main/lxc/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=lxc
pkgver=6.0.1
_pkgver=${pkgver/_rc/.rc}
pkgrel=7
pkgdesc="Userspace interface for the Linux kernel containment features"
url="https://linuxcontainers.org/lxc/"
arch="all"
license="LGPL-2.1-or-later"
makedepends="
	dbus-dev
	docbook2x
	libapparmor-dev
	libcap-dev
	libcap-static
	libseccomp-dev
	linux-headers
	linux-pam-dev
	meson
	"
subpackages="
	$pkgname-dbg
	$pkgname-dev
	$pkgname-doc
	$pkgname-openrc
	$pkgname-lvm::noarch
	$pkgname-test-utils:_test_utils
	$pkgname-libs
	$pkgname-bridge::noarch
	$pkgname-bash-completion
	$pkgname-pam
	$pkgname-download:_download:noarch
	$pkgname-templates-oci:templates_oci:noarch
	$pkgname-templates::noarch
	$pkgname-user-nic:_user_nic
	"
source="https://linuxcontainers.org/downloads/lxc/lxc-$_pkgver.tar.gz
	lxc-top-cgroupv2.patch
	lxc-info-cgroups-v2.patch
	lxc.initd
	lxc.confd
	"
# no buildtime tests
options="!check suid"

# secfixes:
#   5.0.1-r2:
#     - CVE-2022-47952
#   3.1.0-r1:
#     - CVE-2019-5736
#   2.1.1-r9:
#     - CVE-2018-6556

_tmpldir="usr/share/lxc/templates"

build() {
	case "$CARCH" in
	riscv64)
		local lto=false
		;;
	*)
		local lto=true
		;;
	esac
	abuild-meson \
		-Db_lto=$lto \
		-Ddistrosysconfdir=/etc/default \
		-Dpam-cgroup=true \
		-Dtests=true \
		-Dinit-script="[]" \
		. output

	meson compile -C output
}

package() {
	DESTDIR="$pkgdir" meson install --no-rebuild -C output

	install -Dm755 "$srcdir"/lxc.initd "$pkgdir"/etc/init.d/lxc
	install -Dm644 "$srcdir"/lxc.confd "$pkgdir"/etc/conf.d/lxc
	install -d "$pkgdir"/var/lib/lxc

	# Remove useless config for SysVinit.
	rm -r "$pkgdir"/etc/default

	# they install this to libdir, but the other things are in /usr/lib
	# so we can't change it
	mkdir -p "$pkgdir"/lib
	mv "$pkgdir"/usr/lib/security "$pkgdir"/lib
}

lvm() {
	pkgdesc="LVM support for LXC"
	depends="$pkgname=$pkgver-r$pkgrel lvm2 util-linux"
	install_if="$pkgname=$pkgver-r$pkgrel lvm2"
	mkdir "$subpkgdir"
}

_test_utils() {
	pkgdesc="Runtime testing utilities for LXC"

	amove usr/bin/lxc-test-*
}

_py3() {
	pkgdesc="Python3 module for LXC"
	depends="python3"

	amove usr/lib/python3*
}

_download() {
	pkgdesc="LXC container image downloader template"
	depends="$pkgname gpg gnupg-dirmngr tar wget xz"

	amove $_tmpldir/lxc-download
}

templates() {
	pkgdesc="Templates for LXC (except alpine and download)"
	depends="tar"

	amove $_tmpldir/*
}

templates_oci() {
	pkgdesc="OCI Template for LXC"
	depends="bash jq"

	amove $_tmpldir/lxc-oci
}

pam() {
	pkgdesc="PAM module for LXC"

	amove lib/security
}

dev() {
	default_dev
	# fix abuild smartness
	mv "$subpkgdir"/usr/bin/lxc-config "$pkgdir"/usr/bin/
	mv "$subpkgdir"/usr/bin/lxc-update-config "$pkgdir"/usr/bin/
}

bridge() {
	depends="dnsmasq"
	pkgdesc="Bridge interface for LXC with dhcp"
	mkdir -p "$subpkgdir"/etc/conf.d \
		"$subpkgdir"/etc/init.d \
		"$subpkgdir"/etc/lxc

	ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.lxcbr0
	cat >>"$subpkgdir"/etc/conf.d/dnsmasq.lxcbr0 <<- EOF
		rc_before="lxc"
		BRIDGE_ADDR="10.0.3.1"
		BRIDGE_NETMASK="255.255.255.0"
		BRIDGE_NETWORK="10.0.3.0/24"
		BRIDGE_DHCP_RANGE="10.0.3.2,10.0.3.254"
		BRIDGE_DHCP_MAX="253"
		BRIDGE_MAC="00:16:3e:00:00:00"
		DNSMASQ_CONFFILE="/etc/lxc/dnsmasq.conf"
	EOF
	cat >>"$subpkgdir"/etc/lxc/dnsmasq.conf <<- EOF
		#dhcp-host=somehost,10.0.3.3
		#dhcp-host=otherhost,10.0.3.4
	EOF
}

_user_nic() {
	pkgdesc="suid helper to manage LXC network interfaces as unprivileged user"

	amove usr/libexec/lxc/lxc-user-nic
}

sha512sums="
7e8b9740178ae46a2ad3ba3f1e509f69f978d0a2a1f7e1938213ae9cb9a80f496d01be64958cad4aa6f01a73f1d8c3759c3e9df9df4f67c77e603ea0809d79c2  lxc-6.0.1.tar.gz
d24a1226f37f575de5d85a850d74fa5a59623e1ec9fc8be30bacf1c874426213be3b6c4aa70a35d7df93fb2a95a573290768b92d0256c09d91fc629c8dc930e8  lxc-top-cgroupv2.patch
43299891779b0c8737b811e16d356e211d797d003af85d97ab969b3d47212e6c33ff5fbd36579534be9e84a2caa3cca8fd39f11a37cc54ec3e2344423e348499  lxc-info-cgroups-v2.patch
db71783366277a68a5c8116604cf845da4780fe4aebdb5820ae2c4fe028cfe52a9c94246db362476f2f195be6a9c2b835edbe521423f116fc66eb50023d6daab  lxc.initd
91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467  lxc.confd
"