app-containers/incus: add 0.4

- both openrc and systemd init.d / service files updated to match how upstream intends them to be used https://linuxcontainers.org/incus/docs/main/packaging/#init-scripts - include fuidshift again, installed in /usr/sbin like it's supposed to. Won't collide with lxd's fuidshift. Signed-off-by: Joonas Niilola <juippis@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/34449
author: Joonas Niilola <juippis@gentoo.org> 2023-12-23 19:14:38 +0200
committer: Joonas Niilola <juippis@gentoo.org> 2023-12-27 19:21:54 +0200
commit: 8b444fdf558229dfaa8af62834399d594ca169c0 (patch)
tree: eaf0e9cd415f32eb7491353a92ed843b9c4ba691 /app-containers
parent: media-libs/lsp-plugins: add 1.2.14 (diff)
download: gentoo-8b444fdf558229dfaa8af62834399d594ca169c0.tar.gz
gentoo-8b444fdf558229dfaa8af62834399d594ca169c0.tar.bz2
gentoo-8b444fdf558229dfaa8af62834399d594ca169c0.zip
11 files changed, 415 insertions, 0 deletions
diff --git a/app-containers/incus/Manifest b/app-containers/incus/Manifest
index 25ce019f4241..5d0775b6959f 100644
--- a/app-containers/incus/Manifest
+++ b/app-containers/incus/Manifest
@@ -1,2 +1,4 @@
 DIST incus-0.3.tar.xz 13344380 BLAKE2B 8160843df4ff419ef8890fcdd6b6b7e2c3cdec509ae072ec195c2b2c44e61ab3dc20a0488e9023d891b7ee2f2c700cfb8206ebe29236c29705a7121e5436d64f SHA512 d3f3141f72a8ecf007faca8c2f2d1465d766d12f763e714d296fd28acd7e3095dd49834d428f42bf142e301cf1af7ee00ef74005d128c49aa147fb4d9348dbde
 DIST incus-0.3.tar.xz.asc 833 BLAKE2B 532ee90f3ed1d4798a19dcc9df8fe6587ab5ab93d18accae7aae8e44cb8c8086c77702a572a371a966eee4ebed84a2d7941f52001152a1894e1d74aa235a06e0 SHA512 afd2aab52a19b618d194eab71974f84d1d3eb9639b2672d8e94153ac23b05764667374504b5f1355238341c4194de282d3bc7635335375fd347ba513eb66e685
+DIST incus-0.4.tar.xz 13544656 BLAKE2B 19f6dd9a0707d60e60b42fd586ed2a041a4ac66b071b8a8dc2f11e9fa6f11c3d4c464d4763babc22aa4e58e3964d079bdc3028848c460a5ebaed41573a4b3f65 SHA512 2d31f0dfa5408db9408946b4f872a051c792a2a47fb80962e62e6b6691c9c52c4532935f6d5bcbef05b80a1bc66f6cf68b1e61d148d8964569df0a98360c582e
+DIST incus-0.4.tar.xz.asc 833 BLAKE2B 7d78d6808f8bbab78427ddc41925bde68a965e1594e0a90a56471c81f5f71798e286031caabb50ecf8a8b7b084660eefaf7644f2753d3810903e2f5194cf70fe SHA512 ce5bf32f7007a4dcf339b549da14ce9094ebe031311bd77707155d90e6ab05d1b56841910b934c96d9fed941815ce47ee746222100cee42d28bcc7c312c25bfb
diff --git a/app-containers/incus/files/incus-0.4.confd b/app-containers/incus/files/incus-0.4.confd
new file mode 100644
index 000000000000..b0f7e0e212ae
--- /dev/null
+++ b/app-containers/incus/files/incus-0.4.confd
@@ -0,0 +1,26 @@
+# Group which owns the shared socket
+INCUS_OPTIONS+=" --group incus-admin"
+
+# Enable cpu profiling into the specified file
+#INCUS_OPTIONS+=" --cpuprofile /tmp/lxc_cpu_profile"
+
+# Enable memory profiling into the specified file
+#INCUS_OPTIONS+=" --memprofile /tmp/lxc_mem_profile"
+
+# Enable debug mode
+#INCUS_OPTIONS+=" --debug"
+
+# For debugging, print a complete stack trace every n seconds
+#INCUS_OPTIONS+=" --print-goroutines-every 5"
+
+# Enable verbose mode
+#INCUS_OPTIONS+=" -v"
+
+# Logfile to log to
+#INCUS_OPTIONS+=" --logfile /var/log/incus/incus.log"
+
+# Enable syslog logging
+#INCUS_OPTIONS+=" --syslog"
+
+# Increase ulimits to allow more open files on OpenRC.
+rc_ulimit="-n 1048576 -l unlimited"
diff --git a/app-containers/incus/files/incus-0.4.initd b/app-containers/incus/files/incus-0.4.initd
new file mode 100644
index 000000000000..34e1f07a8921
--- /dev/null
+++ b/app-containers/incus/files/incus-0.4.initd
@@ -0,0 +1,59 @@
+#!/sbin/openrc-run
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+DAEMON=/usr/sbin/incusd
+PIDFILE=/run/incus.pid
+
+depend() {
+	need net
+	need lxcfs
+}
+
+start() {
+	ebegin "Starting incus daemon service"
+
+	modprobe -f loop > /dev/null 2>&1
+
+	# Fix permissions on /var/lib/incus and make sure it exists.
+	# Create a log directory for incus with correct permissions.
+	install -d /var/lib/incus --group incus-admin --owner root --mode 0775
+	install -d /var/log/incus --group incus-admin --owner root
+
+	start-stop-daemon --start \
+		--pidfile ${PIDFILE} \
+		--exec ${DAEMON} \
+		--background \
+		--make-pidfile \
+		-- \
+		${INCUS_OPTIONS}
+	eend ${?}
+
+	# Create necessary systemd paths in order for systemd containers to work on openrc host.
+	# /etc/rc.conf should have following values:
+	#   rc_cgroup_mode="hybrid"
+	if [ -d /sys/fs/cgroup/unified ] &&
+	[ ! -d /sys/fs/cgroup/systemd ]; then
+		install -d /sys/fs/cgroup/systemd --group incus-admin --owner root
+		mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
+	fi
+}
+
+stop() {
+	if [ "${RC_CMD}" = restart ]; then
+		ebegin "Stopping incus daemon service (but not containers)"
+		# start-stop-daemon sends SIGTERM with a timeout of 5s by default.
+		# SIGTERM indicates to INCUS that it will be stopped temporarily.
+		# Instances will keep running.
+		start-stop-daemon --stop --quiet -p "${PIDFILE}"
+		eend ${?}
+	else
+		ebegin "Stopping incus daemon service and containers, waiting 40s"
+		# SIGPWR indicates to INCUS that the host is going down.
+		# LXD will do a clean shutdown of all instances.
+		# After 30s all remaining instances will be killed.
+		# We wait up to 40s for INCUS.
+		start-stop-daemon --stop --quiet -R SIGPWR/40 -p "${PIDFILE}"
+		eend ${?}
+	fi
+}
diff --git a/app-containers/incus/files/incus-0.4.service b/app-containers/incus/files/incus-0.4.service
new file mode 100644
index 000000000000..17aea1de12b9
--- /dev/null
+++ b/app-containers/incus/files/incus-0.4.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Incus - main daemon
+After=network-online.target lxcfs.service incus.socket
+Requires=network-online.target lxcfs.service incus.socket
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/sbin/incusd --group incus-admin --syslog
+ExecStartPost=/usr/sbin/incusd waitready --timeout=600
+ExecStartPre=/bin/mkdir -p /var/log/incus
+ExecStartPre=/bin/chown -R root:incus-admin /var/log/incus
+KillMode=process
+PermissionsStartOnly=true
+TimeoutStartSec=600s
+TimeoutStopSec=30s
+Restart=on-failure
+LimitNOFILE=1048576
+LimitNPROC=infinity
+TasksMax=infinity
+
+[Install]
+Also=incus-startup.service incus.socket
diff --git a/app-containers/incus/files/incus-0.4.socket b/app-containers/incus/files/incus-0.4.socket
new file mode 100644
index 000000000000..741fadd0309d
--- /dev/null
+++ b/app-containers/incus/files/incus-0.4.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=Incus - Daemon (unix socket)
+
+[Socket]
+ListenStream=/var/lib/incus/unix.socket
+SocketGroup=incus-admin
+SocketMode=0660
+Service=incus.service
+
+[Install]
+WantedBy=sockets.target
diff --git a/app-containers/incus/files/incus-startup-0.4.service b/app-containers/incus/files/incus-startup-0.4.service
new file mode 100644
index 000000000000..8838bdc4949d
--- /dev/null
+++ b/app-containers/incus/files/incus-startup-0.4.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Incus - Startup check
+After=incus.socket incus.service
+Requires=incus.socket
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/incus-startup start
+ExecStop=/usr/sbin/incus-startup stop
+TimeoutStartSec=600s
+TimeoutStopSec=600s
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-containers/incus/files/incus-startup-0.4.sh b/app-containers/incus/files/incus-startup-0.4.sh
new file mode 100644
index 000000000000..6b19f22e4cb5
--- /dev/null
+++ b/app-containers/incus/files/incus-startup-0.4.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    start)
+      systemctl is-active incus -q && exit 0
+      exec incusd activateifneeded
+    ;;
+
+    stop)
+      systemctl is-active incus -q || exit 0
+      exec incusd shutdown
+    ;;
+
+    *)
+        echo "unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+exit 0
diff --git a/app-containers/incus/files/incus-user-0.4.initd b/app-containers/incus/files/incus-user-0.4.initd
new file mode 100644
index 000000000000..7d81d298f584
--- /dev/null
+++ b/app-containers/incus/files/incus-user-0.4.initd
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="incus-user socket daemon"
+description="incus-user socket daemon"
+
+DAEMON=/usr/sbin/incus-user
+PIDFILE=/run/incus-user.pid
+
+depend() {
+	need incus
+	need net
+}
+
+start() {
+	ebegin "Starting incus-user socket daemon"
+
+	start-stop-daemon --start \
+		--pidfile ${PIDFILE} \
+		--exec ${DAEMON} \
+		--background \
+		--make-pidfile \
+		-- \
+		--group incus
+	eend ${?}
+}
+
+stop() {
+	if [ "${RC_CMD}" = restart ]; then
+		start-stop-daemon --stop --quiet -p "${PIDFILE}"
+		eend ${?}
+	else
+		start-stop-daemon --stop --quiet -p "${PIDFILE}"
+		eend ${?}
+	fi
+}
diff --git a/app-containers/incus/files/incus-user-0.4.service b/app-containers/incus/files/incus-user-0.4.service
new file mode 100644
index 000000000000..4cb4d44263cb
--- /dev/null
+++ b/app-containers/incus/files/incus-user-0.4.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Incus - User daemon
+After=incus-user.socket incus.service
+Requires=incus-user.socket
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/sbin/incus-user --group incus
+Restart=on-failure
+
+[Install]
+Also=incus-user.socket
diff --git a/app-containers/incus/files/incus-user-0.4.socket b/app-containers/incus/files/incus-user-0.4.socket
new file mode 100644
index 000000000000..5c14276fc6c6
--- /dev/null
+++ b/app-containers/incus/files/incus-user-0.4.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=Incus - Daemon (user unix socket)
+
+[Socket]
+ListenStream=/var/lib/incus/unix.socket.user
+SocketGroup=incus
+SocketMode=0660
+Service=incus-user.service
+
+[Install]
+WantedBy=sockets.target
diff --git a/app-containers/incus/incus-0.4.ebuild b/app-containers/incus/incus-0.4.ebuild
new file mode 100644
index 000000000000..7396bf70e77a
--- /dev/null
+++ b/app-containers/incus/incus-0.4.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1 go-module linux-info optfeature systemd verify-sig
+
+DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
+HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
+SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
+	verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
+
+LICENSE="Apache-2.0 BSD LGPL-3 MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="apparmor nls"
+
+DEPEND="acct-group/incus
+	acct-group/incus-admin
+	app-arch/xz-utils
+	>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
+	dev-db/sqlite:3
+	dev-libs/cowsql
+	dev-libs/lzo
+	>=dev-libs/raft-0.18.3:=[lz4]
+	>=dev-util/xdelta-3.0[lzma(+)]
+	net-dns/dnsmasq[dhcp]
+	sys-libs/libcap
+	virtual/udev"
+RDEPEND="${DEPEND}
+	net-firewall/ebtables
+	net-firewall/iptables
+	sys-apps/iproute2
+	sys-fs/fuse:*
+	>=sys-fs/lxcfs-5.0.0
+	sys-fs/squashfs-tools[lzma]
+	virtual/acl"
+BDEPEND="dev-lang/go
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
+
+CONFIG_CHECK="
+	~CGROUPS
+	~IPC_NS
+	~NET_NS
+	~PID_NS
+
+	~SECCOMP
+	~USER_NS
+	~UTS_NS
+
+	~KVM
+	~MACVTAP
+	~VHOST_VSOCK
+"
+
+ERROR_IPC_NS="CONFIG_IPC_NS is required."
+ERROR_NET_NS="CONFIG_NET_NS is required."
+ERROR_PID_NS="CONFIG_PID_NS is required."
+ERROR_SECCOMP="CONFIG_SECCOMP is required."
+ERROR_UTS_NS="CONFIG_UTS_NS is required."
+
+WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
+WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
+WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
+
+# Go magic.
+QA_PREBUILT="/usr/bin/incus
+	/usr/bin/lxc-to-incus
+	/usr/bin/incus-agent
+	/usr/bin/incus-benchmark
+	/usr/bin/incus-migrate
+	/usr/sbin/fuidshift
+	/usr/sbin/lxd-to-incus
+	/usr/sbin/incusd"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
+
+# The testsuite must be run as root.
+# make: *** [Makefile:156: check] Error 1
+RESTRICT="test"
+
+GOPATH="${S}/_dist"
+
+src_prepare() {
+	export GOPATH="${S}/_dist"
+
+	default
+
+	sed -i \
+		-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
+		-e "s:make:make ${MAKEOPTS}:g" \
+		Makefile || die
+
+	# Fix hardcoded ovmf file path, see bug 763180
+	sed -i \
+		-e "s:/usr/share/OVMF:/usr/share/edk2-ovmf:g" \
+		-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
+		doc/environment.md \
+		internal/server/apparmor/instance.go \
+		internal/server/apparmor/instance_qemu.go \
+		internal/server/instance/drivers/driver_qemu.go || die "Failed to fix hardcoded ovmf paths."
+
+	# Fix hardcoded virtfs-proxy-helper file path, see bug 798924
+	sed -i \
+		-e "s:/usr/lib/qemu/virtfs-proxy-helper:/usr/libexec/virtfs-proxy-helper:g" \
+		internal/server/device/device_utils_disk.go || die "Failed to fix virtfs-proxy-helper path."
+
+	cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die
+	if use apparmor; then
+		sed -i \
+			'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
+			"${T}"/incus.service || die
+	fi
+
+	# Disable -Werror's from go modules.
+	find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
+}
+
+src_configure() { :; }
+
+src_compile() {
+	export GOPATH="${S}/_dist"
+	export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
+
+	# fuidshift should be packaged for incus-lts, making it conflict with lxd.
+	for k in fuidshift incus-benchmark incus-user incus lxc-to-incus ; do
+		ego install -v -x "${S}/cmd/${k}"
+	done
+
+	ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
+
+	# Needs to be built statically
+	CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate
+	CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent
+
+	cd "${S}"/cmd/lxd-to-incus || die
+	ego build -v -x ./
+	cd "${S}" || die
+
+	use nls && emake build-mo
+}
+
+src_test() {
+	emake check
+}
+
+src_install() {
+	export GOPATH="${S}/_dist"
+	local bindir="_dist/bin"
+
+	newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
+
+	# Admin tools
+	for l in incusd incus-user fuidshift ; do
+		dosbin ${bindir}/${l}
+	done
+	dosbin cmd/lxd-to-incus/lxd-to-incus
+
+	# User tools
+	for m in incus-agent incus-benchmark incus-migrate incus lxc-to-incus ; do
+		dobin ${bindir}/${m}
+	done
+
+	newconfd "${FILESDIR}"/incus-0.4.confd incus
+	newinitd "${FILESDIR}"/incus-0.4.initd incus
+	newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
+
+	systemd_dounit "${T}"/incus.service
+	systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
+	systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
+	systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
+	systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
+
+	dobashcomp scripts/bash/incus
+
+	dodoc AUTHORS
+	dodoc -r doc/*
+	use nls && domo po/*.mo
+}
+
+pkg_postinst() {
+	elog
+	elog "Please see"
+	elog "  https://linuxcontainers.org/incus/introduction/"
+	elog "  https://linuxcontainers.org/incus/docs/main/tutorial/first_steps/"
+	elog "  https://linuxcontainers.org/incus/docs/main/howto/server_migrate_lxd/"
+	elog "before a Gentoo Wiki page is made."
+	elog
+	optfeature "virtual machine support" app-emulation/qemu[spice,usbredir,virtfs]
+	optfeature "btrfs storage backend" sys-fs/btrfs-progs
+	optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
+	optfeature "full incus-migrate support" net-misc/rsync
+	optfeature "lvm2 storage backend" sys-fs/lvm2
+	optfeature "zfs storage backend" sys-fs/zfs
+	elog
+	elog "Be sure to add your local user to the incus group."
+	elog
+}
author	Joonas Niilola <juippis@gentoo.org>	2023-12-23 19:14:38 +0200
committer	Joonas Niilola <juippis@gentoo.org>	2023-12-27 19:21:54 +0200
commit	8b444fdf558229dfaa8af62834399d594ca169c0 (patch)
tree	eaf0e9cd415f32eb7491353a92ed843b9c4ba691 /app-containers
parent	media-libs/lsp-plugins: add 1.2.14 (diff)
download	gentoo-8b444fdf558229dfaa8af62834399d594ca169c0.tar.gz gentoo-8b444fdf558229dfaa8af62834399d594ca169c0.tar.bz2 gentoo-8b444fdf558229dfaa8af62834399d594ca169c0.zip