# Contributor: Ɓukasz Jendrysik <scadu@yandex.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=lxc
pkgver=3.2.1
_pkgver=${pkgver/_rc/.rc}
pkgrel=2
pkgdesc="Userspace interface for the Linux kernel containment features"
url="https://linuxcontainers.org/lxc/"
arch="all"
license="GPL-2.0-only"
makedepends="
	libcap-dev
	libcap-static
	libseccomp-dev
	linux-pam-dev
	linux-headers
	bsd-compat-headers
	docbook2x

	automake
	autoconf
	libtool
	"

options="suid"
subpackages="
	$pkgname-dev
	$pkgname-doc
	$pkgname-openrc
	$pkgname-lvm::noarch
	$pkgname-libs
	$pkgname-bridge::noarch
	$pkgname-bash-completion:bashcomp:noarch
	$pkgname-pam
	$pkgname-download:_download:noarch
	$pkgname-templates-oci:templates_oci:noarch
	$pkgname-templates::noarch
	"

source="https://linuxcontainers.org/downloads/lxc/lxc-$_pkgver.tar.gz
	cgroups-initialize-cpuset-properly.patch
	network-restore-ability-to-move-nl80211-devices.patch
	execute-attach-user-group.patch
	attach-returncode.patch
	lxc.initd
	lxc.confd
	"

# secfixes:
#   3.1.0-r1:
#   - CVE-2019-5736
#   2.1.1-r9:
#   - CVE-2018-6556
#

_tmpldir="usr/share/lxc/templates"

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--localstatedir=/var \
		--disable-apparmor \
		--enable-pam \
		--with-distro=alpine \
		--disable-werror \
		--enable-doc
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install

	install -Dm755 "$srcdir"/lxc.initd "$pkgdir"/etc/init.d/lxc
	install -Dm644 "$srcdir"/lxc.confd "$pkgdir"/etc/conf.d/lxc
	install -d "$pkgdir"/var/lib/lxc

	# Remove useless config for SysVinit.
	rm -r "$pkgdir"/etc/default
}

lvm() {
	pkgdesc="LVM support for LXC"
	depends="$pkgname=$pkgver-r$pkgrel lvm2 util-linux"
	install_if="$pkgname=$pkgver-r$pkgrel lvm2"
	mkdir "$subpkgdir"
}

_py3() {
	pkgdesc="Python3 module for LXC"
	depends="python3"
	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/python3.* "$subpkgdir"/usr/lib
}

_download() {
	pkgdesc="LXC container image downloader template"
	depends="$pkgname gnupg1 tar wget"

	mkdir -p "$subpkgdir"/$_tmpldir
	mv "$pkgdir"/$_tmpldir/lxc-download "$subpkgdir"/$_tmpldir/
}

templates() {
	pkgdesc="Templates for LXC (except alpine and download)"
	depends="tar"
	mkdir -p "$subpkgdir"/$_tmpldir
	mv "$pkgdir"/$_tmpldir/* "$subpkgdir"/$_tmpldir/
}

templates_oci() {
	pkgdesc="OCI Template for LXC"
	depends="bash jq"
	mkdir -p "$subpkgdir"/usr/share/lxc/templates
	mv "$pkgdir"/usr/share/lxc/templates/lxc-oci \
		"$subpkgdir"/usr/share/lxc/templates/
}

pam() {
	pkgdesc="PAM module for LXC"
	mkdir -p "$subpkgdir"/lib/security
	mv "$pkgdir"/lib/security/pam_cgfs.so "$subpkgdir"/lib/security/
}

dev() {
	default_dev
	# fix abuild smartness
	mv "$subpkgdir"/usr/bin/lxc-config "$pkgdir"/usr/bin/
	mv "$subpkgdir"/usr/bin/lxc-update-config "$pkgdir"/usr/bin/
}

bridge() {
	depends="dnsmasq"
	pkgdesc="Bridge interface for LXC with dhcp"
	mkdir -p "$subpkgdir"/etc/conf.d \
		"$subpkgdir"/etc/init.d \
		"$subpkgdir"/etc/lxc

	ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.lxcbr0
	cat >>"$subpkgdir"/etc/conf.d/dnsmasq.lxcbr0 <<- EOF
		rc_before="lxc"
		BRIDGE_ADDR="10.0.3.1"
		BRIDGE_NETMASK="255.255.255.0"
		BRIDGE_NETWORK="10.0.3.0/24"
		BRIDGE_DHCP_RANGE="10.0.3.2,10.0.3.254"
		BRIDGE_DHCP_MAX="253"
		BRIDGE_MAC="00:16:3e:00:00:00"
		DNSMASQ_CONFFILE="/etc/lxc/dnsmasq.conf"
	EOF
	cat >>"$subpkgdir"/etc/lxc/dnsmasq.conf <<- EOF
		#dhcp-host=somehost,10.0.3.3
		#dhcp-host=otherhost,10.0.3.4
	EOF
}

bashcomp() {
	depends=""
	pkgdesc="Bash completions for $pkgname"
	install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
	mkdir -p "$subpkgdir"/usr/share/bash-completion/completions
	mv "$pkgdir"/etc/bash_completion.d/$pkgname "$subpkgdir"/usr/share/bash-completion/completions
	rmdir "$pkgdir"/etc/bash_completion.d
}

sha512sums="4b3046fc6c4aa497fb26bd45839e60de503184af86d3966e796d14e619203536b9a9ed67bdcd8a108cf1a548f8d095fb46dff53094a08abd8d268c866db685c0  lxc-3.2.1.tar.gz
2bebe6cc24987354b6e7dc9003c3a4df450ca10263e6dc0e9313977fdfc2eb57c0d68560da4d1071c8de2f8e3e394ed3ca17af445bea524daa5f8ae8955b3ba6  cgroups-initialize-cpuset-properly.patch
d302b7296918680901d034dc12ae0687dbbc65766800a9f7256e661f638d3dcad66bcc737aec2c6de8c27d3b9c08833e00420c2064f356d6d73efda9ae9bd707  network-restore-ability-to-move-nl80211-devices.patch
a26cd718760e73309a686242b03c5de5ceff17ab9c348438cd19d2d875696e5c788f0e04d66dd01e08449754c14ce2b7cc1dfc1bac2a64429ccf4462f8aa93a5  execute-attach-user-group.patch
565b7c1774b19f66cc3435557325b75c85203bae4e53db1677580f4b93c4fb2db7f9bd9dd02b956b18bc2730b8645984e790f27162510d642ce7647df21febc0  attach-returncode.patch
b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f  lxc.initd
91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467  lxc.confd"