Version bump. Fixes bug #516772, #518484, #519662

(Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with key 09BF4F54C2BA7F3C!)

3 files changed, 323 insertions, 1 deletions

diff --git a/app-emulation/lxc/ChangeLog b/app-emulation/lxc/ChangeLog
index 61361bc2a26a..f30e5088d9e6 100644
--- a/app-emulation/lxc/ChangeLog
+++ b/app-emulation/lxc/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-emulation/lxc
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/ChangeLog,v 1.49 2014/06/15 18:29:53 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/ChangeLog,v 1.50 2014/10/18 17:00:37 hwoarang Exp $
+
+*lxc-1.0.6 (18 Oct 2014)
+
+  18 Oct 2014; Markos Chandras <hwoarang@gentoo.org> +files/lxc.initd.3,
+  +lxc-1.0.6.ebuild:
+  Version bump. Fixes bug #516772, #518484, #519662
 
 *lxc-1.0.4 (15 Jun 2014)
 
diff --git a/app-emulation/lxc/files/lxc.initd.3 b/app-emulation/lxc/files/lxc.initd.3
new file mode 100644
index 000000000000..b2a1ee2f8b81
--- /dev/null
+++ b/app-emulation/lxc/files/lxc.initd.3
@@ -0,0 +1,137 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/files/lxc.initd.3,v 1.1 2014/10/18 17:00:37 hwoarang Exp $
+
+CONTAINER=${SVCNAME#*.}
+
+lxc_get_configfile() {
+	if [ -f "/etc/lxc/${CONTAINER}.conf" ]; then
+		echo "/etc/lxc/${CONTAINER}.conf"
+	elif [ -f "/etc/lxc/${CONTAINER}/config" ]; then
+		echo "/etc/lxc/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+		$1 == "lxc.network.type" {_type=$2;}
+		$1 == "lxc.network.link" {_link=$2;}
+		{if(_link != "" && _type != ""){
+			printf("%s:%s\n", _link, _type );
+			_link=""; _type="";
+		}; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.utsname)
+	if [ ${CONTAINER} != ${utsname} ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+
+	local _x _if
+	for _x in $(lxc_get_net_link_type); do
+		_if=${_x%:*}
+		case "${_x##*:}" in
+			# when the network type is set to phys, we can make use of a
+			# network service (for instance to set it up before we disable
+			# the net_admin capability), but we might also not set it up
+			# at all on the host and leave the net_admin capable service
+			# to take care of it.
+			phys)	use net.${_if} ;;
+			*)	need net.${_if} ;;
+		esac
+	done
+}
+
+start() {
+	checkconfig || return 1
+	rm /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting ${CONTAINER}"
+	env -i ${setarch} $(type -p lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 0.5
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	[ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+
+	if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	init_pid=$(lxc-info -n ${CONTAINER} --pid | awk '{ print $2 }')
+
+	if [ -z "${init_pid}" ]; then
+	    ewarn "${CONTAINER} doesn't seem to be running."
+	    return 0
+	fi
+
+	ebegin "Shutting down system in ${CONTAINER}"
+	kill -PWR ${init_pid}
+	eend $?
+
+	TIMEOUT=${TIMEOUT:-30}
+	i=0
+	while [ -n "$(pgrep -P ${init_pid})" -a $i -lt ${TIMEOUT} ]; do
+		sleep 1
+		i=$(expr $i + 1)
+	done
+
+	if [ -n "${missingprocs}" ]; then
+		ewarn "Something failed to properly shut down in ${CONTAINER}"
+	fi
+
+	ebegin "Stopping ${CONTAINER}"
+	lxc-stop -n ${CONTAINER}
+	eend $?
+}
diff --git a/app-emulation/lxc/lxc-1.0.6.ebuild b/app-emulation/lxc/lxc-1.0.6.ebuild
new file mode 100644
index 000000000000..ea0001afdeeb
--- /dev/null
+++ b/app-emulation/lxc/lxc-1.0.6.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/lxc-1.0.6.ebuild,v 1.1 2014/10/18 17:00:37 hwoarang Exp $
+
+EAPI="5"
+
+MY_P="${P/_/-}"
+PYTHON_COMPAT=( python{3_2,3_3,3_4} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools distutils-r1 eutils linux-info versionator flag-o-matic systemd
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="http://lxc.sourceforge.net/"
+SRC_URI="https://github.com/lxc/lxc/archive/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~arm ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="doc examples lua python seccomp"
+
+RDEPEND="net-libs/gnutls
+	sys-libs/libcap
+	lua? ( >=dev-lang/lua-5.1 )
+	python? ( ${PYTHON_DEPS} )
+	seccomp? ( sys-libs/libseccomp )"
+
+DEPEND="${RDEPEND}
+	doc? ( app-text/docbook-sgml-utils )
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~RESOURCE_COUNTERS
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:	needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:	needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:	needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:	needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:	needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:	needed for internal (inter-container) networking"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:	needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:	as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT=":CONFIG_GRKERNSEC_CHROOT_MOUNT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS	some GRSEC features make LXC unusable see postinst notes"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
+
+S="${WORKDIR}/${PN}-${MY_P}"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+src_prepare() {
+	sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/g' configure.ac || die
+	if [[ -n ${BACKPORTS} ]]; then
+		epatch "${WORKDIR}"/patches/*
+	fi
+
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/sbin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/etc/lxc	\
+		--with-rootfs-path=/usr/lib/lxc/rootfs \
+		$(use_enable doc) \
+		--disable-apparmor \
+		$(use_enable examples) \
+		$(use_enable lua) \
+		--disable-python
+}
+
+python_compile() {
+	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+}
+
+src_compile() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-${PN}" > /dev/null
+		distutils-r1_src_compile
+		popd > /dev/null
+	fi
+}
+
+src_install() {
+	default
+
+	if use python; then
+		pushd "${S}/src/python-lxc" > /dev/null
+		# Unset DOCS. This has been handled by the default target
+		unset DOCS
+		distutils-r1_src_install
+		popd > /dev/null
+	fi
+
+	keepdir /etc/lxc /usr/lib/lxc/rootfs /var/log/lxc
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	# Use initd.3 per #517144
+	newinitd "${FILESDIR}/${PN}.initd.3" ${PN}
+
+	# lxc-devsetup script
+	exeinto /usr/libexec/${PN}
+	doexe config/init/systemd/${PN}-devsetup
+	# Use that script with the systemd service (Similar to upstream
+	# Makefile.am
+	cp "${FILESDIR}"/${PN}_at.service ${PN}_at.service
+	sed -i \
+		"/Restart=always/a ExecStartPre=/usr/libexec/${PN}/${PN}-devsetup" \
+		${PN}_at.service \
+		|| die "Failed to add ${PN}-devsetup to the systemd service file"
+	systemd_newunit ${PN}_at.service "lxc@.service"
+}
+
+pkg_postinst() {
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+	ewarn "With version 0.7.4, the mountpoint syntax came back to the one used by 0.7.2"
+	ewarn "and previous versions. This means you'll have to use syntax like the following"
+	ewarn ""
+	ewarn "    lxc.rootfs = /container"
+	ewarn "    lxc.mount.entry = /usr/portage /container/usr/portage none bind 0 0"
+	ewarn ""
+	ewarn "To use the Fedora, Debian and (various) Ubuntu auto-configuration scripts, you"
+	ewarn "will need sys-apps/yum or dev-util/debootstrap."
+	ewarn ""
+	ewarn "Some GrSecurity settings in relation to chroot security will cause LXC not to"
+	ewarn "work, while others will actually make it much more secure. Please refer to"
+	ewarn "Diego Elio Pettenò's weblog at http://blog.flameeyes.eu/tag/lxc for further"
+	ewarn "details."
+}