# Contributor: Ćukasz Jendrysik <scadu@yandex.com> # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=lxc pkgver=3.2.1 _pkgver=${pkgver/_rc/.rc} pkgrel=2 pkgdesc="Userspace interface for the Linux kernel containment features" url="https://linuxcontainers.org/lxc/" arch="all" license="GPL-2.0-only" makedepends=" libcap-dev libcap-static libseccomp-dev linux-pam-dev linux-headers bsd-compat-headers docbook2x automake autoconf libtool " options="suid" subpackages=" $pkgname-dev $pkgname-doc $pkgname-openrc $pkgname-lvm::noarch $pkgname-libs $pkgname-bridge::noarch $pkgname-bash-completion:bashcomp:noarch $pkgname-pam $pkgname-download:_download:noarch $pkgname-templates-oci:templates_oci:noarch $pkgname-templates::noarch " source="https://linuxcontainers.org/downloads/lxc/lxc-$_pkgver.tar.gz cgroups-initialize-cpuset-properly.patch network-restore-ability-to-move-nl80211-devices.patch execute-attach-user-group.patch attach-returncode.patch lxc.initd lxc.confd " # secfixes: # 3.1.0-r1: # - CVE-2019-5736 # 2.1.1-r9: # - CVE-2018-6556 # _tmpldir="usr/share/lxc/templates" build() { ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --disable-apparmor \ --enable-pam \ --with-distro=alpine \ --disable-werror \ --enable-doc make } check() { make check } package() { make DESTDIR="$pkgdir" install install -Dm755 "$srcdir"/lxc.initd "$pkgdir"/etc/init.d/lxc install -Dm644 "$srcdir"/lxc.confd "$pkgdir"/etc/conf.d/lxc install -d "$pkgdir"/var/lib/lxc # Remove useless config for SysVinit. rm -r "$pkgdir"/etc/default } lvm() { pkgdesc="LVM support for LXC" depends="$pkgname=$pkgver-r$pkgrel lvm2 util-linux" install_if="$pkgname=$pkgver-r$pkgrel lvm2" mkdir "$subpkgdir" } _py3() { pkgdesc="Python3 module for LXC" depends="python3" mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/python3.* "$subpkgdir"/usr/lib } _download() { pkgdesc="LXC container image downloader template" depends="$pkgname gnupg1 tar wget" mkdir -p "$subpkgdir"/$_tmpldir mv "$pkgdir"/$_tmpldir/lxc-download "$subpkgdir"/$_tmpldir/ } templates() { pkgdesc="Templates for LXC (except alpine and download)" depends="tar" mkdir -p "$subpkgdir"/$_tmpldir mv "$pkgdir"/$_tmpldir/* "$subpkgdir"/$_tmpldir/ } templates_oci() { pkgdesc="OCI Template for LXC" depends="bash jq" mkdir -p "$subpkgdir"/usr/share/lxc/templates mv "$pkgdir"/usr/share/lxc/templates/lxc-oci \ "$subpkgdir"/usr/share/lxc/templates/ } pam() { pkgdesc="PAM module for LXC" mkdir -p "$subpkgdir"/lib/security mv "$pkgdir"/lib/security/pam_cgfs.so "$subpkgdir"/lib/security/ } dev() { default_dev # fix abuild smartness mv "$subpkgdir"/usr/bin/lxc-config "$pkgdir"/usr/bin/ mv "$subpkgdir"/usr/bin/lxc-update-config "$pkgdir"/usr/bin/ } bridge() { depends="dnsmasq" pkgdesc="Bridge interface for LXC with dhcp" mkdir -p "$subpkgdir"/etc/conf.d \ "$subpkgdir"/etc/init.d \ "$subpkgdir"/etc/lxc ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.lxcbr0 cat >>"$subpkgdir"/etc/conf.d/dnsmasq.lxcbr0 <<- EOF rc_before="lxc" BRIDGE_ADDR="10.0.3.1" BRIDGE_NETMASK="255.255.255.0" BRIDGE_NETWORK="10.0.3.0/24" BRIDGE_DHCP_RANGE="10.0.3.2,10.0.3.254" BRIDGE_DHCP_MAX="253" BRIDGE_MAC="00:16:3e:00:00:00" DNSMASQ_CONFFILE="/etc/lxc/dnsmasq.conf" EOF cat >>"$subpkgdir"/etc/lxc/dnsmasq.conf <<- EOF #dhcp-host=somehost,10.0.3.3 #dhcp-host=otherhost,10.0.3.4 EOF } bashcomp() { depends="" pkgdesc="Bash completions for $pkgname" install_if="$pkgname=$pkgver-r$pkgrel bash-completion" mkdir -p "$subpkgdir"/usr/share/bash-completion/completions mv "$pkgdir"/etc/bash_completion.d/$pkgname "$subpkgdir"/usr/share/bash-completion/completions rmdir "$pkgdir"/etc/bash_completion.d } sha512sums="4b3046fc6c4aa497fb26bd45839e60de503184af86d3966e796d14e619203536b9a9ed67bdcd8a108cf1a548f8d095fb46dff53094a08abd8d268c866db685c0 lxc-3.2.1.tar.gz 2bebe6cc24987354b6e7dc9003c3a4df450ca10263e6dc0e9313977fdfc2eb57c0d68560da4d1071c8de2f8e3e394ed3ca17af445bea524daa5f8ae8955b3ba6 cgroups-initialize-cpuset-properly.patch d302b7296918680901d034dc12ae0687dbbc65766800a9f7256e661f638d3dcad66bcc737aec2c6de8c27d3b9c08833e00420c2064f356d6d73efda9ae9bd707 network-restore-ability-to-move-nl80211-devices.patch a26cd718760e73309a686242b03c5de5ceff17ab9c348438cd19d2d875696e5c788f0e04d66dd01e08449754c14ce2b7cc1dfc1bac2a64429ccf4462f8aa93a5 execute-attach-user-group.patch 565b7c1774b19f66cc3435557325b75c85203bae4e53db1677580f4b93c4fb2db7f9bd9dd02b956b18bc2730b8645984e790f27162510d642ce7647df21febc0 attach-returncode.patch b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f lxc.initd 91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467 lxc.confd"