxc/default.conf to suite your desired
+container setup. The default network configuration is designed to use
+the default LXC managed bridge which relies on NAT to provide access
+to any external networks. Be sure to modify this if you wish to do
+something different. Also, if unprivileged containers are desired,
+then be sure to uncomment the uidmap configuration.
+
+Third, you need to edit /etc/rc.conf to enable any desired LXC services.
+First, the lxc-cgroups service needs to be enabled and placed before any
+other LXC services for LXC to function correctly. Next, the lxc-net
+service should be enabled and placed before lxc if you are wanting LXC to
+manage your container networking. Last, the lxc service should be enabled
+and placed after any other LXC services if you are wanting LXC to manage
+the startup of your containers.
+
+Fourth, if you are wanting to allow unprivileged users to use LXC containers,
+then you will need to do some setup. First, be sure that you have enabled LXC
+unprivileged containers as is documented above. Second, you need to edit
+/etc/lxc/lxc-usernet and add any users that you wish to have access to LXC
+unprivileged containers. The comments in the file will show how to do this.
+Third, you need to run the following command to setup each user, which will
+create the subuids, create the subgids, setup their BASH profile for LXC,
+and create their initial LXC configuration file: lxc-users-setup
+Please note that you will also need to reboot or restart the lxc-cgroups
+service for the new user cgroups to be available for use. Last, if you are
+wanting LXC to manage the startup of your user containers, be sure to place
+the lxc-users service after lxc in the /etc/rc.conf file.
+
+Fifth, you need to add the following line to /etc/pam.d/common-session:
+session   optional    pam_cgfs.so -c all
+
+Now you are ready to start using LXC. See below for some examples of basic
+usage of LXC.
+
+You can create a container using lxc-create:
+lxc-create -t download -- alpine -d alpine -r 3.8 -a amd64
+
+You can start this container using lxc-start:
+lxc-start -n alpine
+
+You can get a shell in this container using lxc-attach:
+lxc-attach -n alpine
+
+You can run arbitrary commands in this container using lxc-attach:
+lxc-attach -n alpine -- echo Hello World!
+
+You can stop this container using lxc-stop:
+lxc-stop -n alpine
+
+You can start LXC containers at boot by adding this line to your
+container configuration:
+lxc.start.auto = 1
diff --git a/lxc/man-pages.tar.xz b/lxc/man-pages.tar.xz
index bdfe9fab0..14eaf4158 100644
Binary files a/lxc/man-pages.tar.xz and b/lxc/man-pages.tar.xz differ
diff --git a/lxc/post-install b/lxc/post-install
new file mode 100644
index 000000000..039c46787
--- /dev/null
+++ b/lxc/post-install
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# Setup user mapping for unprivileged containers
+test -f '/etc/subuid' || touch '/etc/subuid'
+/usr/sbin/usermod -v 100000-165535 root
+
+# Setup group mapping for unprivileged containers
+test -f '/etc/subgid' || touch '/etc/subgid'
+/usr/sbin/usermod -w 100000-165535 root


More information about the crux-commits mailing list