public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2021-10-04  5:40 Joonas Niilola
  0 siblings, 0 replies; 14+ messages in thread
From: Joonas Niilola @ 2021-10-04  5:40 UTC (permalink / raw
  To: gentoo-commits

commit:     4dc7966809327f076560b08c54b9823c05a53472
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  4 05:35:35 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Oct  4 05:40:20 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dc79668

app-emulation/lxc: drop 4.0.9-r1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 app-emulation/lxc/Manifest                         |   2 -
 ...lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch |  93 -----------
 app-emulation/lxc/lxc-4.0.9-r1.ebuild              | 174 ---------------------
 3 files changed, 269 deletions(-)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 09e200675c9..4733a92e509 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,4 +1,2 @@
 DIST lxc-4.0.10.tar.gz 1515002 BLAKE2B 2a5b94ad767c8a11a5c34d19f12d812bd284337045ad5021c80a5f69be608085ac465edde8c385cc558e45638c9f061793c0c9db616ccbe0614554b4fbf62005 SHA512 ec3ccf344a91b50b30985562c54ad93d2db2d29c24d31da8e3a69e801c8bd23c1560274c1850c39eb7e984940ba86d3ebae75db136320d6bbc5eb03bda4c5318
 DIST lxc-4.0.10.tar.gz.asc 833 BLAKE2B 3dd6e8793d1b725ab9eb73d4fa78ce2767bf830fb70d6cc7052e70d2adbc46e4fcf6d986595322b64cb9c71417b801ef6ee3c7612c46dbeb10acba01a5bd69e0 SHA512 dd2d3ac4e066eca4e0358c9a2c371a227d3a0b5cf6e452fe34fa5c8cff46e25fa0555c9f707511a8603348fa969c1e7abf85ad7d27fdcaff613b733066861608
-DIST lxc-4.0.9.tar.gz 1500310 BLAKE2B 3796d36b6f76ec595dc28207e66ec9f5a7c1a39f5c5ebc851638c519be35f59b4ec06a71b2866cd8fef0a6140f61fd4b70c900f5a8ffd42d7da7a30d3ff59975 SHA512 4ef9d9efdd4118fdffde8b49c6ae71cf5eb060be51daaa4f4ceb804c743fbf3278e6518e6a694faefc720f2834f98ac48d67842d589a2120b8f7ec4c3b61fa84
-DIST lxc-4.0.9.tar.gz.asc 833 BLAKE2B 2d275c968831410d987aa7f8062f4e35ba15043f92f38fd3bdd6bf80964906741d05ccd93789132d421ee1c8778cec6a2e76c4f0eb2165cf0107261495fa6856 SHA512 4c90dfbdba90959ee8df5da8ca8b240f65ab03ab91637833c677e2a73592c09f9c5a55b9a261be6efb0888156c916223ff1aa9003b18d46e667908aaa550c944

diff --git a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch b/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch
deleted file mode 100644
index 6fba3c4154a..00000000000
--- a/app-emulation/lxc/files/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 91ad9b94bcd964adfbaa8d84d8f39304d39835d0 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Thu, 6 May 2021 18:16:45 +0200
-Subject: [PATCH] conf: handle kernels with CAP_SETFCAP
-
-LXC is being very clever and sometimes maps the caller's uid into the
-child userns. This means that the caller can technically write fscaps
-that are valid in the ancestor userns (which can be a security issue in
-some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
-newuidmap/newgidmap are updated to account for this simply write the
-mapping directly in this case.
-
-Cc: stable-4.0
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- src/lxc/conf.c | 25 ++++++++++++++++++++-----
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index 72e21b5300..f388946970 100644
---- a/src/lxc/conf.c
-+++ b/src/lxc/conf.c
-@@ -2978,6 +2978,9 @@ static int lxc_map_ids_exec_wrapper(void *args)
- 	return -1;
- }
- 
-+static struct id_map *find_mapped_hostid_entry(const struct lxc_list *idmap,
-+					       unsigned id, enum idtype idtype);
-+
- int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
- {
- 	int fill, left;
-@@ -2991,12 +2994,22 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
- 	char mapbuf[STRLITERALLEN("new@idmap") + STRLITERALLEN(" ") +
- 		    INTTYPE_TO_STRLEN(pid_t) + STRLITERALLEN(" ") +
- 		    LXC_IDMAPLEN] = {0};
--	bool had_entry = false, use_shadow = false;
-+	bool had_entry = false, maps_host_root = false, use_shadow = false;
- 	int hostuid, hostgid;
- 
- 	hostuid = geteuid();
- 	hostgid = getegid();
- 
-+	/*
-+	 * Check whether caller wants to map host root.
-+	 * Due to a security fix newer kernels require CAP_SETFCAP when mapping
-+	 * host root into the child userns as you would be able to write fscaps
-+	 * that would be valid in the ancestor userns. Mapping host root should
-+	 * rarely be the case but LXC is being clever in a bunch of cases.
-+	 */
-+	if (find_mapped_hostid_entry(idmap, 0, ID_TYPE_UID))
-+		maps_host_root = true;
-+
- 	/* If new{g,u}idmap exists, that is, if shadow is handing out subuid
- 	 * ranges, then insist that root also reserve ranges in subuid. This
- 	 * will protected it by preventing another user from being handed the
-@@ -3014,7 +3027,9 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
- 	else if (!gidmap)
- 		WARN("newgidmap is lacking necessary privileges");
- 
--	if (uidmap > 0 && gidmap > 0) {
-+	if (maps_host_root) {
-+		INFO("Caller maps host root. Writing mapping directly");
-+	} else if (uidmap > 0 && gidmap > 0) {
- 		DEBUG("Functional newuidmap and newgidmap binary found");
- 		use_shadow = true;
- 	} else {
-@@ -4229,14 +4244,14 @@ static struct id_map *mapped_nsid_add(const struct lxc_conf *conf, unsigned id,
- 	return retmap;
- }
- 
--static struct id_map *find_mapped_hostid_entry(const struct lxc_conf *conf,
-+static struct id_map *find_mapped_hostid_entry(const struct lxc_list *idmap,
- 					       unsigned id, enum idtype idtype)
- {
- 	struct id_map *map;
- 	struct lxc_list *it;
- 	struct id_map *retmap = NULL;
- 
--	lxc_list_for_each (it, &conf->id_map) {
-+	lxc_list_for_each (it, idmap) {
- 		map = it->elem;
- 		if (map->idtype != idtype)
- 			continue;
-@@ -4265,7 +4280,7 @@ static struct id_map *mapped_hostid_add(const struct lxc_conf *conf, uid_t id,
- 		return NULL;
- 
- 	/* Reuse existing mapping. */
--	tmp = find_mapped_hostid_entry(conf, id, type);
-+	tmp = find_mapped_hostid_entry(&conf->id_map, id, type);
- 	if (tmp) {
- 		memcpy(entry, tmp, sizeof(*entry));
- 	} else {

diff --git a/app-emulation/lxc/lxc-4.0.9-r1.ebuild b/app-emulation/lxc/lxc-4.0.9-r1.ebuild
deleted file mode 100644
index 243fd583e98..00000000000
--- a/app-emulation/lxc/lxc-4.0.9-r1.ebuild
+++ /dev/null
@@ -1,174 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig
-
-DESCRIPTION="A userspace interface for the Linux kernel containment features"
-HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
-	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
-
-KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="apparmor +caps doc man pam selinux +ssl +tools verify-sig"
-
-RDEPEND="acct-group/lxc
-	acct-user/lxc
-	app-misc/pax-utils
-	sys-apps/util-linux
-	sys-libs/libcap
-	sys-libs/libseccomp
-	virtual/awk
-	caps? ( sys-libs/libcap )
-	pam? ( sys-libs/pam )
-	selinux? ( sys-libs/libselinux )
-	ssl? (
-		dev-libs/openssl:0=
-	)"
-DEPEND="${RDEPEND}
-	>=sys-kernel/linux-headers-4
-	apparmor? ( sys-apps/apparmor )"
-BDEPEND="doc? ( app-doc/doxygen )
-	man? ( app-text/docbook-sgml-utils )
-	verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )"
-
-CONFIG_CHECK="~!NETPRIO_CGROUP
-	~CGROUPS
-	~CGROUP_CPUACCT
-	~CGROUP_DEVICE
-	~CGROUP_FREEZER
-
-	~CGROUP_SCHED
-	~CPUSETS
-	~IPC_NS
-	~MACVLAN
-
-	~MEMCG
-	~NAMESPACES
-	~NET_NS
-	~PID_NS
-
-	~POSIX_MQUEUE
-	~USER_NS
-	~UTS_NS
-	~VETH"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
-ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
-ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
-ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
-ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
-ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
-
-DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )
-
-pkg_setup() {
-	linux-info_pkg_setup
-}
-
-PATCHES=(
-	"${FILESDIR}"/lxc-4.0.9-handle-kernels-with-CAP_SETFCAP.patch # bug 789012
-	"${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
-	"${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
-)
-
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	local myeconfargs=(
-		--bindir=/usr/bin
-		--localstatedir=/var
-		--sbindir=/usr/bin
-
-		--with-config-path=/var/lib/lxc
-		--with-distro=gentoo
-		--with-init-script=systemd
-		--with-rootfs-path=/var/lib/lxc/rootfs
-		--with-runtime-path=/run
-		--with-systemdsystemunitdir=$(systemd_get_systemunitdir)
-
-		--disable-coverity-build
-		--disable-dlog
-		--disable-fuzzers
-		--disable-mutex-debugging
-		--disable-no-undefined
-		--disable-rpath
-		--disable-sanitizers
-		--disable-tests
-		--disable-werror
-
-		--enable-bash
-		--enable-commands
-		--enable-memfd-rexec
-		--enable-seccomp
-		--enable-thread-safety
-
-		$(use_enable apparmor)
-		$(use_enable caps capabilities)
-		$(use_enable doc api-docs)
-		$(use_enable doc examples)
-		$(use_enable man doc)
-		$(use_enable pam)
-		$(use_enable selinux)
-		$(use_enable ssl openssl)
-		$(use_enable tools)
-
-		$(use_with pam pamdir $(getpam_mod_dir))
-	)
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
-
-	find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.8" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4.0.0 "lxc@.service"
-
-	DOC_CONTENTS="
-		For openrc, there is an init script provided with the package.
-		You should only need to symlink /etc/init.d/lxc to
-		/etc/init.d/lxc.configname to start the container defined in
-		/etc/lxc/configname.conf.
-
-		Correspondingly, for systemd a service file lxc@.service is installed.
-		Enable and start lxc@configname in order to start the container defined
-		in /etc/lxc/configname.conf."
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-
-	elog "Please run 'lxc-checkconfig' to see optional kernel features."
-	elog
-	optfeature "automatic template scripts" app-emulation/lxc-templates
-	optfeature "Debian-based distribution container image support" dev-util/debootstrap
-	optfeature "snapshot & restore functionality" sys-process/criu
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2021-10-29  7:14 Joonas Niilola
  0 siblings, 0 replies; 14+ messages in thread
From: Joonas Niilola @ 2021-10-29  7:14 UTC (permalink / raw
  To: gentoo-commits

commit:     190499d396a2eac96f71a02e4b9e65d1d169d0e7
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 29 07:11:32 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Oct 29 07:14:27 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=190499d3

app-emulation/lxc: add io-uring patches for 4.0.11

Bug: https://bugs.gentoo.org/820545
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 .../lxc/files/lxc-4.0.11_p1-liburing-sync1.patch   |  29 ++++
 .../lxc/files/lxc-4.0.11_p1-liburing-sync2.patch   |  28 +++
 app-emulation/lxc/lxc-4.0.11_p1.ebuild             | 188 +++++++++++++++++++++
 3 files changed, 245 insertions(+)

diff --git a/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch
new file mode 100644
index 00000000000..cd497a75552
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch
@@ -0,0 +1,29 @@
+From aac3f106ff012e1d6835b20c250dcf09c364530c Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 28 Oct 2021 17:39:11 +0200
+Subject: [PATCH] mainloop: make sure that descr->ring is allocated
+
+This is future proofing more than anything else.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/mainloop.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c
+index 7c8f5d86af..17a4d55293 100644
+--- a/src/lxc/mainloop.c
++++ b/src/lxc/mainloop.c
+@@ -515,8 +515,10 @@ void lxc_mainloop_close(struct lxc_async_descr *descr)
+ 
+ 	if (descr->type == LXC_MAINLOOP_IO_URING) {
+ #if HAVE_LIBURING
+-		io_uring_queue_exit(descr->ring);
+-		munmap(descr->ring, sizeof(struct io_uring));
++		if (descr->ring) {
++			io_uring_queue_exit(descr->ring);
++			munmap(descr->ring, sizeof(struct io_uring));
++		}
+ #else
+ 		ERROR("Unsupported io_uring mainloop");
+ #endif

diff --git a/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch
new file mode 100644
index 00000000000..33b8554193d
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch
@@ -0,0 +1,28 @@
+From a585382b972c25ee8489147d94918d001ef439a7 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 28 Oct 2021 17:39:42 +0200
+Subject: [PATCH] start: check event loop type before closing fd
+
+Since this is a union we might otherwise stomp on io_uring mmap()ed
+memory.
+
+Fixes: #4016
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/start.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 8f7173ec8c..1a6046c7a4 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -629,7 +629,8 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
+ 	TRACE("Mainloop is ready");
+ 
+ 	ret = lxc_mainloop(&descr, -1);
+-	close_prot_errno_disarm(descr.epfd);
++	if (descr.type == LXC_MAINLOOP_EPOLL)
++		close_prot_errno_disarm(descr.epfd);
+ 	if (ret < 0 || !handler->init_died)
+ 		goto out_mainloop_console;
+ 

diff --git a/app-emulation/lxc/lxc-4.0.11_p1.ebuild b/app-emulation/lxc/lxc-4.0.11_p1.ebuild
new file mode 100644
index 00000000000..e7de06da0ae
--- /dev/null
+++ b/app-emulation/lxc/lxc-4.0.11_p1.ebuild
@@ -0,0 +1,188 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig
+
+DESCRIPTION="A userspace interface for the Linux kernel containment features"
+HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz
+	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz.asc )"
+
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+
+LICENSE="GPL-2 LGPL-2.1 LGPL-3"
+SLOT="0"
+IUSE="apparmor +caps doc io-uring man pam seccomp selinux +ssl +tools verify-sig"
+
+RDEPEND="acct-group/lxc
+	acct-user/lxc
+	app-misc/pax-utils
+	sys-apps/util-linux
+	sys-libs/libcap
+	virtual/awk
+	caps? ( sys-libs/libcap )
+	io-uring? ( sys-libs/liburing:= )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	ssl? (
+		dev-libs/openssl:0=
+	)"
+DEPEND="${RDEPEND}
+	>=sys-kernel/linux-headers-4
+	apparmor? ( sys-apps/apparmor )"
+BDEPEND="virtual/pkgconfig
+	doc? ( app-doc/doxygen[dot] )
+	man? ( app-text/docbook-sgml-utils )
+	verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )"
+
+CONFIG_CHECK="~!NETPRIO_CGROUP
+	~CGROUPS
+	~CGROUP_CPUACCT
+	~CGROUP_DEVICE
+	~CGROUP_FREEZER
+
+	~CGROUP_SCHED
+	~CPUSETS
+	~IPC_NS
+	~MACVLAN
+
+	~MEMCG
+	~NAMESPACES
+	~NET_NS
+	~PID_NS
+
+	~POSIX_MQUEUE
+	~USER_NS
+	~UTS_NS
+	~VETH"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
+ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
+
+DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )
+
+pkg_setup() {
+	linux-info_pkg_setup
+}
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
+	"${FILESDIR}"/${P}-liburing-sync1.patch #820545
+	"${FILESDIR}"/${P}-liburing-sync2.patch #820545
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
+
+S="${WORKDIR}/${PN}-${PV/_p1}"
+
+src_prepare() {
+	default
+
+	export bashcompdir="/etc/bash_completion.d"
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	local myeconfargs=(
+		--bindir=/usr/bin
+		--localstatedir=/var
+		--sbindir=/usr/bin
+
+		--with-config-path=/var/lib/lxc
+		--with-distro=gentoo
+		--with-init-script=systemd
+		--with-rootfs-path=/var/lib/lxc/rootfs
+		--with-runtime-path=/run
+		--with-systemdsystemunitdir=$(systemd_get_systemunitdir)
+
+		--disable-coverity-build
+		--disable-dlog
+		--disable-fuzzers
+		--disable-mutex-debugging
+		--disable-no-undefined
+		--disable-rpath
+		--disable-sanitizers
+		--disable-tests
+		--disable-werror
+
+		--enable-bash
+		--enable-commands
+		--enable-memfd-rexec
+		--enable-thread-safety
+
+		$(use_enable apparmor)
+		$(use_enable caps capabilities)
+		$(use_enable doc api-docs)
+		$(use_enable doc examples)
+		$(use_enable io-uring liburing)
+		$(use_enable man doc)
+		$(use_enable pam)
+		$(use_enable seccomp)
+		$(use_enable selinux)
+		$(use_enable ssl openssl)
+		$(use_enable tools)
+
+		$(use_with pam pamdir $(getpam_mod_dir))
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
+	mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir."
+	mv "${ED}"/etc/bash_completion.d/lxc "${ED}"/$(get_bashcompdir)/lxc-start || die "Failed to relocate lxc bash-completion file."
+	rm -r "${ED}"/etc/bash_completion.d || die "Failed to remove wrong bash_completion.d content."
+
+	if use tools; then
+		bashcomp_alias lxc-start lxc-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,usernsexec,wait}
+	else
+		bashcomp_alias lxc-start lxc-usernsexec
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
+
+	find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/lxc.initd.8" lxc
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/lxc_at.service.4.0.0 "lxc@.service"
+
+	DOC_CONTENTS="
+		For openrc, there is an init script provided with the package.
+		You should only need to symlink /etc/init.d/lxc to
+		/etc/init.d/lxc.configname to start the container defined in
+		/etc/lxc/configname.conf.
+
+		Correspondingly, for systemd a service file lxc@.service is installed.
+		Enable and start lxc@configname in order to start the container defined
+		in /etc/lxc/configname.conf."
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+
+	elog "Please run 'lxc-checkconfig' to see optional kernel features."
+	elog
+	optfeature "automatic template scripts" app-emulation/lxc-templates
+	optfeature "Debian-based distribution container image support" dev-util/debootstrap
+	optfeature "snapshot & restore functionality" sys-process/criu
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2020-06-26  8:13 Joonas Niilola
  0 siblings, 0 replies; 14+ messages in thread
From: Joonas Niilola @ 2020-06-26  8:13 UTC (permalink / raw
  To: gentoo-commits

commit:     6c40eb984e49764b0684e1823d2805adaea69c52
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 26 07:54:21 2020 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jun 26 08:13:01 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c40eb98

app-emulation/lxc: remove old 3.0.3

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 app-emulation/lxc/Manifest               |   1 -
 app-emulation/lxc/files/lxc.initd.7      | 124 -----------------------
 app-emulation/lxc/files/lxc_at.service.4 |  14 ---
 app-emulation/lxc/lxc-3.0.3.ebuild       | 163 -------------------------------
 4 files changed, 302 deletions(-)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 768faa21194..f8760f06bb4 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,2 +1 @@
-DIST lxc-3.0.3.tar.gz 1263371 BLAKE2B 77d0f593119654f570ae748d305e86c27117fd4e9ec7bdab1110f5356afb4a00d81c105ae9757d9da5827f6883a4a5d8ddc43b5b6e56a2927ed990e757f7c7b6 SHA512 cdc411364153d7ed494bab604260f5cbdfd5bd7734a59af970b3198c7b3cb340b6736856a2189d5989e169945a817ac8b531bc3ab62217a4285dd63a851f9c8a
 DIST lxc-4.0.2.tar.gz 1352667 BLAKE2B 2ecc076bacb9bb1c2a808422f7b2e0cbfc74bf3bec6ca89ea58eb6ef4a414353c2e58163bff17b3304beb39f4980d10f54365f739645c1581bfca9f6079bf57c SHA512 0de6c1f9649d161579b45fc28a735f703c4498eff9c588462b838220aeab73f91921db628f77bc461eff38c7583cac10a38951263181956e2d33412a406f3ef3

diff --git a/app-emulation/lxc/files/lxc.initd.7 b/app-emulation/lxc/files/lxc.initd.7
deleted file mode 100644
index 6a42b6aac52..00000000000
--- a/app-emulation/lxc/files/lxc.initd.7
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-CONTAINER=${SVCNAME#*.}
-
-LXC_PATH=`lxc-config lxc.lxcpath`
-
-lxc_get_configfile() {
-	if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
-		echo "${LXC_PATH}/${CONTAINER}.conf"
-	elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
-		echo "${LXC_PATH}/${CONTAINER}/config"
-	else
-		eerror "Unable to find a suitable configuration file."
-		eerror "If you set up the container in a non-standard"
-		eerror "location, please set the CONFIGFILE variable."
-		return 1
-	fi
-}
-
-[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
-
-lxc_get_var() {
-	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
-}
-
-lxc_get_net_link_type() {
-	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
-		$1 == "lxc.network.type" {_type=$2;}
-		$1 == "lxc.network.link" {_link=$2;}
-		match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;}
-		match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;}
-		{if(_link != "" && _type != ""){
-			printf("%s:%s\n", _link, _type );
-			_link=""; _type="";
-		}; }' <${CONFIGFILE}
-}
-
-checkconfig() {
-	if [ ${CONTAINER} = ${SVCNAME} ]; then
-		eerror "You have to create an init script for each container:"
-		eerror " ln -s lxc /etc/init.d/lxc.container"
-		return 1
-	fi
-
-	# no need to output anything, the function takes care of that.
-	[ -z "${CONFIGFILE}" ] && return 1
-
-	utsname=$(lxc_get_var lxc.uts.name)
-	if [ -z "$utsname" ] ; then
-		utsname=$(lxc_get_var lxc.utsname)
-	fi
-
-	if [ "${CONTAINER}" != "${utsname}" ]; then
-	    eerror "You should use the same name for the service and the"
-	    eerror "container. Right now the container is called ${utsname}"
-	    return 1
-	fi
-}
-
-depend() {
-	# be quiet, since we have to run depend() also for the
-	# non-muxed init script, unfortunately.
-	checkconfig 2>/dev/null || return 0
-
-	config ${CONFIGFILE}
-	need localmount
-	use lxcfs
-
-	local _x _if
-	for _x in $(lxc_get_net_link_type); do
-		_if=${_x%:*}
-		case "${_x##*:}" in
-			# when the network type is set to phys, we can make use of a
-			# network service (for instance to set it up before we disable
-			# the net_admin capability), but we might also not set it up
-			# at all on the host and leave the net_admin capable service
-			# to take care of it.
-			phys)	use net.${_if} ;;
-			*)	need net.${_if} ;;
-		esac
-	done
-}
-
-start() {
-	checkconfig || return 1
-	rm -f /var/log/lxc/${CONTAINER}.log
-
-	rootpath=$(lxc_get_var lxc.rootfs)
-
-	# Check the format of our init and the chroot's init, to see
-	# if we have to use linux32 or linux64; always use setarch
-	# when required, as that makes it easier to deal with
-	# x32-based containers.
-	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
-		EM_X86_64)	setarch=linux64;;
-		EM_386)		setarch=linux32;;
-	esac
-
-	ebegin "Starting ${CONTAINER}"
-	env -i ${setarch} $(which lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
-	sleep 1
-
-	# lxc-start -d will _always_ report a correct startup, even if it
-	# failed, so rather than trust that, check that the cgroup exists.
-	[ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
-	eend $?
-}
-
-stop() {
-	checkconfig || return 1
-
-
-	if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
-	    ewarn "${CONTAINER} doesn't seem to be started."
-	    return 0
-	fi
-
-	# 10s should be enough to shut everything down
-	ebegin "Stopping ${CONTAINER}"
-	lxc-stop -t 10 -n ${CONTAINER}
-	eend $?
-}

diff --git a/app-emulation/lxc/files/lxc_at.service.4 b/app-emulation/lxc/files/lxc_at.service.4
deleted file mode 100644
index 64ae7457096..00000000000
--- a/app-emulation/lxc/files/lxc_at.service.4
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Linux Container %I
-After=network.target
-Wants=lxcfs.service
-
-[Service]
-Restart=always
-ExecStart=/usr/bin/lxc-start -n %i -F
-ExecReload=/usr/bin/lxc-restart -n %i
-ExecStop=/usr/bin/lxc-stop -n %i
-Delegate=yes
-
-[Install]
-WantedBy=multi-user.target

diff --git a/app-emulation/lxc/lxc-3.0.3.ebuild b/app-emulation/lxc/lxc-3.0.3.ebuild
deleted file mode 100644
index 136493184f4..00000000000
--- a/app-emulation/lxc/lxc-3.0.3.ebuild
+++ /dev/null
@@ -1,163 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools bash-completion-r1 linux-info flag-o-matic systemd readme.gentoo-r1 pam
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
-
-KEYWORDS="amd64 ~arm ~arm64 ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="apparmor examples pam python seccomp selinux +templates"
-
-RDEPEND="
-	net-libs/gnutls
-	sys-libs/libcap
-	pam? ( sys-libs/pam )
-	seccomp? ( sys-libs/libseccomp )
-	selinux? ( sys-libs/libselinux )"
-
-DEPEND="${RDEPEND}
-	>=app-text/docbook-sgml-utils-0.6.14-r2
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-PDEPEND="templates? ( app-emulation/lxc-templates )
-	python? ( dev-python/python3-lxc )"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-	~!GRKERNSEC_CHROOT_FINDTASK
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-pkg_setup() {
-	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
-	linux-info_pkg_setup
-}
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
-	"${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
-)
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	# --enable-doc is for manpages which is why we don't link it to a "doc"
-	# USE flag. We always want man pages.
-	local myeconfargs=(
-		--localstatedir=/var
-		--bindir=/usr/bin
-		--sbindir=/usr/bin
-		--with-config-path=/var/lib/lxc
-		--with-rootfs-path=/var/lib/lxc/rootfs
-		--with-distro=gentoo
-		--with-runtime-path=/run
-		--disable-apparmor
-		--disable-werror
-		--enable-doc
-		$(use_enable apparmor)
-		$(use_enable examples)
-		$(use_enable pam)
-		$(use_with pam pamdir $(getpam_mod_dir))
-		$(use_enable seccomp)
-		$(use_enable selinux)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-
-	DOC_CONTENTS="
-	For openrc, there is an init script provided with the package.
-	You _should_ only need to symlink /etc/init.d/lxc to
-	/etc/init.d/lxc.configname to start the container defined in
-	/etc/lxc/configname.conf.
-
-	Correspondingly, for systemd a service file lxc@.service is installed.
-	Enable and start lxc@configname in order to start the container defined
-	in /etc/lxc/configname.conf.
-
-	If you want checkpoint/restore functionality, please install criu
-	(sys-process/criu)."
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2018-10-07  2:24 Virgil Dupras
  0 siblings, 0 replies; 14+ messages in thread
From: Virgil Dupras @ 2018-10-07  2:24 UTC (permalink / raw
  To: gentoo-commits

commit:     8d9eb3429c0bf701bde2eb67c43d9147c225dfdd
Author:     Virgil Dupras <vdupras <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  7 02:24:34 2018 +0000
Commit:     Virgil Dupras <vdupras <AT> gentoo <DOT> org>
CommitDate: Sun Oct  7 02:24:34 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d9eb342

app-emulation/lxc: remove old

Signed-off-by: Virgil Dupras <vdupras <AT> gentoo.org>
Package-Manager: Portage-2.3.50, Repoman-2.3.11

 app-emulation/lxc/Manifest                         |   1 -
 .../lxc/files/lxc-3.0.1-cve-2018-6556.patch        | 110 --------------
 app-emulation/lxc/lxc-3.0.1-r1.ebuild              | 163 ---------------------
 3 files changed, 274 deletions(-)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 8682903f737..06d28c40ad9 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,3 +1,2 @@
 DIST lxc-2.1.1.tar.gz 1378640 BLAKE2B 5fca516540a886729434579ff99acf3baa06977fa0e0b6f24dbf15094626335fc073597d308276e3dd20e27ceabf1477cc8e99d1fd24cf50b9aed2720b887b69 SHA512 2989d57acddfe091adcf8031721c3c9a2f8eff5476bd6155366b76ea7511e0f6120e669276e056e3963863e0f0acf3b095d44c36fa6652e67c197671f28cbdd4
-DIST lxc-3.0.1.tar.gz 1239920 BLAKE2B 7be668c11d7211540fe7e2fb6318d38eac0d8d493914f4705d097fca4c004a8d2191609d02bd9e1d9204c3c0b9ea937084d3f9050fc841f6d777768067af3d19 SHA512 f51b0844f61f64d4efc530454eae1fa499f7f1b908bd3b40d7031e7f311a402893a7504bddbc53f2ef9da2b3154d1b047fc4d876b99f0d487d7c79de64eea505
 DIST lxc-3.0.2.tar.gz 1236975 BLAKE2B 68047f6374b9081fb308586726797ed94fa66b5e94eb3fc12ad1a0aedc15ac1ee518ca5a341db79a715015e34ad38659200ad6aaf21f74639ebb55e7e1360645 SHA512 d7f5e3f91e5c8800e3e092ab209158a4d3e3c2816623249aeaaf2e0950428484ac5d1432d71298787721e1419cd962c0798ba14979e62161299fa15a299efde8

diff --git a/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch b/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch
deleted file mode 100644
index 198e835e6c5..00000000000
--- a/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From f2314625c5702cfd25974929599fa439bdac8bdf Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 25 Jul 2018 19:56:54 +0200
-Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++---
- src/lxc/utils.c            | 12 ++++++++++++
- src/lxc/utils.h            |  5 +++++
- 3 files changed, 49 insertions(+), 3 deletions(-)
-
-diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
-index ec9cd97e..c5beb6c8 100644
---- a/src/lxc/cmd/lxc_user_nic.c
-+++ b/src/lxc/cmd/lxc_user_nic.c
-@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[])
- 			exit(EXIT_FAILURE);
- 		}
- 	} else if (request == LXC_USERNIC_DELETE) {
--		netns_fd = open(args.pid, O_RDONLY);
-+		char opath[LXC_PROC_PID_FD_LEN];
-+
-+		/* Open the path with O_PATH which will not trigger an actual
-+		 * open(). Don't report an errno to the caller to not leak
-+		 * information whether the path exists or not.
-+		 * When stracing setuid is stripped so this is not a concern
-+		 * either.
-+		 */
-+		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
- 		if (netns_fd < 0) {
--			usernic_error("Could not open \"%s\": %s\n", args.pid,
--				      strerror(errno));
-+			usernic_error("Failed to open \"%s\"\n", args.pid);
-+			exit(EXIT_FAILURE);
-+		}
-+
-+		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
-+			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
-+			close(netns_fd);
-+			exit(EXIT_FAILURE);
-+		}
-+
-+		ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd);
-+		if (ret < 0 || (size_t)ret >= sizeof(opath)) {
-+			close(netns_fd);
-+			exit(EXIT_FAILURE);
-+		}
-+
-+		/* Now get an fd that we can use in setns() calls. */
-+		ret = open(opath, O_RDONLY | O_CLOEXEC);
-+		if (ret < 0) {
-+			usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno));
-+			close(netns_fd);
- 			exit(EXIT_FAILURE);
- 		}
-+		close(netns_fd);
-+		netns_fd = ret;
- 	}
- 
- 	if (!create_db_dir(LXC_USERNIC_DB)) {
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 26f1b058..69d362dc 100644
---- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -2548,6 +2548,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val)
- 	return has_type;
- }
- 
-+bool fhas_fs_type(int fd, fs_type_magic magic_val)
-+{
-+	int ret;
-+	struct statfs sb;
-+
-+	ret = fstatfs(fd, &sb);
-+	if (ret < 0)
-+		return false;
-+
-+	return is_fs_type(&sb, magic_val);
-+}
-+
- bool lxc_nic_exists(char *nic)
- {
- #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1
-diff --git a/src/lxc/utils.h b/src/lxc/utils.h
-index 7d672b77..fedc395b 100644
---- a/src/lxc/utils.h
-+++ b/src/lxc/utils.h
-@@ -95,6 +95,10 @@
- #define CGROUP2_SUPER_MAGIC 0x63677270
- #endif
- 
-+#ifndef NSFS_MAGIC
-+#define NSFS_MAGIC 0x6e736673
-+#endif
-+
- /* Useful macros */
- /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
- #define LXC_NUMSTRLEN64 21
-@@ -581,6 +585,7 @@ extern void *must_realloc(void *orig, size_t sz);
- /* __typeof__ should be safe to use with all compilers. */
- typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic;
- extern bool has_fs_type(const char *path, fs_type_magic magic_val);
-+extern bool fhas_fs_type(int fd, fs_type_magic magic_val);
- extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val);
- extern bool lxc_nic_exists(char *nic);
- extern int lxc_make_tmpfile(char *template, bool rm);
--- 
-2.17.1
-

diff --git a/app-emulation/lxc/lxc-3.0.1-r1.ebuild b/app-emulation/lxc/lxc-3.0.1-r1.ebuild
deleted file mode 100644
index bf2c75e44b8..00000000000
--- a/app-emulation/lxc/lxc-3.0.1-r1.ebuild
+++ /dev/null
@@ -1,163 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools bash-completion-r1 linux-info flag-o-matic systemd readme.gentoo-r1 pam
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
-
-KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="examples pam python seccomp selinux +templates"
-
-RDEPEND="
-	net-libs/gnutls
-	sys-libs/libcap
-	pam? ( virtual/pam )
-	seccomp? ( sys-libs/libseccomp )
-	selinux? ( sys-libs/libselinux )"
-
-DEPEND="${RDEPEND}
-	>=app-text/docbook-sgml-utils-0.6.14-r2
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-PDEPEND="templates? ( app-emulation/lxc-templates )
-	python? ( dev-python/python3-lxc )"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-pkg_setup() {
-	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	eapply "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
-	#558854
-	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
-	eapply "${FILESDIR}"/${PN}-3.0.1-cve-2018-6556.patch
-	eapply_user
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	# I am not sure about the --with-rootfs-path
-	# /var/lib/lxc is probably more appropriate than
-	# /usr/lib/lxc.
-	# Note by holgersson: Why is apparmor disabled?
-
-	# --enable-doc is for manpages which is why we don't link it to a "doc"
-	# USE flag. We always want man pages.
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/bin \
-		--sbindir=/usr/bin \
-		--with-config-path=/var/lib/lxc	\
-		--with-rootfs-path=/var/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		--with-runtime-path=/run \
-		--disable-apparmor \
-		--disable-werror \
-		--enable-doc \
-		$(use_enable examples) \
-		$(use_enable pam) \
-		$(use_with pam pamdir $(getpam_mod_dir)) \
-		$(use_enable seccomp) \
-		$(use_enable selinux)
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-
-	DOC_CONTENTS="
-	For openrc, there is an init script provided with the package.
-	You _should_ only need to symlink /etc/init.d/lxc to
-	/etc/init.d/lxc.configname to start the container defined in
-	/etc/lxc/configname.conf.
-
-	Correspondingly, for systemd a service file lxc@.service is installed.
-	Enable and start lxc@configname in order to start the container defined
-	in /etc/lxc/configname.conf.
-
-	If you want checkpoint/restore functionality, please install criu
-	(sys-process/criu)."
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2018-08-06 16:12 Virgil Dupras
  0 siblings, 0 replies; 14+ messages in thread
From: Virgil Dupras @ 2018-08-06 16:12 UTC (permalink / raw
  To: gentoo-commits

commit:     29dedb39a6a6587a6d71b11444de28f24a98b0bb
Author:     Virgil Dupras <vdupras <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  5 15:11:40 2018 +0000
Commit:     Virgil Dupras <vdupras <AT> gentoo <DOT> org>
CommitDate: Mon Aug  6 16:08:11 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29dedb39

app-emulation/lxc: fix CVE-2018-6556

Apply patches from upstream. In the case of the 2.1.1 patch, I had to
modify it to make the code compile. See ADDENDUM in patch.

Bug: https://bugs.gentoo.org/662780
Package-Manager: Portage-2.3.44, Repoman-2.3.10

 .../lxc/files/lxc-2.1.1-cve-2018-6556.patch        | 118 +++++++++++
 .../lxc/files/lxc-3.0.1-cve-2018-6556.patch        | 110 +++++++++++
 app-emulation/lxc/lxc-2.1.1-r1.ebuild              | 215 +++++++++++++++++++++
 app-emulation/lxc/lxc-3.0.1-r1.ebuild              | 163 ++++++++++++++++
 4 files changed, 606 insertions(+)

diff --git a/app-emulation/lxc/files/lxc-2.1.1-cve-2018-6556.patch b/app-emulation/lxc/files/lxc-2.1.1-cve-2018-6556.patch
new file mode 100644
index 00000000000..bad1e274527
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.1.1-cve-2018-6556.patch
@@ -0,0 +1,118 @@
+From d183654ec1a2cd1149bdb92601ccb7246bddb14e Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Wed, 25 Jul 2018 19:56:54 +0200
+Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++---
+ src/lxc/utils.c        | 12 ++++++++++++
+ src/lxc/utils.h        |  5 +++++
+ 3 files changed, 49 insertions(+), 3 deletions(-)
+
+ADDENDUM from vdupras@gentoo.org: Original patch from Christian didn't
+include LXC_PROC_PID_FD_LEN define, but referenced it. This resulted in
+code that doesn't compile. I fetched the definition from the stable-3.0
+branch and included it to this patch. Also, this diff is regenerated
+from lxc-2.1.1 tag instead of stable-2.0 branch.
+
+diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
+index 6f550f0d..09a342ac 100644
+--- a/src/lxc/lxc_user_nic.c
++++ b/src/lxc/lxc_user_nic.c
+@@ -1124,12 +1124,41 @@ int main(int argc, char *argv[])
+ 			exit(EXIT_FAILURE);
+ 		}
+ 	} else if (request == LXC_USERNIC_DELETE) {
+-		netns_fd = open(args.pid, O_RDONLY);
++		char opath[LXC_PROC_PID_FD_LEN];
++
++		/* Open the path with O_PATH which will not trigger an actual
++		 * open(). Don't report an errno to the caller to not leak
++		 * information whether the path exists or not.
++		 * When stracing setuid is stripped so this is not a concern
++		 * either.
++		 */
++		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
+ 		if (netns_fd < 0) {
+-			usernic_error("Could not open \"%s\": %s\n", args.pid,
+-				      strerror(errno));
++			usernic_error("Failed to open \"%s\"\n", args.pid);
+ 			exit(EXIT_FAILURE);
+ 		}
++
++		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
++			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++
++		ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd);
++		if (ret < 0 || (size_t)ret >= sizeof(opath)) {
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++
++		/* Now get an fd that we can use in setns() calls. */
++		ret = open(opath, O_RDONLY | O_CLOEXEC);
++		if (ret < 0) {
++			usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno));
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++		close(netns_fd);
++		netns_fd = ret;
+ 	}
+ 
+ 	if (!create_db_dir(LXC_USERNIC_DB)) {
+diff --git a/src/lxc/utils.c b/src/lxc/utils.c
+index e6a44a51..c2a08a9d 100644
+--- a/src/lxc/utils.c
++++ b/src/lxc/utils.c
+@@ -2380,6 +2380,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val)
+ 	return has_type;
+ }
+ 
++bool fhas_fs_type(int fd, fs_type_magic magic_val)
++{
++	int ret;
++	struct statfs sb;
++
++	ret = fstatfs(fd, &sb);
++	if (ret < 0)
++		return false;
++
++	return is_fs_type(&sb, magic_val);
++}
++
+ bool lxc_nic_exists(char *nic)
+ {
+ #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1
+diff --git a/src/lxc/utils.h b/src/lxc/utils.h
+index e83ed49e..06ec74d7 100644
+--- a/src/lxc/utils.h
++++ b/src/lxc/utils.h
+@@ -46,11 +46,16 @@
+ #define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask))
+ #endif
+ 
++#ifndef NSFS_MAGIC
++#define NSFS_MAGIC 0x6e736673
++#endif
++
+ /* Useful macros */
+ /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
+ #define LXC_NUMSTRLEN64 21
+ #define LXC_LINELEN 4096
+ #define LXC_IDMAPLEN 4096
++#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1)
+ 
+ /* returns 1 on success, 0 if there were any failures */
+ extern int lxc_rmdir_onedev(char *path, const char *exclude);
+@@ -402,6 +407,7 @@ extern void *must_realloc(void *orig, size_t sz);
+ /* __typeof__ should be safe to use with all compilers. */
+ typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic;
+ extern bool has_fs_type(const char *path, fs_type_magic magic_val);
++extern bool fhas_fs_type(int fd, fs_type_magic magic_val);
+ extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val);
+ extern bool lxc_nic_exists(char *nic);

diff --git a/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch b/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch
new file mode 100644
index 00000000000..198e835e6c5
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch
@@ -0,0 +1,110 @@
+From f2314625c5702cfd25974929599fa439bdac8bdf Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Wed, 25 Jul 2018 19:56:54 +0200
+Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++---
+ src/lxc/utils.c            | 12 ++++++++++++
+ src/lxc/utils.h            |  5 +++++
+ 3 files changed, 49 insertions(+), 3 deletions(-)
+
+diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
+index ec9cd97e..c5beb6c8 100644
+--- a/src/lxc/cmd/lxc_user_nic.c
++++ b/src/lxc/cmd/lxc_user_nic.c
+@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[])
+ 			exit(EXIT_FAILURE);
+ 		}
+ 	} else if (request == LXC_USERNIC_DELETE) {
+-		netns_fd = open(args.pid, O_RDONLY);
++		char opath[LXC_PROC_PID_FD_LEN];
++
++		/* Open the path with O_PATH which will not trigger an actual
++		 * open(). Don't report an errno to the caller to not leak
++		 * information whether the path exists or not.
++		 * When stracing setuid is stripped so this is not a concern
++		 * either.
++		 */
++		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
+ 		if (netns_fd < 0) {
+-			usernic_error("Could not open \"%s\": %s\n", args.pid,
+-				      strerror(errno));
++			usernic_error("Failed to open \"%s\"\n", args.pid);
++			exit(EXIT_FAILURE);
++		}
++
++		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
++			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++
++		ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd);
++		if (ret < 0 || (size_t)ret >= sizeof(opath)) {
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++
++		/* Now get an fd that we can use in setns() calls. */
++		ret = open(opath, O_RDONLY | O_CLOEXEC);
++		if (ret < 0) {
++			usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno));
++			close(netns_fd);
+ 			exit(EXIT_FAILURE);
+ 		}
++		close(netns_fd);
++		netns_fd = ret;
+ 	}
+ 
+ 	if (!create_db_dir(LXC_USERNIC_DB)) {
+diff --git a/src/lxc/utils.c b/src/lxc/utils.c
+index 26f1b058..69d362dc 100644
+--- a/src/lxc/utils.c
++++ b/src/lxc/utils.c
+@@ -2548,6 +2548,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val)
+ 	return has_type;
+ }
+ 
++bool fhas_fs_type(int fd, fs_type_magic magic_val)
++{
++	int ret;
++	struct statfs sb;
++
++	ret = fstatfs(fd, &sb);
++	if (ret < 0)
++		return false;
++
++	return is_fs_type(&sb, magic_val);
++}
++
+ bool lxc_nic_exists(char *nic)
+ {
+ #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1
+diff --git a/src/lxc/utils.h b/src/lxc/utils.h
+index 7d672b77..fedc395b 100644
+--- a/src/lxc/utils.h
++++ b/src/lxc/utils.h
+@@ -95,6 +95,10 @@
+ #define CGROUP2_SUPER_MAGIC 0x63677270
+ #endif
+ 
++#ifndef NSFS_MAGIC
++#define NSFS_MAGIC 0x6e736673
++#endif
++
+ /* Useful macros */
+ /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
+ #define LXC_NUMSTRLEN64 21
+@@ -581,6 +585,7 @@ extern void *must_realloc(void *orig, size_t sz);
+ /* __typeof__ should be safe to use with all compilers. */
+ typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic;
+ extern bool has_fs_type(const char *path, fs_type_magic magic_val);
++extern bool fhas_fs_type(int fd, fs_type_magic magic_val);
+ extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val);
+ extern bool lxc_nic_exists(char *nic);
+ extern int lxc_make_tmpfile(char *template, bool rm);
+-- 
+2.17.1
+

diff --git a/app-emulation/lxc/lxc-2.1.1-r1.ebuild b/app-emulation/lxc/lxc-2.1.1-r1.ebuild
new file mode 100644
index 00000000000..e5915426973
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.1.1-r1.ebuild
@@ -0,0 +1,215 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python3_{4,5,6} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd readme.gentoo-r1
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager examples lua python seccomp selinux"
+
+RDEPEND="
+	net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )"
+
+DEPEND="${RDEPEND}
+	app-text/docbook-sgml-utils
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+pkg_setup() {
+	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${PN}-2.0.6-bash-completion.patch
+	#558854
+	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
+	eapply "${FILESDIR}"/${PN}-2.1.1-fix-cgroup2-detection.patch
+	eapply "${FILESDIR}"/${PN}-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch
+	eapply "${FILESDIR}"/${PN}-2.1.1-cve-2018-6556.patch
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	# Note by holgersson: Why is apparmor disabled?
+
+	# --enable-doc is for manpages which is why we don't link it to a "doc"
+	# USE flag. We always want man pages.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		--disable-werror \
+		--enable-doc \
+		$(use_enable cgmanager) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp) \
+		$(use_enable selinux)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I.. -L../lxc/.libs --no-pkg-config
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	# start-ephemeral is no longer a command but removing it here
+	# generates QA warnings (still in upstream completion script)
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+
+	DOC_CONTENTS="
+	Starting from version ${PN}-1.1.0-r3, the default lxc path has been
+	moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc
+	please add the following to your /etc/lxc/lxc.conf
+
+	  lxc.lxcpath = /etc/lxc
+
+	For openrc, there is an init script provided with the package.
+	You _should_ only need to symlink /etc/init.d/lxc to
+	/etc/init.d/lxc.configname to start the container defined in
+	/etc/lxc/configname.conf.
+
+	Correspondingly, for systemd a service file lxc@.service is installed.
+	Enable and start lxc@configname in order to start the container defined
+	in /etc/lxc/configname.conf.
+
+	If you want checkpoint/restore functionality, please install criu
+	(sys-process/criu)."
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+}

diff --git a/app-emulation/lxc/lxc-3.0.1-r1.ebuild b/app-emulation/lxc/lxc-3.0.1-r1.ebuild
new file mode 100644
index 00000000000..be0d3a86f25
--- /dev/null
+++ b/app-emulation/lxc/lxc-3.0.1-r1.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools bash-completion-r1 linux-info flag-o-matic systemd readme.gentoo-r1 pam
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="examples pam python seccomp selinux +templates"
+
+RDEPEND="
+	net-libs/gnutls
+	sys-libs/libcap
+	pam? ( virtual/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )"
+
+DEPEND="${RDEPEND}
+	>=app-text/docbook-sgml-utils-0.6.14-r2
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+PDEPEND="templates? ( app-emulation/lxc-templates )
+	python? ( dev-python/python3-lxc )"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+pkg_setup() {
+	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
+	#558854
+	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
+	eapply "${FILESDIR}"/${PN}-3.0.1-cve-2018-6556.patch
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	# Note by holgersson: Why is apparmor disabled?
+
+	# --enable-doc is for manpages which is why we don't link it to a "doc"
+	# USE flag. We always want man pages.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		--disable-werror \
+		--enable-doc \
+		$(use_enable examples) \
+		$(use_enable pam) \
+		$(use_with pam pamdir $(getpam_mod_dir)) \
+		$(use_enable seccomp) \
+		$(use_enable selinux)
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+
+	DOC_CONTENTS="
+	For openrc, there is an init script provided with the package.
+	You _should_ only need to symlink /etc/init.d/lxc to
+	/etc/init.d/lxc.configname to start the container defined in
+	/etc/lxc/configname.conf.
+
+	Correspondingly, for systemd a service file lxc@.service is installed.
+	Enable and start lxc@configname in order to start the container defined
+	in /etc/lxc/configname.conf.
+
+	If you want checkpoint/restore functionality, please install criu
+	(sys-process/criu)."
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2018-04-26  1:36 Matthias Maier
  0 siblings, 0 replies; 14+ messages in thread
From: Matthias Maier @ 2018-04-26  1:36 UTC (permalink / raw
  To: gentoo-commits

commit:     ba77a0dedea123401b3015213dbcf6e1b9d44471
Author:     Virgil Dupras <hsoft <AT> hardcoded <DOT> net>
AuthorDate: Wed Apr 11 01:14:59 2018 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Thu Apr 26 01:35:49 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba77a0de

app-emulation/lxc: Bump to v3.0.0

Many notable changes:

1. Drop python and lua. Bindings are no longer bundled with LXC and live
in separate packages.

2. Drop cgmanager USE flag. cgmanager isn't supported anymore by
upstream.

3. Remove versionator inherit. It wasn't used.

4. Remove two patches which were simple cherry pick from upstreams.
They're applied upstream now.

5. Remove notice about path change in v1.1. It's been a while, it lost
relevance.

6. Remove start-ephemeral bash completion. Upstream finally removed it
from its own completions.

7. Add "pam" USE flag for the compilation and installation of the new
builtin "pam_cgfs.so" module.

Closes: https://bugs.gentoo.org/652582
Closes: https://github.com/gentoo/gentoo/pull/7934

Package-Manager: Portage-2.3.24, Repoman-2.3.6
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 app-emulation/lxc/Manifest                         |   1 +
 .../lxc/files/lxc-3.0.0-bash-completion.patch      |  27 ++++
 app-emulation/lxc/lxc-3.0.0.ebuild                 | 169 +++++++++++++++++++++
 3 files changed, 197 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 5c6a4ead6f8..b6edf39a003 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -3,3 +3,4 @@ DIST lxc-1.0.8.tar.gz 575127 BLAKE2B 246ac7a2b4306c52a741b2f763bcc81d9999fb27942
 DIST lxc-2.0.7.tar.gz 792557 BLAKE2B e5f1e6d8961938200e116527fab8ce341cf285826afdccac88f4bae65ffd649a406dac7555024557f38c4b415a59cd3b5fb255f1dbf015ce01d4975bed3b1c80 SHA512 eb48dc800ce43d2f4d46e0cecc4d0a714b3e22c6a4975776b54d17d1d20d5a1411e6b605215282f1f77286ddf22b61c80b86b83752191fc18023894ef7a1c44d
 DIST lxc-2.0.9.tar.gz 1333044 BLAKE2B 44d405bf933923a020a6aadca9d84cfce04db72ac0ef1a727c83eca8121683419a2e74849f08fb4773010002928b424840fa9ec19ab619e420b1dfb5156de5c6 SHA512 c7c595fbc6163e500700b756ae30c96b70d41b9bf297a609622b5d5b8431171ed8db70fa8368c3b9650c86452820e9da7f329f9186ae75c24a7adb15d5826102
 DIST lxc-2.1.1.tar.gz 1378640 BLAKE2B 5fca516540a886729434579ff99acf3baa06977fa0e0b6f24dbf15094626335fc073597d308276e3dd20e27ceabf1477cc8e99d1fd24cf50b9aed2720b887b69 SHA512 2989d57acddfe091adcf8031721c3c9a2f8eff5476bd6155366b76ea7511e0f6120e669276e056e3963863e0f0acf3b095d44c36fa6652e67c197671f28cbdd4
+DIST lxc-3.0.0.tar.gz 1233316 BLAKE2B ba726a07f48b1d32366012c8d885a853e33f88d8c45c910b061d9deecf472d940f7d45a1e742c8194517ba3231e1875a49bbf303b2c3fd2c9ece33b941670bb7 SHA512 21372e6fe4d38e2cf54707fab4133137793deff1dd500ed7ed02c03bbaa809de56c7490971594cddbdcb2b96f0c03ab5dfb43a8582a584598a12c5943b7ca490

diff --git a/app-emulation/lxc/files/lxc-3.0.0-bash-completion.patch b/app-emulation/lxc/files/lxc-3.0.0-bash-completion.patch
new file mode 100644
index 00000000000..2a08eedb1c2
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-3.0.0-bash-completion.patch
@@ -0,0 +1,27 @@
+diff --git a/config/bash/lxc.in b/config/bash/lxc.in
+index 43056882..0a22d4ad 100644
+--- a/config/bash/lxc.in
++++ b/config/bash/lxc.in
+@@ -1,4 +1,3 @@
+-_have lxc-start && {
+     _lxc_names() {
+         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
+     }
+@@ -108,4 +107,3 @@ _have lxc-start && {
+     complete -o default -F _lxc_generic_t lxc-create
+ 
+     complete -o default -F _lxc_generic_o lxc-copy
+-}
+diff --git a/configure.ac b/configure.ac
+index 50c99836..0569caec 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -395,7 +395,7 @@ AM_CONDITIONAL([ENABLE_BASH], [test "x$enable_bash" = "xyes"])
+ AM_COND_IF([ENABLE_BASH],
+ 	[AC_MSG_CHECKING([bash completion directory])
+ 	PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], ,
+-		bashcompdir="${sysconfdir}/bash_completion.d")
++		bashcompdir="$datadir/bash-completion/completions")
+ 	AC_MSG_RESULT([$bashcompdir])
+ 	AC_SUBST(bashcompdir)
+ 	])

diff --git a/app-emulation/lxc/lxc-3.0.0.ebuild b/app-emulation/lxc/lxc-3.0.0.ebuild
new file mode 100644
index 00000000000..2b427710f98
--- /dev/null
+++ b/app-emulation/lxc/lxc-3.0.0.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools bash-completion-r1 linux-info flag-o-matic systemd readme.gentoo-r1 pam
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="examples pam seccomp selinux"
+
+RDEPEND="
+	net-libs/gnutls
+	sys-libs/libcap
+	pam? ( virtual/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )"
+
+DEPEND="${RDEPEND}
+	app-text/docbook-sgml-utils
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+pkg_setup() {
+	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
+	#558854
+	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	# Note by holgersson: Why is apparmor disabled?
+
+	# --enable-doc is for manpages which is why we don't link it to a "doc"
+	# USE flag. We always want man pages.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		--disable-werror \
+		--enable-doc \
+		$(use_enable examples) \
+		$(use_enable pam) \
+		$(use_with pam pam-dir $(getpam_mod_dir)) \
+		$(use_enable seccomp) \
+		$(use_enable selinux)
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+
+	DOC_CONTENTS="
+	For openrc, there is an init script provided with the package.
+	You _should_ only need to symlink /etc/init.d/lxc to
+	/etc/init.d/lxc.configname to start the container defined in
+	/etc/lxc/configname.conf.
+
+	Correspondingly, for systemd a service file lxc@.service is installed.
+	Enable and start lxc@configname in order to start the container defined
+	in /etc/lxc/configname.conf.
+
+	If you want checkpoint/restore functionality, please install criu
+	(sys-process/criu)."
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2018-01-30 17:01 Matthias Maier
  0 siblings, 0 replies; 14+ messages in thread
From: Matthias Maier @ 2018-01-30 17:01 UTC (permalink / raw
  To: gentoo-commits

commit:     dd450253467dd8d704a398d794d1a704cac81ecc
Author:     i.Dark_Templar <darktemplar <AT> dark-templar-archives <DOT> net>
AuthorDate: Sun Nov  5 08:50:03 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 17:00:12 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd450253

app-emulation/lxc: bump to version 2.1.1.

[tamiko: regenerate metadata to make remote hook happy]

Closes: https://bugs.gentoo.org/636572
Closes: https://github.com/gentoo/gentoo/pull/6128
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

 app-emulation/lxc/Manifest                         |   1 +
 ...ps-enable-container-without-CAP_SYS_ADMIN.patch | 164 +++++++++++++++++
 .../files/lxc-2.1.1-fix-cgroup2-detection.patch    |  26 +++
 app-emulation/lxc/files/lxc.initd.7                | 124 +++++++++++++
 app-emulation/lxc/lxc-2.1.1.ebuild                 | 201 +++++++++++++++++++++
 5 files changed, 516 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index c9008c2d3c8..5c6a4ead6f8 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -2,3 +2,4 @@ DIST lxc-1.0.11.tar.gz 850645 BLAKE2B 1a8eff91d970d3160d5ca7338f4e4d68c722a277a8
 DIST lxc-1.0.8.tar.gz 575127 BLAKE2B 246ac7a2b4306c52a741b2f763bcc81d9999fb27942ef93d6a786ed2ea010c646f5a2388407d26425387b8a819cacae927c8512995bf19b11d610e1887ea6470 SHA512 f552a4f48bb47d26c6b9ddaf8221a439c0848e3f54ec41b77d54717c21bddd56193941046cc96c699790e8265e762a926469c25ee687adcf7795f2906b1c260a
 DIST lxc-2.0.7.tar.gz 792557 BLAKE2B e5f1e6d8961938200e116527fab8ce341cf285826afdccac88f4bae65ffd649a406dac7555024557f38c4b415a59cd3b5fb255f1dbf015ce01d4975bed3b1c80 SHA512 eb48dc800ce43d2f4d46e0cecc4d0a714b3e22c6a4975776b54d17d1d20d5a1411e6b605215282f1f77286ddf22b61c80b86b83752191fc18023894ef7a1c44d
 DIST lxc-2.0.9.tar.gz 1333044 BLAKE2B 44d405bf933923a020a6aadca9d84cfce04db72ac0ef1a727c83eca8121683419a2e74849f08fb4773010002928b424840fa9ec19ab619e420b1dfb5156de5c6 SHA512 c7c595fbc6163e500700b756ae30c96b70d41b9bf297a609622b5d5b8431171ed8db70fa8368c3b9650c86452820e9da7f329f9186ae75c24a7adb15d5826102
+DIST lxc-2.1.1.tar.gz 1378640 BLAKE2B 5fca516540a886729434579ff99acf3baa06977fa0e0b6f24dbf15094626335fc073597d308276e3dd20e27ceabf1477cc8e99d1fd24cf50b9aed2720b887b69 SHA512 2989d57acddfe091adcf8031721c3c9a2f8eff5476bd6155366b76ea7511e0f6120e669276e056e3963863e0f0acf3b095d44c36fa6652e67c197671f28cbdd4

diff --git a/app-emulation/lxc/files/lxc-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch b/app-emulation/lxc/files/lxc-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch
new file mode 100644
index 00000000000..8493491d0d6
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch
@@ -0,0 +1,164 @@
+From b635e92d21d2a4d71a553388f18cfa08f44bf1ba Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Mon, 30 Oct 2017 14:16:46 +0100
+Subject: [PATCH] cgroups: enable container without CAP_SYS_ADMIN
+
+In case cgroup namespaces are supported but we do not have CAP_SYS_ADMIN we
+need to mount cgroups for the container. This patch enables both privileged and
+unprivileged containers without CAP_SYS_ADMIN.
+
+Closes #1737.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/cgroups/cgfs.c   |  3 ++-
+ src/lxc/cgroups/cgfsng.c | 52 +++++++++++++++++++++++++++++++++++++++++++++---
+ src/lxc/cgroups/cgroup.c |  2 +-
+ src/lxc/conf.c           |  3 ---
+ src/lxc/conf.h           |  1 +
+ 5 files changed, 53 insertions(+), 8 deletions(-)
+
+diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c
+index bcbd6613..efd627f0 100644
+--- a/src/lxc/cgroups/cgfs.c
++++ b/src/lxc/cgroups/cgfs.c
+@@ -1418,11 +1418,12 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
+ 	struct cgfs_data *cgfs_d;
+ 	struct cgroup_process_info *info, *base_info;
+ 	int r, saved_errno = 0;
++	struct lxc_handler *handler = hdata;
+ 
+ 	if (cgns_supported())
+ 		return true;
+ 
+-	cgfs_d = hdata;
++	cgfs_d = handler->cgroup_data;
+ 	if (!cgfs_d)
+ 		return false;
+ 	base_info = cgfs_d->info;
+diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
+index e43edd7d..ec6440c1 100644
+--- a/src/lxc/cgroups/cgfsng.c
++++ b/src/lxc/cgroups/cgfsng.c
+@@ -50,6 +50,7 @@
+ #include <linux/types.h>
+ #include <linux/kdev_t.h>
+ 
++#include "caps.h"
+ #include "cgroup.h"
+ #include "cgroup_utils.h"
+ #include "commands.h"
+@@ -1616,17 +1617,49 @@ do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
+ 	return 0;
+ }
+ 
++static int mount_cgroup_cgns_supported(struct hierarchy *h, const char *controllerpath)
++{
++	 int ret;
++	 char *controllers = NULL;
++	 char *type = "cgroup2";
++
++	if (!h->is_cgroup_v2) {
++		controllers = lxc_string_join(",", (const char **)h->controllers, false);
++		if (!controllers)
++			return -ENOMEM;
++		type = "cgroup";
++	}
++
++	ret = mount("cgroup", controllerpath, type, MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RELATIME, controllers);
++	free(controllers);
++	if (ret < 0) {
++		SYSERROR("Failed to mount %s with cgroup filesystem type %s", controllerpath, type);
++		return -1;
++	}
++
++	DEBUG("Mounted %s with cgroup filesystem type %s", controllerpath, type);
++	return 0;
++}
++
+ static bool cgfsng_mount(void *hdata, const char *root, int type)
+ {
+-	struct cgfsng_handler_data *d = hdata;
++	int i;
+ 	char *tmpfspath = NULL;
+ 	bool retval = false;
+-	int i;
++	struct lxc_handler *handler = hdata;
++	struct cgfsng_handler_data *d = handler->cgroup_data;
++	bool has_cgns = false, has_sys_admin = true;
+ 
+ 	if ((type & LXC_AUTO_CGROUP_MASK) == 0)
+ 		return true;
+ 
+-	if (cgns_supported())
++	has_cgns = cgns_supported();
++	if (!lxc_list_empty(&handler->conf->keepcaps))
++		has_sys_admin = in_caplist(CAP_SYS_ADMIN, &handler->conf->keepcaps);
++	else
++		has_sys_admin = !in_caplist(CAP_SYS_ADMIN, &handler->conf->caps);
++
++	if (has_cgns && has_sys_admin)
+ 		return true;
+ 
+ 	tmpfspath = must_make_path(root, "/sys/fs/cgroup", NULL);
+@@ -1662,6 +1695,19 @@ static bool cgfsng_mount(void *hdata, const char *root, int type)
+ 			free(controllerpath);
+ 			goto bad;
+ 		}
++
++		if (has_cgns && !has_sys_admin) {
++			/* If cgroup namespaces are supported but the container
++			 * will not have CAP_SYS_ADMIN after it has started we
++			 * need to mount the cgroups manually.
++			 */
++			r = mount_cgroup_cgns_supported(h, controllerpath);
++			free(controllerpath);
++			if (r < 0)
++				goto bad;
++			continue;
++		}
++
+ 		if (mount_cgroup_full(type, h, controllerpath, d->container_cgroup) < 0) {
+ 			free(controllerpath);
+ 			goto bad;
+diff --git a/src/lxc/cgroups/cgroup.c b/src/lxc/cgroups/cgroup.c
+index 674e3090..36a665b1 100644
+--- a/src/lxc/cgroups/cgroup.c
++++ b/src/lxc/cgroups/cgroup.c
+@@ -166,7 +166,7 @@ bool cgroup_chown(struct lxc_handler *handler)
+ bool cgroup_mount(const char *root, struct lxc_handler *handler, int type)
+ {
+ 	if (ops)
+-		return ops->mount_cgroup(handler->cgroup_data, root, type);
++		return ops->mount_cgroup(handler, root, type);
+ 
+ 	return false;
+ }
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index d2fab945..44d97843 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -210,9 +210,6 @@ __thread struct lxc_conf *current_config;
+ struct lxc_conf *current_config;
+ #endif
+ 
+-/* Declare this here, since we don't want to reshuffle the whole file. */
+-static int in_caplist(int cap, struct lxc_list *caps);
+-
+ static struct mount_opt mount_opt[] = {
+ 	{ "async",         1, MS_SYNCHRONOUS },
+ 	{ "atime",         1, MS_NOATIME     },
+diff --git a/src/lxc/conf.h b/src/lxc/conf.h
+index c61f861e..63e71e2d 100644
+--- a/src/lxc/conf.h
++++ b/src/lxc/conf.h
+@@ -402,5 +402,6 @@ extern unsigned long add_required_remount_flags(const char *s, const char *d,
+ 						unsigned long flags);
+ extern int run_script(const char *name, const char *section, const char *script,
+ 		      ...);
++extern int in_caplist(int cap, struct lxc_list *caps);
+ 
+ #endif /* __LXC_CONF_H */
+-- 
+2.13.6
+

diff --git a/app-emulation/lxc/files/lxc-2.1.1-fix-cgroup2-detection.patch b/app-emulation/lxc/files/lxc-2.1.1-fix-cgroup2-detection.patch
new file mode 100644
index 00000000000..c16d28ac303
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.1.1-fix-cgroup2-detection.patch
@@ -0,0 +1,26 @@
+From cdfe90a49f516b0f1210d181980f14a4765e10da Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Mon, 30 Oct 2017 14:17:20 +0100
+Subject: [PATCH] cgfsng: fix cgroup2 detection
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/cgroups/cgfsng.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
+index 897336f0..e43edd7d 100644
+--- a/src/lxc/cgroups/cgfsng.c
++++ b/src/lxc/cgroups/cgfsng.c
+@@ -815,7 +815,7 @@ static void add_controller(char **clist, char *mountpoint, char *base_cgroup)
+ 	new->fullcgpath = NULL;
+ 
+ 	/* record if this is the cgroup v2 hierarchy */
+-	if (!strcmp(base_cgroup, "cgroup2"))
++	if (clist && !strcmp(*clist, "cgroup2"))
+ 		new->is_cgroup_v2 = true;
+ 	else
+ 		new->is_cgroup_v2 = false;
+-- 
+2.13.6
+

diff --git a/app-emulation/lxc/files/lxc.initd.7 b/app-emulation/lxc/files/lxc.initd.7
new file mode 100644
index 00000000000..6a42b6aac52
--- /dev/null
+++ b/app-emulation/lxc/files/lxc.initd.7
@@ -0,0 +1,124 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+CONTAINER=${SVCNAME#*.}
+
+LXC_PATH=`lxc-config lxc.lxcpath`
+
+lxc_get_configfile() {
+	if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
+		echo "${LXC_PATH}/${CONTAINER}.conf"
+	elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
+		echo "${LXC_PATH}/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+		$1 == "lxc.network.type" {_type=$2;}
+		$1 == "lxc.network.link" {_link=$2;}
+		match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;}
+		match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;}
+		{if(_link != "" && _type != ""){
+			printf("%s:%s\n", _link, _type );
+			_link=""; _type="";
+		}; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.uts.name)
+	if [ -z "$utsname" ] ; then
+		utsname=$(lxc_get_var lxc.utsname)
+	fi
+
+	if [ "${CONTAINER}" != "${utsname}" ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+	use lxcfs
+
+	local _x _if
+	for _x in $(lxc_get_net_link_type); do
+		_if=${_x%:*}
+		case "${_x##*:}" in
+			# when the network type is set to phys, we can make use of a
+			# network service (for instance to set it up before we disable
+			# the net_admin capability), but we might also not set it up
+			# at all on the host and leave the net_admin capable service
+			# to take care of it.
+			phys)	use net.${_if} ;;
+			*)	need net.${_if} ;;
+		esac
+	done
+}
+
+start() {
+	checkconfig || return 1
+	rm -f /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting ${CONTAINER}"
+	env -i ${setarch} $(which lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 1
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	[ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+
+	if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	# 10s should be enough to shut everything down
+	ebegin "Stopping ${CONTAINER}"
+	lxc-stop -t 10 -n ${CONTAINER}
+	eend $?
+}

diff --git a/app-emulation/lxc/lxc-2.1.1.ebuild b/app-emulation/lxc/lxc-2.1.1.ebuild
new file mode 100644
index 00000000000..7ddad1b7527
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.1.1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python{3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+pkg_setup() {
+	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${PN}-2.0.6-bash-completion.patch
+	#558854
+	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
+	eapply "${FILESDIR}"/${PN}-2.1.1-fix-cgroup2-detection.patch
+	eapply "${FILESDIR}"/${PN}-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	# Note by holgersson: Why is apparmor disabled?
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		--disable-werror \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	# start-ephemeral is no longer a command but removing it here
+	# generates QA warnings (still in upstream completion script)
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2017-12-15  1:55 Matthias Maier
  0 siblings, 0 replies; 14+ messages in thread
From: Matthias Maier @ 2017-12-15  1:55 UTC (permalink / raw
  To: gentoo-commits

commit:     5bde8835894effb1efaa093dea785343dfcd6a1d
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 15 01:52:25 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri Dec 15 01:55:04 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5bde8835

app-emulation/lxc: major cleanup

 - leave an old 1.0.x (1.0.11) version around for compatibility.
 - remove all unstable, obsolete 2.0.x versions
 - clean up patches

Package-Manager: Portage-2.3.18, Repoman-2.3.6
Signed-off-by: Virgil Dupras <hsoft <AT> hardcoded.net>

 app-emulation/lxc/Manifest                         |   5 -
 .../lxc/files/lxc-1.0.8-bash-completion.patch      |  35 ----
 .../lxc/files/lxc-2.0.3-bash-completion.patch      |  31 ----
 .../lxc/files/lxc-2.0.3-omit-sysconfig.patch       |   5 -
 .../lxc/files/lxc-2.0.4-bash-completion.patch      |  31 ----
 .../lxc/files/lxc-2.0.4-omit-sysconfig.patch       |   5 -
 .../lxc/files/lxc-2.0.5-bash-completion.patch      |  31 ----
 app-emulation/lxc/lxc-1.0.8.ebuild                 | 188 -------------------
 app-emulation/lxc/lxc-2.0.3-r1.ebuild              | 196 --------------------
 app-emulation/lxc/lxc-2.0.4.ebuild                 | 200 --------------------
 app-emulation/lxc/lxc-2.0.5.ebuild                 | 200 --------------------
 app-emulation/lxc/lxc-2.0.6-r1.ebuild              | 201 ---------------------
 12 files changed, 1128 deletions(-)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index b425522f07c..265bac0824f 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,8 +1,3 @@
 DIST lxc-1.0.11.tar.gz 850645 BLAKE2B 1a8eff91d970d3160d5ca7338f4e4d68c722a277a804396e7c30b34dbf4aeccc0609982940bb660992880078167cdf3382a55af404b3e52ebe8cd8af104b1efc SHA512 5537e61a286cfce3c763b81eec625538c796ea1e8f5e94c5a28fc8964762c8c0efa7983a188d521bf3420a42569d7124e6587950bc90b79583fa42cc8e2f8f74
-DIST lxc-1.0.8.tar.gz 575127 BLAKE2B 246ac7a2b4306c52a741b2f763bcc81d9999fb27942ef93d6a786ed2ea010c646f5a2388407d26425387b8a819cacae927c8512995bf19b11d610e1887ea6470 SHA512 f552a4f48bb47d26c6b9ddaf8221a439c0848e3f54ec41b77d54717c21bddd56193941046cc96c699790e8265e762a926469c25ee687adcf7795f2906b1c260a
-DIST lxc-2.0.3.tar.gz 772448 BLAKE2B 2336edea328a0ac033f2183386a2907ee8a088032b089c073ae8bbce6f54c55788288be85fe35a0b547976d5868abc31b27ffe5a5049e8769350c2b48dd9310c SHA512 df714f189ec7aa681710fbd58405b8958740102032c0130d8a0eaaae0341a9bc91a215136203c404ad79773800f620bf6f71f811b3effe559aed66efa4f34fef
-DIST lxc-2.0.4.tar.gz 775634 BLAKE2B 9699ae598c3dfddf458f62ca154a4ec75c3510d8dc0be98ebb6b10a30b21ec5e56ff9ec20615c0104a92124c4833e9439f88d04e0312a7c82f79ed7b6f802bbd SHA512 3f985bba5aaa8a70f0329316ea4f42ab135d58c47611154c62e103718212a4b2c5e4f25fd45c372424db1fbf40afdc8269ae98655fb3bc8e31085a5d948f702b
-DIST lxc-2.0.5.tar.gz 778842 BLAKE2B 02015ece79c2d0f3d0028b004c56042e12d40993ac0fff3c56c747de542debb33c32256d66d266fa99b4263fecaa8bb77c5cc48dbf6e9ca322f87613c2099821 SHA512 8e14036597fa3407c87fb92d13b40bbca9a646d27d817e0a9d20fe626625d6cf04a1df65b1a723391d41a311b9f4f3432b3213004892d64355fe0edc7858cb9f
-DIST lxc-2.0.6.tar.gz 788483 BLAKE2B 2b147f1699ad8cef9f7cae6e674af072fd92b017e94567dc8d50fad00a6ba75562dfd984b85d1b648aec059533a378b2212fef4be70941dfa3bd69ec1f53fb13 SHA512 f44c0498876462d78e57d19816eab666e90470badc2bbd38fed9f504e8b21c3e68e4d0f63a8676fa8716be60481befb3db44098228fd71b480972af2b5dcf1e3
 DIST lxc-2.0.7.tar.gz 792557 BLAKE2B e5f1e6d8961938200e116527fab8ce341cf285826afdccac88f4bae65ffd649a406dac7555024557f38c4b415a59cd3b5fb255f1dbf015ce01d4975bed3b1c80 SHA512 eb48dc800ce43d2f4d46e0cecc4d0a714b3e22c6a4975776b54d17d1d20d5a1411e6b605215282f1f77286ddf22b61c80b86b83752191fc18023894ef7a1c44d
 DIST lxc-2.0.8.tar.gz 1308705 BLAKE2B 044e82e182f4ca325da237b888ff16b0469eb11ecdab2ed55f5e9372e84d816ec30edee28ef1473aaa7211a9d9aee0d26f45f169320551e45098da9de7a74104 SHA512 ed9fd47e92007f433695cffea659180866a5ac2778712f4eb13b6629bb18292589f5b674b734853ca196ba1f6d38bdbf3cc8a2bb28e25d3540b06b945fcf9096

diff --git a/app-emulation/lxc/files/lxc-1.0.8-bash-completion.patch b/app-emulation/lxc/files/lxc-1.0.8-bash-completion.patch
deleted file mode 100644
index e9e0e6c98df..00000000000
--- a/app-emulation/lxc/files/lxc-1.0.8-bash-completion.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Index: lxc-lxc-1.0.8/config/bash/Makefile.am
-===================================================================
---- lxc-lxc-1.0.8.orig/config/bash/Makefile.am
-+++ lxc-lxc-1.0.8/config/bash/Makefile.am
-@@ -2,12 +2,12 @@ EXTRA_DIST = lxc
- 
- if ENABLE_BASH
- install-bash:
--	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
--	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
-+	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
-+	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
- 
- uninstall-bash:
--	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
--	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
-+	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
-+	rmdir $(DESTDIR)$(datarootdir)/bash-completion// || :
- 
- install-data-local: install-bash
- uninstall-local: uninstall-bash
-Index: lxc-lxc-1.0.8/config/bash/lxc.in
-===================================================================
---- lxc-lxc-1.0.8.orig/config/bash/lxc.in
-+++ lxc-lxc-1.0.8/config/bash/lxc.in
-@@ -1,4 +1,3 @@
--have lxc-start && {
-     _lxc_names() {
-         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
-     }
-@@ -100,4 +99,3 @@ have lxc-start && {
- 
-     complete -o default -F _lxc_generic_o lxc-clone
-     complete -o default -F _lxc_generic_o lxc-start-ephemeral
--}

diff --git a/app-emulation/lxc/files/lxc-2.0.3-bash-completion.patch b/app-emulation/lxc/files/lxc-2.0.3-bash-completion.patch
deleted file mode 100644
index 9ef6013e5b6..00000000000
--- a/app-emulation/lxc/files/lxc-2.0.3-bash-completion.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- lxc-lxc-2.0.1/config/bash/Makefile.am.orig	2016-05-18 20:40:42.238487678 +0000
-+++ lxc-lxc-2.0.1/config/bash/Makefile.am	2016-05-18 20:43:02.163497779 +0000
-@@ -2,12 +2,12 @@
- 
- if ENABLE_BASH
- install-bash:
--	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
--	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
-+	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
-+	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
- 
- uninstall-bash:
--	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
--	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
-+	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
-+	rmdir $(DESTDIR)$(datarootdir)/bash-completion/completions/ || :
- 
- install-data-local: install-bash
- uninstall-local: uninstall-bash
---- lxc-lxc-2.0.1/config/bash/lxc.in.orig	2016-05-18 20:40:51.079488316 +0000
-+++ lxc-lxc-2.0.1/config/bash/lxc.in	2016-05-18 20:45:03.506506538 +0000
-@@ -1,4 +1,3 @@
--_have lxc-start && {
-     _lxc_names() {
-         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
-     }
-@@ -100,4 +99,3 @@
- 
-     complete -o default -F _lxc_generic_o lxc-copy
-     complete -o default -F _lxc_generic_o lxc-start-ephemeral
--}

diff --git a/app-emulation/lxc/files/lxc-2.0.3-omit-sysconfig.patch b/app-emulation/lxc/files/lxc-2.0.3-omit-sysconfig.patch
deleted file mode 100644
index 9b83a3b2687..00000000000
--- a/app-emulation/lxc/files/lxc-2.0.3-omit-sysconfig.patch
+++ /dev/null
@@ -1,5 +0,0 @@
---- lxc-lxc-2.0.1/config/Makefile.am.orig	2016-05-19 02:56:11.891113982 +0000
-+++ lxc-lxc-2.0.1/config/Makefile.am	2016-05-19 02:56:32.596115476 +0000
-@@ -1 +1 @@
--SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
-+SUBDIRS = apparmor bash etc init selinux templates yum

diff --git a/app-emulation/lxc/files/lxc-2.0.4-bash-completion.patch b/app-emulation/lxc/files/lxc-2.0.4-bash-completion.patch
deleted file mode 100644
index 6feb4c2bb01..00000000000
--- a/app-emulation/lxc/files/lxc-2.0.4-bash-completion.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- /config/bash/Makefile.am.orig	2016-05-18 20:40:42.238487678 +0000
-+++ /config/bash/Makefile.am	2016-05-18 20:43:02.163497779 +0000
-@@ -2,12 +2,12 @@
- 
- if ENABLE_BASH
- install-bash:
--	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
--	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
-+	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
-+	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
- 
- uninstall-bash:
--	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
--	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
-+	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
-+	rmdir $(DESTDIR)$(datarootdir)/bash-completion/completions/ || :
- 
- install-data-local: install-bash
- uninstall-local: uninstall-bash
---- /config/bash/lxc.in.orig	2016-05-18 20:40:51.079488316 +0000
-+++ /config/bash/lxc.in	2016-05-18 20:45:03.506506538 +0000
-@@ -1,4 +1,3 @@
--_have lxc-start && {
-     _lxc_names() {
-         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
-     }
-@@ -100,4 +99,3 @@
- 
-     complete -o default -F _lxc_generic_o lxc-copy
-     complete -o default -F _lxc_generic_o lxc-start-ephemeral
--}

diff --git a/app-emulation/lxc/files/lxc-2.0.4-omit-sysconfig.patch b/app-emulation/lxc/files/lxc-2.0.4-omit-sysconfig.patch
deleted file mode 100644
index 3ec81356499..00000000000
--- a/app-emulation/lxc/files/lxc-2.0.4-omit-sysconfig.patch
+++ /dev/null
@@ -1,5 +0,0 @@
---- /config/Makefile.am.orig	2016-05-19 02:56:11.891113982 +0000
-+++ /config/Makefile.am	2016-05-19 02:56:32.596115476 +0000
-@@ -1 +1 @@
--SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
-+SUBDIRS = apparmor bash etc init selinux templates yum

diff --git a/app-emulation/lxc/files/lxc-2.0.5-bash-completion.patch b/app-emulation/lxc/files/lxc-2.0.5-bash-completion.patch
deleted file mode 100644
index 6feb4c2bb01..00000000000
--- a/app-emulation/lxc/files/lxc-2.0.5-bash-completion.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- /config/bash/Makefile.am.orig	2016-05-18 20:40:42.238487678 +0000
-+++ /config/bash/Makefile.am	2016-05-18 20:43:02.163497779 +0000
-@@ -2,12 +2,12 @@
- 
- if ENABLE_BASH
- install-bash:
--	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
--	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
-+	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
-+	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
- 
- uninstall-bash:
--	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
--	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
-+	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
-+	rmdir $(DESTDIR)$(datarootdir)/bash-completion/completions/ || :
- 
- install-data-local: install-bash
- uninstall-local: uninstall-bash
---- /config/bash/lxc.in.orig	2016-05-18 20:40:51.079488316 +0000
-+++ /config/bash/lxc.in	2016-05-18 20:45:03.506506538 +0000
-@@ -1,4 +1,3 @@
--_have lxc-start && {
-     _lxc_names() {
-         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
-     }
-@@ -100,4 +99,3 @@
- 
-     complete -o default -F _lxc_generic_o lxc-copy
-     complete -o default -F _lxc_generic_o lxc-start-ephemeral
--}

diff --git a/app-emulation/lxc/lxc-1.0.8.ebuild b/app-emulation/lxc/lxc-1.0.8.ebuild
deleted file mode 100644
index 1c55e591610..00000000000
--- a/app-emulation/lxc/lxc-1.0.8.ebuild
+++ /dev/null
@@ -1,188 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-MY_P="${P/_/-}"
-PYTHON_COMPAT=( python3_4 )
-DISTUTILS_OPTIONAL=1
-
-inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
-
-KEYWORDS="amd64 ~arm ~arm64 ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="doc examples lua python seccomp"
-
-RDEPEND="net-libs/gnutls
-	sys-libs/libcap
-	lua? ( >=dev-lang/lua-5.1:= )
-	python? ( ${PYTHON_DEPS} )
-	seccomp? ( sys-libs/libseccomp )"
-
-DEPEND="${RDEPEND}
-	doc? ( app-text/docbook-sgml-utils )
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~RESOURCE_COUNTERS
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~DEVPTS_MULTIPLE_INSTANCES
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:	needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:	needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:	needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:	needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:	needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:	needed for internal (inter-container) networking"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:	needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:	as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT=":CONFIG_GRKERNSEC_CHROOT_MOUNT	some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE	some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT	some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD	some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS	some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC=":CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-S="${WORKDIR}/${PN}-${MY_P}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-src_prepare() {
-	sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/g' configure.ac || die
-	if [[ -n ${BACKPORTS} ]]; then
-		epatch "${WORKDIR}"/patches/*
-	fi
-
-	epatch "${FILESDIR}"/${PN}-1.0.8-bash-completion.patch
-
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/sbin \
-		--docdir=/usr/share/doc/${PF} \
-		--with-config-path=/etc/lxc	\
-		--with-rootfs-path=/usr/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		$(use_enable doc) \
-		--disable-apparmor \
-		$(use_enable examples) \
-		$(use_enable lua) \
-		$(use_enable seccomp) \
-		--disable-python
-}
-
-python_compile() {
-	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd "${S}/src/python-${PN}" > /dev/null
-		distutils-r1_src_compile
-		popd > /dev/null
-	fi
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,clone,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
-
-	if use python; then
-		pushd "${S}/src/python-lxc" > /dev/null
-		# Unset DOCS. This has been handled by the default target
-		unset DOCS
-		distutils-r1_src_install
-		popd > /dev/null
-	fi
-
-	keepdir /etc/lxc /usr/lib/lxc/rootfs /var/log/lxc
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	# Use initd.3 per #517144
-	newinitd "${FILESDIR}/${PN}.initd.3" ${PN}
-
-	# lxc-devsetup script
-	exeinto /usr/libexec/${PN}
-	doexe config/init/systemd/${PN}-devsetup
-	# Use that script with the systemd service (Similar to upstream
-	# Makefile.am
-	cp "${FILESDIR}"/${PN}_at.service ${PN}_at.service || die
-	sed -i \
-		"/Restart=always/a ExecStartPre=/usr/libexec/${PN}/${PN}-devsetup" \
-		${PN}_at.service \
-		|| die "Failed to add ${PN}-devsetup to the systemd service file"
-	systemd_newunit ${PN}_at.service "lxc@.service"
-}
-
-pkg_postinst() {
-	elog "There is an init script provided with the package now; no documentation"
-	elog "is currently available though, so please check out /etc/init.d/lxc ."
-	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
-	elog "to start the container defined into /etc/lxc/configname.conf ."
-	elog "For further information about LXC development see"
-	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
-	elog ""
-	ewarn "With version 0.7.4, the mountpoint syntax came back to the one used by 0.7.2"
-	ewarn "and previous versions. This means you'll have to use syntax like the following"
-	ewarn ""
-	ewarn "    lxc.rootfs = /container"
-	ewarn "    lxc.mount.entry = /usr/portage /container/usr/portage none bind 0 0"
-	ewarn ""
-	ewarn "To use the Fedora, Debian and (various) Ubuntu auto-configuration scripts, you"
-	ewarn "will need sys-apps/yum or dev-util/debootstrap."
-	ewarn ""
-	ewarn "Some GrSecurity settings in relation to chroot security will cause LXC not to"
-	ewarn "work, while others will actually make it much more secure. Please refer to"
-	ewarn "Diego Elio Pettenò's weblog at http://blog.flameeyes.eu/tag/lxc for further"
-	ewarn "details."
-}

diff --git a/app-emulation/lxc/lxc-2.0.3-r1.ebuild b/app-emulation/lxc/lxc-2.0.3-r1.ebuild
deleted file mode 100644
index fbf2ce71f6d..00000000000
--- a/app-emulation/lxc/lxc-2.0.3-r1.ebuild
+++ /dev/null
@@ -1,196 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-MY_P="${P/_/-}"
-PYTHON_COMPAT=( python{3_4,3_5} )
-DISTUTILS_OPTIONAL=1
-
-inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
-
-KEYWORDS="~amd64 ~arm ~arm64"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="cgmanager doc examples lua python seccomp"
-
-RDEPEND="net-libs/gnutls
-	sys-libs/libcap
-	cgmanager? ( app-admin/cgmanager )
-	lua? ( >=dev-lang/lua-5.1:= )
-	python? ( ${PYTHON_DEPS} )
-	seccomp? ( sys-libs/libseccomp )"
-
-DEPEND="${RDEPEND}
-	doc? ( app-text/docbook-sgml-utils )
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-process/criu
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~NETLINK_DIAG ~PACKET_DIAG
-	~INET_UDP_DIAG ~INET_TCP_DIAG
-	~UNIX_DIAG ~CHECKPOINT_RESTORE
-
-	~DEVPTS_MULTIPLE_INSTANCES
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
-ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
-ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
-ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-S="${WORKDIR}/${PN}-${MY_P}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-src_prepare() {
-	epatch "${FILESDIR}"/${P}-bash-completion.patch
-	#558854
-	epatch "${FILESDIR}"/${P}-omit-sysconfig.patch
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	if use python; then
-		#541932
-		python_setup "python3*"
-		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
-	fi
-
-	# I am not sure about the --with-rootfs-path
-	# /var/lib/lxc is probably more appropriate than
-	# /usr/lib/lxc.
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/bin \
-		--sbindir=/usr/bin \
-		--docdir=/usr/share/doc/${PF} \
-		--with-config-path=/var/lib/lxc	\
-		--with-rootfs-path=/var/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		--with-runtime-path=/run \
-		--disable-apparmor \
-		$(use_enable cgmanager) \
-		$(use_enable doc) \
-		$(use_enable examples) \
-		$(use_enable lua) \
-		$(use_enable python) \
-		$(use_enable seccomp)
-}
-
-python_compile() {
-	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd "${S}/src/python-${PN}" > /dev/null
-		distutils-r1_src_compile
-		popd > /dev/null
-	fi
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	# start-ephemeral is no longer a command but removing it here
-	# generates QA warnings (still in upstream completion script)
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
-
-	if use python; then
-		pushd "${S}/src/python-lxc" > /dev/null
-		# Unset DOCS. This has been handled by the default target
-		unset DOCS
-		distutils-r1_src_install
-		popd > /dev/null
-	fi
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-}
-
-pkg_postinst() {
-	elog ""
-	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
-	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
-	elog "please add the following to your /etc/lxc/default.conf"
-	elog "lxc.lxcpath = /etc/lxc"
-	elog ""
-	elog "There is an init script provided with the package now; no documentation"
-	elog "is currently available though, so please check out /etc/init.d/lxc ."
-	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
-	elog "to start the container defined into /etc/lxc/configname.conf ."
-	elog "For further information about LXC development see"
-	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
-	elog ""
-}

diff --git a/app-emulation/lxc/lxc-2.0.4.ebuild b/app-emulation/lxc/lxc-2.0.4.ebuild
deleted file mode 100644
index 5cafe41f06e..00000000000
--- a/app-emulation/lxc/lxc-2.0.4.ebuild
+++ /dev/null
@@ -1,200 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-MY_P="${P/_/-}"
-PYTHON_COMPAT=( python{3_4,3_5} )
-DISTUTILS_OPTIONAL=1
-
-inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
-
-KEYWORDS="~amd64 ~arm ~arm64"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="cgmanager doc examples lua python seccomp"
-
-RDEPEND="net-libs/gnutls
-	sys-libs/libcap
-	cgmanager? ( app-admin/cgmanager )
-	lua? ( >=dev-lang/lua-5.1:= )
-	python? ( ${PYTHON_DEPS} )
-	seccomp? ( sys-libs/libseccomp )"
-
-DEPEND="${RDEPEND}
-	doc? ( app-text/docbook-sgml-utils )
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-process/criu
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~NETLINK_DIAG ~PACKET_DIAG
-	~INET_UDP_DIAG ~INET_TCP_DIAG
-	~UNIX_DIAG ~CHECKPOINT_RESTORE
-
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
-ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
-ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
-ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-S="${WORKDIR}/${PN}-${MY_P}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-pkg_setup() {
-	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	eapply "${FILESDIR}"/${P}-bash-completion.patch
-	#558854
-	eapply "${FILESDIR}"/${P}-omit-sysconfig.patch
-	eapply_user
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	if use python; then
-		#541932
-		python_setup "python3*"
-		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
-	fi
-
-	# I am not sure about the --with-rootfs-path
-	# /var/lib/lxc is probably more appropriate than
-	# /usr/lib/lxc.
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/bin \
-		--sbindir=/usr/bin \
-		--with-config-path=/var/lib/lxc	\
-		--with-rootfs-path=/var/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		--with-runtime-path=/run \
-		--disable-apparmor \
-		$(use_enable cgmanager) \
-		$(use_enable doc) \
-		$(use_enable examples) \
-		$(use_enable lua) \
-		$(use_enable python) \
-		$(use_enable seccomp)
-}
-
-python_compile() {
-	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd "${S}/src/python-${PN}" > /dev/null
-		distutils-r1_src_compile
-		popd > /dev/null
-	fi
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	# start-ephemeral is no longer a command but removing it here
-	# generates QA warnings (still in upstream completion script)
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
-
-	if use python; then
-		pushd "${S}/src/python-lxc" > /dev/null
-		# Unset DOCS. This has been handled by the default target
-		unset DOCS
-		distutils-r1_src_install
-		popd > /dev/null
-	fi
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-}
-
-pkg_postinst() {
-	elog ""
-	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
-	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
-	elog "please add the following to your /etc/lxc/default.conf"
-	elog "lxc.lxcpath = /etc/lxc"
-	elog ""
-	elog "There is an init script provided with the package now; no documentation"
-	elog "is currently available though, so please check out /etc/init.d/lxc ."
-	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
-	elog "to start the container defined into /etc/lxc/configname.conf ."
-	elog "For further information about LXC development see"
-	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
-	elog ""
-}

diff --git a/app-emulation/lxc/lxc-2.0.5.ebuild b/app-emulation/lxc/lxc-2.0.5.ebuild
deleted file mode 100644
index 5cafe41f06e..00000000000
--- a/app-emulation/lxc/lxc-2.0.5.ebuild
+++ /dev/null
@@ -1,200 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-MY_P="${P/_/-}"
-PYTHON_COMPAT=( python{3_4,3_5} )
-DISTUTILS_OPTIONAL=1
-
-inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
-
-KEYWORDS="~amd64 ~arm ~arm64"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="cgmanager doc examples lua python seccomp"
-
-RDEPEND="net-libs/gnutls
-	sys-libs/libcap
-	cgmanager? ( app-admin/cgmanager )
-	lua? ( >=dev-lang/lua-5.1:= )
-	python? ( ${PYTHON_DEPS} )
-	seccomp? ( sys-libs/libseccomp )"
-
-DEPEND="${RDEPEND}
-	doc? ( app-text/docbook-sgml-utils )
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-process/criu
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~NETLINK_DIAG ~PACKET_DIAG
-	~INET_UDP_DIAG ~INET_TCP_DIAG
-	~UNIX_DIAG ~CHECKPOINT_RESTORE
-
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
-ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
-ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
-ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-S="${WORKDIR}/${PN}-${MY_P}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-pkg_setup() {
-	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	eapply "${FILESDIR}"/${P}-bash-completion.patch
-	#558854
-	eapply "${FILESDIR}"/${P}-omit-sysconfig.patch
-	eapply_user
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	if use python; then
-		#541932
-		python_setup "python3*"
-		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
-	fi
-
-	# I am not sure about the --with-rootfs-path
-	# /var/lib/lxc is probably more appropriate than
-	# /usr/lib/lxc.
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/bin \
-		--sbindir=/usr/bin \
-		--with-config-path=/var/lib/lxc	\
-		--with-rootfs-path=/var/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		--with-runtime-path=/run \
-		--disable-apparmor \
-		$(use_enable cgmanager) \
-		$(use_enable doc) \
-		$(use_enable examples) \
-		$(use_enable lua) \
-		$(use_enable python) \
-		$(use_enable seccomp)
-}
-
-python_compile() {
-	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd "${S}/src/python-${PN}" > /dev/null
-		distutils-r1_src_compile
-		popd > /dev/null
-	fi
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	# start-ephemeral is no longer a command but removing it here
-	# generates QA warnings (still in upstream completion script)
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
-
-	if use python; then
-		pushd "${S}/src/python-lxc" > /dev/null
-		# Unset DOCS. This has been handled by the default target
-		unset DOCS
-		distutils-r1_src_install
-		popd > /dev/null
-	fi
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-}
-
-pkg_postinst() {
-	elog ""
-	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
-	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
-	elog "please add the following to your /etc/lxc/default.conf"
-	elog "lxc.lxcpath = /etc/lxc"
-	elog ""
-	elog "There is an init script provided with the package now; no documentation"
-	elog "is currently available though, so please check out /etc/init.d/lxc ."
-	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
-	elog "to start the container defined into /etc/lxc/configname.conf ."
-	elog "For further information about LXC development see"
-	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
-	elog ""
-}

diff --git a/app-emulation/lxc/lxc-2.0.6-r1.ebuild b/app-emulation/lxc/lxc-2.0.6-r1.ebuild
deleted file mode 100644
index c3ca8d9ee12..00000000000
--- a/app-emulation/lxc/lxc-2.0.6-r1.ebuild
+++ /dev/null
@@ -1,201 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-MY_P="${P/_/-}"
-PYTHON_COMPAT=( python{3_4,3_5} )
-DISTUTILS_OPTIONAL=1
-
-inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
-
-KEYWORDS="~amd64 ~arm ~arm64"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="cgmanager doc examples lua python seccomp"
-
-RDEPEND="net-libs/gnutls
-	sys-libs/libcap
-	cgmanager? ( app-admin/cgmanager )
-	lua? ( >=dev-lang/lua-5.1:= )
-	python? ( ${PYTHON_DEPS} )
-	seccomp? ( sys-libs/libseccomp )"
-
-DEPEND="${RDEPEND}
-	doc? ( app-text/docbook-sgml-utils )
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-process/criu
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~NETLINK_DIAG ~PACKET_DIAG
-	~INET_UDP_DIAG ~INET_TCP_DIAG
-	~UNIX_DIAG ~CHECKPOINT_RESTORE
-
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
-ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
-ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
-ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
-ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-S="${WORKDIR}/${PN}-${MY_P}"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-pkg_setup() {
-	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	eapply "${FILESDIR}"/${P}-bash-completion.patch
-	#558854
-	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
-	eapply "${FILESDIR}"/${PN}-2.0.6-major.patch
-	eapply_user
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	if use python; then
-		#541932
-		python_setup "python3*"
-		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
-	fi
-
-	# I am not sure about the --with-rootfs-path
-	# /var/lib/lxc is probably more appropriate than
-	# /usr/lib/lxc.
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/bin \
-		--sbindir=/usr/bin \
-		--with-config-path=/var/lib/lxc	\
-		--with-rootfs-path=/var/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		--with-runtime-path=/run \
-		--disable-apparmor \
-		$(use_enable cgmanager) \
-		$(use_enable doc) \
-		$(use_enable examples) \
-		$(use_enable lua) \
-		$(use_enable python) \
-		$(use_enable seccomp)
-}
-
-python_compile() {
-	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd "${S}/src/python-${PN}" > /dev/null
-		distutils-r1_src_compile
-		popd > /dev/null
-	fi
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	# start-ephemeral is no longer a command but removing it here
-	# generates QA warnings (still in upstream completion script)
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
-
-	if use python; then
-		pushd "${S}/src/python-lxc" > /dev/null
-		# Unset DOCS. This has been handled by the default target
-		unset DOCS
-		distutils-r1_src_install
-		popd > /dev/null
-	fi
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-}
-
-pkg_postinst() {
-	elog ""
-	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
-	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
-	elog "please add the following to your /etc/lxc/default.conf"
-	elog "lxc.lxcpath = /etc/lxc"
-	elog ""
-	elog "There is an init script provided with the package now; no documentation"
-	elog "is currently available though, so please check out /etc/init.d/lxc ."
-	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
-	elog "to start the container defined into /etc/lxc/configname.conf ."
-	elog "For further information about LXC development see"
-	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
-	elog ""
-}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2016-12-03 13:39 Yixun Lan
  0 siblings, 0 replies; 14+ messages in thread
From: Yixun Lan @ 2016-12-03 13:39 UTC (permalink / raw
  To: gentoo-commits

commit:     2891603788e6f92f8c58ea74d26a48e62c3c21ab
Author:     Yixun Lan <dlan <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  3 13:30:30 2016 +0000
Commit:     Yixun Lan <dlan <AT> gentoo <DOT> org>
CommitDate: Sat Dec  3 13:38:51 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28916037

app-emulation/lxc: version bump

rework bashcomp patch to make 2.0.6 happy

Package-Manager: portage-2.3.2

 app-emulation/lxc/Manifest                         |   1 +
 .../lxc/files/lxc-2.0.6-bash-completion.patch      |  27 +++
 app-emulation/lxc/lxc-2.0.6.ebuild                 | 200 +++++++++++++++++++++
 3 files changed, 228 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 155b6f9..075d3bf 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -3,3 +3,4 @@ DIST lxc-1.0.8.tar.gz 575127 SHA256 399ac3eb4e0a89d657fb2e2a57f686ed061d3f1ea473
 DIST lxc-2.0.3.tar.gz 772448 SHA256 635afa330088fea57883018da326fc72f85460b5a6c7802ad68044381aff14f3 SHA512 df714f189ec7aa681710fbd58405b8958740102032c0130d8a0eaaae0341a9bc91a215136203c404ad79773800f620bf6f71f811b3effe559aed66efa4f34fef WHIRLPOOL 89ce2f6762c7279e24658c1154b5c2960d3db32e0ec3724b338f5d30da77cc0b33a2376e5eebe6d9c356bdd34c2aa9da1e2434aecd7e428fa4b729389e35b862
 DIST lxc-2.0.4.tar.gz 775634 SHA256 57d40234aeecf5b60fb29d563e5a09d6a04c89e1267eb22a6704388ac8573e7b SHA512 3f985bba5aaa8a70f0329316ea4f42ab135d58c47611154c62e103718212a4b2c5e4f25fd45c372424db1fbf40afdc8269ae98655fb3bc8e31085a5d948f702b WHIRLPOOL b001c75d67d676e75b203d789cf2c0643ba9a47aa31965441340b66f28e18371415b9d44ce752e35102bc8677688eec6e586d800a33a2a965c8a046c091ebc06
 DIST lxc-2.0.5.tar.gz 778842 SHA256 1f1c491b2ad5e74a85b8eb791ccac8128e6eaf5ddcc1323e9360997c030f7072 SHA512 8e14036597fa3407c87fb92d13b40bbca9a646d27d817e0a9d20fe626625d6cf04a1df65b1a723391d41a311b9f4f3432b3213004892d64355fe0edc7858cb9f WHIRLPOOL fa6ac86d67fe563f92411cbd09a0d66d729a0a15fe48076b42f4b3996e6b786826990bd51382c14606fd1b5240d413bc8d217fac37becd9baccd89de15d30b22
+DIST lxc-2.0.6.tar.gz 788483 SHA256 8723ef5973a47e7b2c439002c28590d74689e871d36f03089965503c0c0d50b2 SHA512 f44c0498876462d78e57d19816eab666e90470badc2bbd38fed9f504e8b21c3e68e4d0f63a8676fa8716be60481befb3db44098228fd71b480972af2b5dcf1e3 WHIRLPOOL 5bb2648637a46e3547edeba2ad46eb131b2ae194f5efe52a688157cfa3f361f51a832554a94bcd47074e65cbf8d1e1119d23548bdf83ca62c131400c40aff34a

diff --git a/app-emulation/lxc/files/lxc-2.0.6-bash-completion.patch b/app-emulation/lxc/files/lxc-2.0.6-bash-completion.patch
new file mode 100644
index 00000000..6033e36
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.0.6-bash-completion.patch
@@ -0,0 +1,27 @@
+diff --git a/config/bash/lxc.in b/config/bash/lxc.in
+index 7dcf302..5927fe2 100644
+--- a/config/bash/lxc.in
++++ b/config/bash/lxc.in
+@@ -1,4 +1,3 @@
+-_have lxc-start && {
+     _lxc_names() {
+         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
+     }
+@@ -100,4 +99,3 @@ _have lxc-start && {
+ 
+     complete -o default -F _lxc_generic_o lxc-copy
+     complete -o default -F _lxc_generic_o lxc-start-ephemeral
+-}
+diff --git a/configure.ac b/configure.ac
+index 4640c0d..14ccdd3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -478,7 +478,7 @@ AM_CONDITIONAL([ENABLE_BASH], [test "x$enable_bash" = "xyes"])
+ AM_COND_IF([ENABLE_BASH],
+ 	[AC_MSG_CHECKING([bash completion directory])
+ 	PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], ,
+-		bashcompdir="${sysconfdir}/bash_completion.d")
++		bashcompdir="$datadir/bash-completion/completions")
+ 	AC_MSG_RESULT([$bashcompdir])
+ 	AC_SUBST(bashcompdir)
+ 	])

diff --git a/app-emulation/lxc/lxc-2.0.6.ebuild b/app-emulation/lxc/lxc-2.0.6.ebuild
new file mode 100644
index 00000000..11e2839
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.0.6.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+pkg_setup() {
+	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${P}-bash-completion.patch
+	#558854
+	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	# start-ephemeral is no longer a command but removing it here
+	# generates QA warnings (still in upstream completion script)
+	bashcomp_alias ${PN} \
+		${PN}-{start,attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2016-09-04 15:29 Erik Mackdanz
  0 siblings, 0 replies; 14+ messages in thread
From: Erik Mackdanz @ 2016-09-04 15:29 UTC (permalink / raw
  To: gentoo-commits

commit:     7ff4458b663f7af03854c75f020e4fb60b68ab09
Author:     Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  4 15:28:43 2016 +0000
Commit:     Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
CommitDate: Sun Sep  4 15:29:40 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ff4458b

app-emulation/lxc: bump to 2.0.4

EAPI=6.  Also add a condition around a removed kernel
config option.

Package-Manager: portage-2.3.0

 app-emulation/lxc/Manifest                         |   1 +
 .../lxc/files/lxc-2.0.4-bash-completion.patch      |  31 ++++
 .../lxc/files/lxc-2.0.4-omit-sysconfig.patch       |   5 +
 app-emulation/lxc/lxc-2.0.4.ebuild                 | 201 +++++++++++++++++++++
 4 files changed, 238 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 3260e04..fe865f9 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,3 +1,4 @@
 DIST lxc-1.0.7.tar.gz 564985 SHA256 a0b1b09592e076e270dcb3ba004616d9ac3147f9de0b78ca39a30f8956b0a8f2 SHA512 e6ff42a7b41177e1be0d2cd47d4c554565c7fc35355f3aa8aeba00d4adc7a0f364ecd060ddb6c97b2fe5968329c4e4c4b3cb022bffd2da145f30880f077264a8 WHIRLPOOL f07e5e9efb8ff394aa9cdd6c3e725b453c8137ec221399cbf910d57dbc9268fc84e7227273567792821415dc14e774942b76a58a1a478de57d5c82e545702000
 DIST lxc-1.0.8.tar.gz 575127 SHA256 399ac3eb4e0a89d657fb2e2a57f686ed061d3f1ea4733e7521b1539e9906c7ee SHA512 f552a4f48bb47d26c6b9ddaf8221a439c0848e3f54ec41b77d54717c21bddd56193941046cc96c699790e8265e762a926469c25ee687adcf7795f2906b1c260a WHIRLPOOL 72cd0b8b0345692dd9a3ed8785ee27f5e575794a96c515db1f1d073c29be4c06ae8c1ee24fa375a5ede2bba2494704916710b2e8814ed991d43330a40dff3d56
 DIST lxc-2.0.3.tar.gz 772448 SHA256 635afa330088fea57883018da326fc72f85460b5a6c7802ad68044381aff14f3 SHA512 df714f189ec7aa681710fbd58405b8958740102032c0130d8a0eaaae0341a9bc91a215136203c404ad79773800f620bf6f71f811b3effe559aed66efa4f34fef WHIRLPOOL 89ce2f6762c7279e24658c1154b5c2960d3db32e0ec3724b338f5d30da77cc0b33a2376e5eebe6d9c356bdd34c2aa9da1e2434aecd7e428fa4b729389e35b862
+DIST lxc-2.0.4.tar.gz 775634 SHA256 57d40234aeecf5b60fb29d563e5a09d6a04c89e1267eb22a6704388ac8573e7b SHA512 3f985bba5aaa8a70f0329316ea4f42ab135d58c47611154c62e103718212a4b2c5e4f25fd45c372424db1fbf40afdc8269ae98655fb3bc8e31085a5d948f702b WHIRLPOOL b001c75d67d676e75b203d789cf2c0643ba9a47aa31965441340b66f28e18371415b9d44ce752e35102bc8677688eec6e586d800a33a2a965c8a046c091ebc06

diff --git a/app-emulation/lxc/files/lxc-2.0.4-bash-completion.patch b/app-emulation/lxc/files/lxc-2.0.4-bash-completion.patch
new file mode 100644
index 00000000..6feb4c2
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.0.4-bash-completion.patch
@@ -0,0 +1,31 @@
+--- /config/bash/Makefile.am.orig	2016-05-18 20:40:42.238487678 +0000
++++ /config/bash/Makefile.am	2016-05-18 20:43:02.163497779 +0000
+@@ -2,12 +2,12 @@
+ 
+ if ENABLE_BASH
+ install-bash:
+-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
+-	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
++	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
++	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
+ 
+ uninstall-bash:
+-	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
+-	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
++	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
++	rmdir $(DESTDIR)$(datarootdir)/bash-completion/completions/ || :
+ 
+ install-data-local: install-bash
+ uninstall-local: uninstall-bash
+--- /config/bash/lxc.in.orig	2016-05-18 20:40:51.079488316 +0000
++++ /config/bash/lxc.in	2016-05-18 20:45:03.506506538 +0000
+@@ -1,4 +1,3 @@
+-_have lxc-start && {
+     _lxc_names() {
+         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
+     }
+@@ -100,4 +99,3 @@
+ 
+     complete -o default -F _lxc_generic_o lxc-copy
+     complete -o default -F _lxc_generic_o lxc-start-ephemeral
+-}

diff --git a/app-emulation/lxc/files/lxc-2.0.4-omit-sysconfig.patch b/app-emulation/lxc/files/lxc-2.0.4-omit-sysconfig.patch
new file mode 100644
index 00000000..3ec8135
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.0.4-omit-sysconfig.patch
@@ -0,0 +1,5 @@
+--- /config/Makefile.am.orig	2016-05-19 02:56:11.891113982 +0000
++++ /config/Makefile.am	2016-05-19 02:56:32.596115476 +0000
+@@ -1 +1 @@
+-SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
++SUBDIRS = apparmor bash etc init selinux templates yum

diff --git a/app-emulation/lxc/lxc-2.0.4.ebuild b/app-emulation/lxc/lxc-2.0.4.ebuild
new file mode 100644
index 00000000..452f249
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.0.4.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+pkg_setup() {
+	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${P}-bash-completion.patch
+	#558854
+	eapply "${FILESDIR}"/${P}-omit-sysconfig.patch
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	# start-ephemeral is no longer a command but removing it here
+	# generates QA warnings (still in upstream completion script)
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2016-07-14  2:31 Erik Mackdanz
  0 siblings, 0 replies; 14+ messages in thread
From: Erik Mackdanz @ 2016-07-14  2:31 UTC (permalink / raw
  To: gentoo-commits

commit:     181fa35d157157f02add732e0b338c6127b51338
Author:     Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 14 02:31:33 2016 +0000
Commit:     Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 02:31:33 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=181fa35d

app-emulation/lxc: Revbump to repair unit file

Gentoo-bug: 588740

Package-Manager: portage-2.3.0

 app-emulation/lxc/files/lxc.initd.5      | 119 +++++++++++++++++++
 app-emulation/lxc/files/lxc_at.service.4 |  14 +++
 app-emulation/lxc/lxc-2.0.3-r1.ebuild    | 197 +++++++++++++++++++++++++++++++
 3 files changed, 330 insertions(+)

diff --git a/app-emulation/lxc/files/lxc.initd.5 b/app-emulation/lxc/files/lxc.initd.5
new file mode 100644
index 0000000..e5a5236
--- /dev/null
+++ b/app-emulation/lxc/files/lxc.initd.5
@@ -0,0 +1,119 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+CONTAINER=${SVCNAME#*.}
+
+LXC_PATH=`lxc-config lxc.lxcpath`
+
+lxc_get_configfile() {
+	if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
+		echo "${LXC_PATH}/${CONTAINER}.conf"
+	elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
+		echo "${LXC_PATH}/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+		$1 == "lxc.network.type" {_type=$2;}
+		$1 == "lxc.network.link" {_link=$2;}
+		{if(_link != "" && _type != ""){
+			printf("%s:%s\n", _link, _type );
+			_link=""; _type="";
+		}; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.utsname)
+	if [ ${CONTAINER} != ${utsname} ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+	use lxcfs
+
+	local _x _if
+	for _x in $(lxc_get_net_link_type); do
+		_if=${_x%:*}
+		case "${_x##*:}" in
+			# when the network type is set to phys, we can make use of a
+			# network service (for instance to set it up before we disable
+			# the net_admin capability), but we might also not set it up
+			# at all on the host and leave the net_admin capable service
+			# to take care of it.
+			phys)	use net.${_if} ;;
+			*)	need net.${_if} ;;
+		esac
+	done
+}
+
+start() {
+	checkconfig || return 1
+	rm -f /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting ${CONTAINER}"
+	env -i ${setarch} $(which lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 0.5
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	[ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+
+	if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	# 10s should be enough to shut everything down
+	ebegin "Stopping ${CONTAINER}"
+	lxc-stop -t 10 -n ${CONTAINER}
+	eend $?
+}

diff --git a/app-emulation/lxc/files/lxc_at.service.4 b/app-emulation/lxc/files/lxc_at.service.4
new file mode 100644
index 0000000..64ae745
--- /dev/null
+++ b/app-emulation/lxc/files/lxc_at.service.4
@@ -0,0 +1,14 @@
+[Unit]
+Description=Linux Container %I
+After=network.target
+Wants=lxcfs.service
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/lxc-start -n %i -F
+ExecReload=/usr/bin/lxc-restart -n %i
+ExecStop=/usr/bin/lxc-stop -n %i
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target

diff --git a/app-emulation/lxc/lxc-2.0.3-r1.ebuild b/app-emulation/lxc/lxc-2.0.3-r1.ebuild
new file mode 100644
index 0000000..17805be
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.0.3-r1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-bash-completion.patch
+	#558854
+	epatch "${FILESDIR}"/${P}-omit-sysconfig.patch
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	# start-ephemeral is no longer a command but removing it here
+	# generates QA warnings (still in upstream completion script)
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.5" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2016-05-19  4:23 Erik Mackdanz
  0 siblings, 0 replies; 14+ messages in thread
From: Erik Mackdanz @ 2016-05-19  4:23 UTC (permalink / raw
  To: gentoo-commits

commit:     b67a58f568f1f4077c7d9a12cc7b9e70b287e9c0
Author:     Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
AuthorDate: Thu May 19 04:24:59 2016 +0000
Commit:     Erik Mackdanz <stasibear <AT> gentoo <DOT> org>
CommitDate: Thu May 19 04:24:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b67a58f5

app-emulation/lxc: version bump to 2.0.1

Gentoo-bug: 558854, 575352, 580864, 582018

Package-Manager: portage-2.2.28

 app-emulation/lxc/Manifest                         |   1 +
 .../lxc/files/lxc-2.0.1-bash-completion.patch      |  31 ++++
 .../lxc/files/lxc-2.0.1-omit-sysconfig.patch       |   5 +
 app-emulation/lxc/files/lxc.initd.4                | 119 ++++++++++++
 app-emulation/lxc/files/lxc_at.service.3           |  15 ++
 app-emulation/lxc/lxc-2.0.1.ebuild                 | 200 +++++++++++++++++++++
 6 files changed, 371 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 4e61c43..ef86569 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -7,3 +7,4 @@ DIST lxc-1.1.2.tar.gz 597158 SHA256 f22fcf2659ca98dfe864e632374de98c42cdf465d0c6
 DIST lxc-1.1.3.tar.gz 599889 SHA256 b75fb8e376d3313e152f31fb7372b68f33a953a12191a39de4cded04fff94300 SHA512 cafa4fbe4fe23b8c0b98007a79f20899c4a3b98c51d797b9c16e38dfec1eee5a513b58621308fe6551707d38028d9e5bd78ade8822691ffe4a7a369b10a48dda WHIRLPOOL 04ad57d8b189ab089b27adad8e511dcc2e5c563505f8134323ac9d738283bd5d0d929ebadeb69cd49ea68ea3e182f22c72590505cbf6f9d8438112e46909e1b5
 DIST lxc-1.1.4.tar.gz 604167 SHA256 b087baf5ac4b94618388e6e759d9cdafcf5c98ed67bf9012ee9660076f9fb0d1 SHA512 b239c285b68ddb25c165e998307d69b368bb802e89c1e26de9daab956ffc05cb8e80bf7c796233552b08a57d1cc37c22777bb7a7469db111582184ee13272c93 WHIRLPOOL 2d69d0540c15274627cdbd0f1944a119b601e1298b9328ba336beae0aa6bffd62dfdf85af82f54c3926489e19b4cee7eaa6c35bcfb72e4b3904f85102055ae85
 DIST lxc-1.1.5.tar.gz 607219 SHA256 eefce4cc679656cb8636bf0849f3ba6981c48167884e13dbcb377820a717c09c SHA512 e48ab549f1317afcb5f7768ab988ba27a3e9f1458504e1d70b2e27c502233e7b3538b8ce0b79940140a59a37681bcd8e459416e814f9e4814a4ed86b89e8df1c WHIRLPOOL 0d65ec400913b3298517ba0cb50e064b894d8b26cbd331662e11caee285a37aa1e0d1e4623b69e75585c4369544ca02ff97db90d5127c697cd53fde87d2bc968
+DIST lxc-2.0.1.tar.gz 772083 SHA256 543b927e0be6df256562afe05281552645c78c4a9c0881bf313e31ae13679a29 SHA512 f64cc7167bfed1cc74689bf7d9a5b1ad5b957d5791529c8319c55d2cc671dbd00df9c08fb8f10f73c0d77465a54eb4c98c980e66dd888f52c7670640c6bbf78f WHIRLPOOL a4d25a6733200fcc488b90c34715af8d5d9cd53632f8c82085e5dfe0216500c4714414b616bddda82f4ee014525fd222604d9d46d385658147e411060632f748

diff --git a/app-emulation/lxc/files/lxc-2.0.1-bash-completion.patch b/app-emulation/lxc/files/lxc-2.0.1-bash-completion.patch
new file mode 100644
index 0000000..9ef6013
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.0.1-bash-completion.patch
@@ -0,0 +1,31 @@
+--- lxc-lxc-2.0.1/config/bash/Makefile.am.orig	2016-05-18 20:40:42.238487678 +0000
++++ lxc-lxc-2.0.1/config/bash/Makefile.am	2016-05-18 20:43:02.163497779 +0000
+@@ -2,12 +2,12 @@
+ 
+ if ENABLE_BASH
+ install-bash:
+-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
+-	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
++	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
++	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
+ 
+ uninstall-bash:
+-	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
+-	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
++	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
++	rmdir $(DESTDIR)$(datarootdir)/bash-completion/completions/ || :
+ 
+ install-data-local: install-bash
+ uninstall-local: uninstall-bash
+--- lxc-lxc-2.0.1/config/bash/lxc.in.orig	2016-05-18 20:40:51.079488316 +0000
++++ lxc-lxc-2.0.1/config/bash/lxc.in	2016-05-18 20:45:03.506506538 +0000
+@@ -1,4 +1,3 @@
+-_have lxc-start && {
+     _lxc_names() {
+         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
+     }
+@@ -100,4 +99,3 @@
+ 
+     complete -o default -F _lxc_generic_o lxc-copy
+     complete -o default -F _lxc_generic_o lxc-start-ephemeral
+-}

diff --git a/app-emulation/lxc/files/lxc-2.0.1-omit-sysconfig.patch b/app-emulation/lxc/files/lxc-2.0.1-omit-sysconfig.patch
new file mode 100644
index 0000000..9b83a3b
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-2.0.1-omit-sysconfig.patch
@@ -0,0 +1,5 @@
+--- lxc-lxc-2.0.1/config/Makefile.am.orig	2016-05-19 02:56:11.891113982 +0000
++++ lxc-lxc-2.0.1/config/Makefile.am	2016-05-19 02:56:32.596115476 +0000
+@@ -1 +1 @@
+-SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
++SUBDIRS = apparmor bash etc init selinux templates yum

diff --git a/app-emulation/lxc/files/lxc.initd.4 b/app-emulation/lxc/files/lxc.initd.4
new file mode 100644
index 0000000..c8325bc
--- /dev/null
+++ b/app-emulation/lxc/files/lxc.initd.4
@@ -0,0 +1,119 @@
+#!/sbin/runscript
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+CONTAINER=${SVCNAME#*.}
+
+LXC_PATH=`lxc-config lxc.lxcpath`
+
+lxc_get_configfile() {
+	if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
+		echo "${LXC_PATH}/${CONTAINER}.conf"
+	elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
+		echo "${LXC_PATH}/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+		$1 == "lxc.network.type" {_type=$2;}
+		$1 == "lxc.network.link" {_link=$2;}
+		{if(_link != "" && _type != ""){
+			printf("%s:%s\n", _link, _type );
+			_link=""; _type="";
+		}; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.utsname)
+	if [ ${CONTAINER} != ${utsname} ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+	use lxcfs
+
+	local _x _if
+	for _x in $(lxc_get_net_link_type); do
+		_if=${_x%:*}
+		case "${_x##*:}" in
+			# when the network type is set to phys, we can make use of a
+			# network service (for instance to set it up before we disable
+			# the net_admin capability), but we might also not set it up
+			# at all on the host and leave the net_admin capable service
+			# to take care of it.
+			phys)	use net.${_if} ;;
+			*)	need net.${_if} ;;
+		esac
+	done
+}
+
+start() {
+	checkconfig || return 1
+	rm -f /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting ${CONTAINER}"
+	env -i ${setarch} $(which lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 0.5
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	[ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+
+	if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	# 10s should be enough to shut everything down
+	ebegin "Stopping ${CONTAINER}"
+	lxc-stop -t 10 -n ${CONTAINER}
+	eend $?
+}

diff --git a/app-emulation/lxc/files/lxc_at.service.3 b/app-emulation/lxc/files/lxc_at.service.3
new file mode 100644
index 0000000..6726414
--- /dev/null
+++ b/app-emulation/lxc/files/lxc_at.service.3
@@ -0,0 +1,15 @@
+[Unit]
+Description=Linux Container %I
+After=network.target
+Wants=lxcfs.service
+
+[Service]
+Restart=always
+ExecStartPre=/usr/libexec/lxc/lxc-devsetup
+ExecStart=/usr/bin/lxc-start -n %i -F
+ExecReload=/usr/bin/lxc-restart -n %i
+ExecStop=/usr/bin/lxc-stop -n %i
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target

diff --git a/app-emulation/lxc/lxc-2.0.1.ebuild b/app-emulation/lxc/lxc-2.0.1.ebuild
new file mode 100644
index 0000000..b95536f
--- /dev/null
+++ b/app-emulation/lxc/lxc-2.0.1.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-bash-completion.patch
+	#558854
+	epatch "${FILESDIR}"/${P}-omit-sysconfig.patch
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	# start-ephemeral is no longer a command but removing it here
+	# generates QA warnings (still in upstream completion script)
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.4" ${PN}
+
+	# lxc-devsetup script
+	exeinto /usr/libexec/${PN}
+	doexe config/init/common/${PN}-devsetup
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.3 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2015-12-06 18:54 Markos Chandras
  0 siblings, 0 replies; 14+ messages in thread
From: Markos Chandras @ 2015-12-06 18:54 UTC (permalink / raw
  To: gentoo-commits

commit:     e5087471168deb08473cbbd2d1b62d4758e99110
Author:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
AuthorDate: Sun Dec  6 16:49:09 2015 +0000
Commit:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
CommitDate: Sun Dec  6 18:54:07 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5087471

app-emulation/lxc: Version bump. Bug #565688

Package-Manager: portage-2.2.26

 app-emulation/lxc/Manifest                         |   2 +
 .../lxc/files/lxc-1.0.8-bash-completion.patch      |  35 ++++
 app-emulation/lxc/lxc-1.0.8.ebuild                 | 189 ++++++++++++++++++++
 app-emulation/lxc/lxc-1.1.5.ebuild                 | 198 +++++++++++++++++++++
 4 files changed, 424 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 59c2136..4e61c43 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,7 +1,9 @@
 DIST lxc-1.0.6.tar.gz 561249 SHA256 2aea199a89e2cd946f93406af6c3f62844f36954b79a6991b36d2c33022cb11c SHA512 fe85ccb57865d86704df6b4b79d60f31892785b07dc9dd2580cc6c384c89c29c23516e906b7a16bc03c6582c1fb2432bb8ff11bd17c09efa8f6a035fb41f46b1 WHIRLPOOL 9e77453fbe31523a2e8f39cfaba6f09fef68d00b54549167a0cde56c00934f827f5b4190b9fb64242f36782a9fcda63e6796c35fd47420870c2cee7b9bc0a1c8
 DIST lxc-1.0.7.tar.gz 564985 SHA256 a0b1b09592e076e270dcb3ba004616d9ac3147f9de0b78ca39a30f8956b0a8f2 SHA512 e6ff42a7b41177e1be0d2cd47d4c554565c7fc35355f3aa8aeba00d4adc7a0f364ecd060ddb6c97b2fe5968329c4e4c4b3cb022bffd2da145f30880f077264a8 WHIRLPOOL f07e5e9efb8ff394aa9cdd6c3e725b453c8137ec221399cbf910d57dbc9268fc84e7227273567792821415dc14e774942b76a58a1a478de57d5c82e545702000
+DIST lxc-1.0.8.tar.gz 575127 SHA256 399ac3eb4e0a89d657fb2e2a57f686ed061d3f1ea4733e7521b1539e9906c7ee SHA512 f552a4f48bb47d26c6b9ddaf8221a439c0848e3f54ec41b77d54717c21bddd56193941046cc96c699790e8265e762a926469c25ee687adcf7795f2906b1c260a WHIRLPOOL 72cd0b8b0345692dd9a3ed8785ee27f5e575794a96c515db1f1d073c29be4c06ae8c1ee24fa375a5ede2bba2494704916710b2e8814ed991d43330a40dff3d56
 DIST lxc-1.1.0.tar.gz 592543 SHA256 216e806f7e18e5bfbc782493a9e44fc255f24a587d6faee94cda848a0b949155 SHA512 160da88d6dc96cd9f0679f948bfed057c024adcd459fa4b79e872d12284fa3774ac33a13923c6e150072886a371ccfcdf7ab2c4587efa7f6175fc91a67525c4a WHIRLPOOL 2caf81418850ea8b1ecf25b25e799895563ecf1819f32310fcbb4efe88f711eafe2bcb16a0d3b8ee59072c770a5520b4df90a5962215b932e68a4705c4a56d61
 DIST lxc-1.1.1.tar.gz 594112 SHA256 64951fdd39df2bea083bb5a8ac35a7390daf2dc7753d8fce33138129892ef672 SHA512 8af3fb43127b57de4e252baf5cb387270955062ff3838e4807a93d04520ca23f0457913bc8274da51b20961fb08650f9b976a84d395785aca2b2d300b285d549 WHIRLPOOL 4f28b976dd6710705d6361b9a45fef9a1265dffef0cedd0fb304f2820585ece3e2bb64d4c5289d444b3ab55bac265850943c63cdf258c40c45c99176a788ca2a
 DIST lxc-1.1.2.tar.gz 597158 SHA256 f22fcf2659ca98dfe864e632374de98c42cdf465d0c694834b6f6098a3cb8519 SHA512 7c4c9b5418321eedcd37a3f5c2c99ff227de48f672cabd1722a74722077d33badb038675ec95fc3e338eaf2b06972c4ffb2e11f36347587ef71a95fad5b66daa WHIRLPOOL 2b657a9195b6357a367f6aa7609952d9162aae7d7be3f2c5e4cda4b2e81f2c7411835e75af5740cca053d445a3cf7dc7457f9e76ca866de7265e99ed42c744e9
 DIST lxc-1.1.3.tar.gz 599889 SHA256 b75fb8e376d3313e152f31fb7372b68f33a953a12191a39de4cded04fff94300 SHA512 cafa4fbe4fe23b8c0b98007a79f20899c4a3b98c51d797b9c16e38dfec1eee5a513b58621308fe6551707d38028d9e5bd78ade8822691ffe4a7a369b10a48dda WHIRLPOOL 04ad57d8b189ab089b27adad8e511dcc2e5c563505f8134323ac9d738283bd5d0d929ebadeb69cd49ea68ea3e182f22c72590505cbf6f9d8438112e46909e1b5
 DIST lxc-1.1.4.tar.gz 604167 SHA256 b087baf5ac4b94618388e6e759d9cdafcf5c98ed67bf9012ee9660076f9fb0d1 SHA512 b239c285b68ddb25c165e998307d69b368bb802e89c1e26de9daab956ffc05cb8e80bf7c796233552b08a57d1cc37c22777bb7a7469db111582184ee13272c93 WHIRLPOOL 2d69d0540c15274627cdbd0f1944a119b601e1298b9328ba336beae0aa6bffd62dfdf85af82f54c3926489e19b4cee7eaa6c35bcfb72e4b3904f85102055ae85
+DIST lxc-1.1.5.tar.gz 607219 SHA256 eefce4cc679656cb8636bf0849f3ba6981c48167884e13dbcb377820a717c09c SHA512 e48ab549f1317afcb5f7768ab988ba27a3e9f1458504e1d70b2e27c502233e7b3538b8ce0b79940140a59a37681bcd8e459416e814f9e4814a4ed86b89e8df1c WHIRLPOOL 0d65ec400913b3298517ba0cb50e064b894d8b26cbd331662e11caee285a37aa1e0d1e4623b69e75585c4369544ca02ff97db90d5127c697cd53fde87d2bc968

diff --git a/app-emulation/lxc/files/lxc-1.0.8-bash-completion.patch b/app-emulation/lxc/files/lxc-1.0.8-bash-completion.patch
new file mode 100644
index 0000000..e9e0e6c
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-1.0.8-bash-completion.patch
@@ -0,0 +1,35 @@
+Index: lxc-lxc-1.0.8/config/bash/Makefile.am
+===================================================================
+--- lxc-lxc-1.0.8.orig/config/bash/Makefile.am
++++ lxc-lxc-1.0.8/config/bash/Makefile.am
+@@ -2,12 +2,12 @@ EXTRA_DIST = lxc
+ 
+ if ENABLE_BASH
+ install-bash:
+-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
+-	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
++	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions/
++	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
+ 
+ uninstall-bash:
+-	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
+-	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
++	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
++	rmdir $(DESTDIR)$(datarootdir)/bash-completion// || :
+ 
+ install-data-local: install-bash
+ uninstall-local: uninstall-bash
+Index: lxc-lxc-1.0.8/config/bash/lxc.in
+===================================================================
+--- lxc-lxc-1.0.8.orig/config/bash/lxc.in
++++ lxc-lxc-1.0.8/config/bash/lxc.in
+@@ -1,4 +1,3 @@
+-have lxc-start && {
+     _lxc_names() {
+         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
+     }
+@@ -100,4 +99,3 @@ have lxc-start && {
+ 
+     complete -o default -F _lxc_generic_o lxc-clone
+     complete -o default -F _lxc_generic_o lxc-start-ephemeral
+-}

diff --git a/app-emulation/lxc/lxc-1.0.8.ebuild b/app-emulation/lxc/lxc-1.0.8.ebuild
new file mode 100644
index 0000000..3eed768
--- /dev/null
+++ b/app-emulation/lxc/lxc-1.0.8.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~RESOURCE_COUNTERS
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:	needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:	needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:	needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:	needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:	needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:	needed for internal (inter-container) networking"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:	needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:	as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT=":CONFIG_GRKERNSEC_CHROOT_MOUNT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC=":CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+	sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/g' configure.ac || die
+	if [[ -n ${BACKPORTS} ]]; then
+		epatch "${WORKDIR}"/patches/*
+	fi
+
+	epatch "${FILESDIR}"/${PN}-1.0.8-bash-completion.patch
+
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/sbin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/etc/lxc	\
+		--with-rootfs-path=/usr/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		$(use_enable doc) \
+		--disable-apparmor \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable seccomp) \
+		--disable-python
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,clone,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /usr/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	# Use initd.3 per #517144
+	newinitd "${FILESDIR}/${PN}.initd.3" ${PN}
+
+	# lxc-devsetup script
+	exeinto /usr/libexec/${PN}
+	doexe config/init/systemd/${PN}-devsetup
+	# Use that script with the systemd service (Similar to upstream
+	# Makefile.am
+	cp "${FILESDIR}"/${PN}_at.service ${PN}_at.service || die
+	sed -i \
+		"/Restart=always/a ExecStartPre=/usr/libexec/${PN}/${PN}-devsetup" \
+		${PN}_at.service \
+		|| die "Failed to add ${PN}-devsetup to the systemd service file"
+	systemd_newunit ${PN}_at.service "lxc@.service"
+}
+
+pkg_postinst() {
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+	ewarn "With version 0.7.4, the mountpoint syntax came back to the one used by 0.7.2"
+	ewarn "and previous versions. This means you'll have to use syntax like the following"
+	ewarn ""
+	ewarn "    lxc.rootfs = /container"
+	ewarn "    lxc.mount.entry = /usr/portage /container/usr/portage none bind 0 0"
+	ewarn ""
+	ewarn "To use the Fedora, Debian and (various) Ubuntu auto-configuration scripts, you"
+	ewarn "will need sys-apps/yum or dev-util/debootstrap."
+	ewarn ""
+	ewarn "Some GrSecurity settings in relation to chroot security will cause LXC not to"
+	ewarn "work, while others will actually make it much more secure. Please refer to"
+	ewarn "Diego Elio Pettenò's weblog at http://blog.flameeyes.eu/tag/lxc for further"
+	ewarn "details."
+}

diff --git a/app-emulation/lxc/lxc-1.1.5.ebuild b/app-emulation/lxc/lxc-1.1.5.ebuild
new file mode 100644
index 0000000..12c1751
--- /dev/null
+++ b/app-emulation/lxc/lxc-1.1.5.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4,3_5} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+	~!GRKERNSEC_PROC
+	~!GRKERNSEC_SYSFS_RESTRICT
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
+ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+
+	epatch "${FILESDIR}"/${PN}-1.1.3-bash-completion.patch
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,clone,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	# Use initd.3 per #517144
+	newinitd "${FILESDIR}/${PN}.initd.3" ${PN}
+
+	# lxc-devsetup script
+	exeinto /usr/libexec/${PN}
+	doexe config/init/systemd/${PN}-devsetup
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.2 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/
@ 2015-09-05  8:08 Markos Chandras
  0 siblings, 0 replies; 14+ messages in thread
From: Markos Chandras @ 2015-09-05  8:08 UTC (permalink / raw
  To: gentoo-commits

commit:     ded368f9a246102c62a83377408b4b8ba489129f
Author:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  5 08:06:36 2015 +0000
Commit:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
CommitDate: Sat Sep  5 08:08:23 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ded368f9

app-emulation/lxc: Version bump

Package-Manager: portage-2.2.20.1

 app-emulation/lxc/Manifest                         |   1 +
 .../lxc/files/lxc-1.1.3-bash-completion.patch      |  35 ++++
 app-emulation/lxc/lxc-1.1.3.ebuild                 | 194 +++++++++++++++++++++
 3 files changed, 230 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index cc4a565..fe67c91 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -3,3 +3,4 @@ DIST lxc-1.0.7.tar.gz 564985 SHA256 a0b1b09592e076e270dcb3ba004616d9ac3147f9de0b
 DIST lxc-1.1.0.tar.gz 592543 SHA256 216e806f7e18e5bfbc782493a9e44fc255f24a587d6faee94cda848a0b949155 SHA512 160da88d6dc96cd9f0679f948bfed057c024adcd459fa4b79e872d12284fa3774ac33a13923c6e150072886a371ccfcdf7ab2c4587efa7f6175fc91a67525c4a WHIRLPOOL 2caf81418850ea8b1ecf25b25e799895563ecf1819f32310fcbb4efe88f711eafe2bcb16a0d3b8ee59072c770a5520b4df90a5962215b932e68a4705c4a56d61
 DIST lxc-1.1.1.tar.gz 594112 SHA256 64951fdd39df2bea083bb5a8ac35a7390daf2dc7753d8fce33138129892ef672 SHA512 8af3fb43127b57de4e252baf5cb387270955062ff3838e4807a93d04520ca23f0457913bc8274da51b20961fb08650f9b976a84d395785aca2b2d300b285d549 WHIRLPOOL 4f28b976dd6710705d6361b9a45fef9a1265dffef0cedd0fb304f2820585ece3e2bb64d4c5289d444b3ab55bac265850943c63cdf258c40c45c99176a788ca2a
 DIST lxc-1.1.2.tar.gz 597158 SHA256 f22fcf2659ca98dfe864e632374de98c42cdf465d0c694834b6f6098a3cb8519 SHA512 7c4c9b5418321eedcd37a3f5c2c99ff227de48f672cabd1722a74722077d33badb038675ec95fc3e338eaf2b06972c4ffb2e11f36347587ef71a95fad5b66daa WHIRLPOOL 2b657a9195b6357a367f6aa7609952d9162aae7d7be3f2c5e4cda4b2e81f2c7411835e75af5740cca053d445a3cf7dc7457f9e76ca866de7265e99ed42c744e9
+DIST lxc-1.1.3.tar.gz 599889 SHA256 b75fb8e376d3313e152f31fb7372b68f33a953a12191a39de4cded04fff94300 SHA512 cafa4fbe4fe23b8c0b98007a79f20899c4a3b98c51d797b9c16e38dfec1eee5a513b58621308fe6551707d38028d9e5bd78ade8822691ffe4a7a369b10a48dda WHIRLPOOL 04ad57d8b189ab089b27adad8e511dcc2e5c563505f8134323ac9d738283bd5d0d929ebadeb69cd49ea68ea3e182f22c72590505cbf6f9d8438112e46909e1b5

diff --git a/app-emulation/lxc/files/lxc-1.1.3-bash-completion.patch b/app-emulation/lxc/files/lxc-1.1.3-bash-completion.patch
new file mode 100644
index 0000000..3bcb40c
--- /dev/null
+++ b/app-emulation/lxc/files/lxc-1.1.3-bash-completion.patch
@@ -0,0 +1,35 @@
+Index: lxc-lxc-1.1.3/config/bash/Makefile.am
+===================================================================
+--- lxc-lxc-1.1.3.orig/config/bash/Makefile.am
++++ lxc-lxc-1.1.3/config/bash/Makefile.am
+@@ -2,12 +2,12 @@ EXTRA_DIST = lxc
+ 
+ if ENABLE_BASH
+ install-bash:
+-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/
+-	$(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/
++	$(MKDIR_P) $(DESTDIR)$(datarootdir)/bash-completion/completions//
++	$(INSTALL_DATA) lxc $(DESTDIR)$(datarootdir)/bash-completion/completions/
+ 
+ uninstall-bash:
+-	rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc
+-	rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || :
++	rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/lxc
++	rmdir $(DESTDIR)$(datarootdir)/bash-completion/ || :
+ 
+ install-data-local: install-bash
+ uninstall-local: uninstall-bash
+Index: lxc-lxc-1.1.3/config/bash/lxc.in
+===================================================================
+--- lxc-lxc-1.1.3.orig/config/bash/lxc.in
++++ lxc-lxc-1.1.3/config/bash/lxc.in
+@@ -1,4 +1,3 @@
+-have lxc-start && {
+     _lxc_names() {
+         COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) )
+     }
+@@ -100,4 +99,3 @@ have lxc-start && {
+ 
+     complete -o default -F _lxc_generic_o lxc-clone
+     complete -o default -F _lxc_generic_o lxc-start-ephemeral
+-}

diff --git a/app-emulation/lxc/lxc-1.1.3.ebuild b/app-emulation/lxc/lxc-1.1.3.ebuild
new file mode 100644
index 0000000..4a336ef
--- /dev/null
+++ b/app-emulation/lxc/lxc-1.1.3.ebuild
@@ -0,0 +1,194 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_3,3_4} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools bash-completion-r1 distutils-r1 eutils linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="https://linuxcontainers.org/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~arm64"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="cgmanager doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	cgmanager? ( app-admin/cgmanager )
+	lua? ( >=dev-lang/lua-5.1:= )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-process/criu
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~NETLINK_DIAG ~PACKET_DIAG
+	~INET_UDP_DIAG ~INET_TCP_DIAG
+	~UNIX_DIAG ~CHECKPOINT_RESTORE
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
+
+ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG:  needed for lxc-checkpoint"
+ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG:  needed for lxc-checkpoint"
+ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG:  needed for lxc-checkpoint"
+ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG:  needed for lxc-checkpoint"
+ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE:  needed for lxc-checkpoint"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+
+	epatch "${FILESDIR}"/${PN}-1.1.3-bash-completion.patch
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	if use python; then
+		#541932
+		python_setup "python3*"
+		export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
+	fi
+
+	# I am not sure about the --with-rootfs-path
+	# /var/lib/lxc is probably more appropriate than
+	# /usr/lib/lxc.
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/bin \
+		--sbindir=/usr/bin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/var/lib/lxc	\
+		--with-rootfs-path=/var/lib/lxc/rootfs \
+		--with-distro=gentoo \
+		--with-runtime-path=/run \
+		--disable-apparmor \
+		$(use_enable cgmanager) \
+		$(use_enable doc) \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		$(use_enable python) \
+		$(use_enable seccomp)
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,clone,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	# Use initd.3 per #517144
+	newinitd "${FILESDIR}/${PN}.initd.3" ${PN}
+
+	# lxc-devsetup script
+	exeinto /usr/libexec/${PN}
+	doexe config/init/systemd/${PN}-devsetup
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.2 "lxc@.service"
+}
+
+pkg_postinst() {
+	elog ""
+	elog "Starting from version ${PN}-1.1.0-r3, the default lxc path has been"
+	elog "moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc"
+	elog "please add the following to your /etc/lxc/default.conf"
+	elog "lxc.lxcpath = /etc/lxc"
+	elog ""
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+}


^ permalink raw reply related	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2021-10-29  7:14 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-04  5:40 [gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/, app-emulation/lxc/files/ Joonas Niilola
  -- strict thread matches above, loose matches on Subject: below --
2021-10-29  7:14 Joonas Niilola
2020-06-26  8:13 Joonas Niilola
2018-10-07  2:24 Virgil Dupras
2018-08-06 16:12 Virgil Dupras
2018-04-26  1:36 Matthias Maier
2018-01-30 17:01 Matthias Maier
2017-12-15  1:55 Matthias Maier
2016-12-03 13:39 Yixun Lan
2016-09-04 15:29 Erik Mackdanz
2016-07-14  2:31 Erik Mackdanz
2016-05-19  4:23 Erik Mackdanz
2015-12-06 18:54 Markos Chandras
2015-09-05  8:08 Markos Chandras

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox