From f5dab2b2c7e5fb8800224bfbf5ff5eaa23d3ce43 Mon Sep 17 00:00:00 2001 From: Nils Freydank Date: Wed, 20 Mar 2019 12:31:09 +0100 Subject: [PATCH] app-emulation/lxd: Import the tree's LXD ebuild (DO NOT USE IT!) The ebuild drops iptables support bluntly as I personally nftables. LXD networking commands won't work without iptables so far. Package-Manager: Portage-2.3.62, Repoman-2.3.12 Manifest-Sign-Key: 00EFD31F1B60D5DBADB831C1C0ECE6960E54475B Signed-off-by: Nils Freydank --- app-emulation/lxd/Manifest | 22 ++ .../lxd/files/de-translation-newline-1.patch | 11 + app-emulation/lxd/files/lxd.confd | 24 ++ app-emulation/lxd/files/lxd.initd | 46 ++++ app-emulation/lxd/files/lxd.service | 10 + .../lxd/files/ptbr-translation-newline.patch | 19 ++ app-emulation/lxd/lxd-3.10-r1.ebuild | 239 ++++++++++++++++++ app-emulation/lxd/metadata.xml | 40 +++ profiles/use.local.desc | 3 + 9 files changed, 414 insertions(+) create mode 100644 app-emulation/lxd/Manifest create mode 100644 app-emulation/lxd/files/de-translation-newline-1.patch create mode 100644 app-emulation/lxd/files/lxd.confd create mode 100644 app-emulation/lxd/files/lxd.initd create mode 100644 app-emulation/lxd/files/lxd.service create mode 100644 app-emulation/lxd/files/ptbr-translation-newline.patch create mode 100644 app-emulation/lxd/lxd-3.10-r1.ebuild create mode 100644 app-emulation/lxd/metadata.xml create mode 100644 profiles/use.local.desc diff --git a/app-emulation/lxd/Manifest b/app-emulation/lxd/Manifest new file mode 100644 index 0000000..bf1c62f --- /dev/null +++ b/app-emulation/lxd/Manifest @@ -0,0 +1,22 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +DIST lxd-3.10.tar.gz 27057432 BLAKE2B b5a5c3cd4f1045419c806510aab21c3bcde8c8687ede808b1b832e2a0caba0ff3af5d79367141b29e84c0bd3bcf6958d917bc813700220e238cd21933963009b SHA512 25ed7675af7b6861d754607b19485e329ae344befac06fe33f326e34030755359bea6f574c414849b85f034533fd5dccb95a326ae0ad9e44b8ea366f7ee44d04 +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCAB9FiEEcg3s4uUa4XE72XWQvF3CmYqtKyEFAlySJHVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcy +MERFQ0UyRTUxQUUxNzEzQkQ5NzU5MEJDNURDMjk5OEFBRDJCMjEACgkQvF3CmYqt +KyF/BQ/8CMQYZ3yc8m2Hfbo6z2gmHWak77WVuGhX9lvw2AfdiXJF+o89FRWfDkNY +kV/72xcmDCx1TNZrS3QZKiM2kAcoslXP7FO8degh+EFTADUm/d8MnhfKYjqsgIgm +hkWPTak5oNehlNyQBOyYFOtxSu8eMKfoI8Jtlm5y2XAiij54Z+aGyF1Yk0E6+W8G +qX4HvOgx3UfHkADO6bO5rW+M+HmMTUXktxoEHQuOGd1cBIGHQJHOIIvo9xIazgT9 +fZItYIBNqws3SsxUJgv23j+BP7Cwfv7C69cgktu5wFC2d+gffuFCGCtgZQSH8OJ1 +66L4MTMx4RYFs6ecJeZnXXW+VtbvmQ8Qb1m+RBec4ECugTukY2XN7Jg9mfNfqgOG +iNuSNKZc3AwweojcVc/h85eOapnvpp8TUQPqpygF4B5v01sfJi9viiD7U3Cr1pXh +In4r3UG1947tyULVbIuIo/E8kuz4c/LEOksndXsMJZiiOWenw2tl4nDEkq2iI3xE +vVso3dhPx6kztFSNINVNOLrso5TSWOXtHyCiIjYtiqrTlQZ5y8yWT16ewMN/wNta +F2GdrU4+49UFW/UwP4Hx9CHq2qH/2L50XBmnIAUH1Q2g0yr+87/tNpSQh1tjNHBT +pstdsXstcV4/dIhc87Q/dpZjYB5SfwPHHdO52e9OvrZlyluW0VI= +=tR3G +-----END PGP SIGNATURE----- diff --git a/app-emulation/lxd/files/de-translation-newline-1.patch b/app-emulation/lxd/files/de-translation-newline-1.patch new file mode 100644 index 0000000..4c731e9 --- /dev/null +++ b/app-emulation/lxd/files/de-translation-newline-1.patch @@ -0,0 +1,11 @@ +--- /po/de.po 2018-06-27 19:57:56.759130047 -0500 ++++ /po/de.po 2018-06-27 20:01:09.694634346 -0500 +@@ -167,7 +167,7 @@ + "###\n" + "### Each property is represented by a single line:\n" + "### An example would be:\n" +-"### description: My custom image" ++"### description: My custom image\n" + msgstr "" + "### Dies ist eine Darstellung der Eigenschaften eines Images in yaml.\n" + "### Jede Zeile die mit '# beginnt wird ignoriert.\n" diff --git a/app-emulation/lxd/files/lxd.confd b/app-emulation/lxd/files/lxd.confd new file mode 100644 index 0000000..8e342cc --- /dev/null +++ b/app-emulation/lxd/files/lxd.confd @@ -0,0 +1,24 @@ +# Group which owns the shared socket +LXD_OPTIONS+=" --group lxd" + + + +# Enable cpu profiling into the specified file +#LXD_OPTIONS+=" --cpuprofile /tmp/lxc_cpu_profile" + +# Enable memory profiling into the specified file +#LXD_OPTIONS+=" --memprofile /tmp/lxc_mem_profile" + + + +# Enables debug mode +#LXD_OPTIONS+=" --debug" + +# For debugging, print a complete stack trace every n seconds +#LXD_OPTIONS+=" --print-goroutines 5" + +# Enables verbose mode +#LXD_OPTIONS+=" --verbose" + +# Logfile to log to +#LXD_OPTIONS+=" --logfile /var/log/lxd/lxd.log" diff --git a/app-emulation/lxd/files/lxd.initd b/app-emulation/lxd/files/lxd.initd new file mode 100644 index 0000000..0da2a43 --- /dev/null +++ b/app-emulation/lxd/files/lxd.initd @@ -0,0 +1,46 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/usr/sbin/lxd +PIDFILE=/run/lxd.pid + +extra_commands="stopall" + +depend() { + need net + use lxcfs +} + +start() { + ebegin "Starting lxd service" + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + ${LXD_OPTIONS} + + eend $? +} + +stop() { + if [ "$RC_GOINGDOWN" = "YES" ] || [ "$RC_REBOOT" = "YES" ]; then + stopall + else + ebegin "Stopping lxd service (but not containers)" + start-stop-daemon --stop --quiet -R TERM/45 -p ${PIDFILE} + eend $? + fi +} + +stopall() { + ebegin "Stopping lxd service and containers" + if "${DAEMON}" shutdown; then + /etc/init.d/lxd zap + rm -f ${PIDFILE} + fi + eend $? +} diff --git a/app-emulation/lxd/files/lxd.service b/app-emulation/lxd/files/lxd.service new file mode 100644 index 0000000..d00635f --- /dev/null +++ b/app-emulation/lxd/files/lxd.service @@ -0,0 +1,10 @@ +[Unit] +Description=Container hypervisor based on LXC + +[Service] +ExecStart=/usr/sbin/lxd --group lxd +KillMode=process +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/app-emulation/lxd/files/ptbr-translation-newline.patch b/app-emulation/lxd/files/ptbr-translation-newline.patch new file mode 100644 index 0000000..92d78ca --- /dev/null +++ b/app-emulation/lxd/files/ptbr-translation-newline.patch @@ -0,0 +1,19 @@ +--- /po/pt_BR.po.orig 2018-10-13 23:27:01.523645894 -0500 ++++ /po/pt_BR.po 2018-10-13 23:28:04.730644762 -0500 +@@ -95,7 +95,6 @@ + "###\n" + "### Note that the name is shown but cannot be changed" + msgstr "" +-"\n" + "### Esta é uma representação em yaml da configuração.\n" + "### Qualquer linha começando com '#' será ignorada.\n" + "###\n" +@@ -112,7 +111,7 @@ + "### type: disk\n" + "### ephemeral: false\n" + "###\n" +-"### Observe que o nome é exibido mas não pode ser modificado\n" ++"### Observe que o nome é exibido mas não pode ser modificado" + + #: lxc/config_metadata.go:63 + msgid "" diff --git a/app-emulation/lxd/lxd-3.10-r1.ebuild b/app-emulation/lxd/lxd-3.10-r1.ebuild new file mode 100644 index 0000000..50260e0 --- /dev/null +++ b/app-emulation/lxd/lxd-3.10-r1.ebuild @@ -0,0 +1,239 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Fast, dense and secure container management" +HOMEPAGE="https://linuxcontainers.org/lxd/introduction/" + +LICENSE="Apache-2.0 BSD BSD-2 LGPL-3 MIT MPL-2.0" +SLOT="0" +KEYWORDS="~amd64" + +IUSE="+daemon +ipv6 +dnsmasq nls test tools" + +inherit autotools bash-completion-r1 linux-info systemd user + +SRC_URI="https://linuxcontainers.org/downloads/${PN}/${P}.tar.gz" + +DEPEND=" + dev-lang/tcl + >=dev-lang/go-1.9.4 + dev-libs/libuv + dev-libs/protobuf + nls? ( sys-devel/gettext ) + test? ( + app-misc/jq + net-misc/curl + sys-devel/gettext + ) +" + +RDEPEND=" + daemon? ( + app-arch/xz-utils + >=app-emulation/lxc-2.0.7[seccomp] + dev-libs/libuv + dev-libs/lzo + dev-util/xdelta:3 + dnsmasq? ( + net-dns/dnsmasq[dhcp,ipv6?] + ) + net-libs/libnfnetlink + net-libs/libnsl:0= + net-misc/rsync[xattr] + sys-apps/iproute2[ipv6?] + sys-fs/fuse + sys-fs/lxcfs + sys-fs/squashfs-tools + virtual/acl + ) +" + +CONFIG_CHECK=" + ~BRIDGE + ~DUMMY + ~IP6_NF_NAT + ~IP6_NF_TARGET_MASQUERADE + ~IPV6 + ~IP_NF_NAT + ~IP_NF_TARGET_MASQUERADE + ~MACVLAN + ~NETFILTER_XT_MATCH_COMMENT + ~NET_IPGRE + ~NET_IPGRE_DEMUX + ~NET_IPIP + ~NF_NAT_MASQUERADE_IPV4 + ~NF_NAT_MASQUERADE_IPV6 + ~VXLAN +" + +ERROR_BRIDGE="BRIDGE: needed for network commands" +ERROR_DUMMY="DUMMY: needed for network commands" +ERROR_IP6_NF_NAT="IP6_NF_NAT: needed for network commands" +ERROR_IP6_NF_TARGET_MASQUERADE="IP6_NF_TARGET_MASQUERADE: needed for network commands" +ERROR_IPV6="IPV6: needed for network commands" +ERROR_IP_NF_NAT="IP_NF_NAT: needed for network commands" +ERROR_IP_NF_TARGET_MASQUERADE="IP_NF_TARGET_MASQUERADE: needed for network commands" +ERROR_MACVLAN="MACVLAN: needed for network commands" +ERROR_NETFILTER_XT_MATCH_COMMENT="NETFILTER_XT_MATCH_COMMENT: needed for network commands" +ERROR_NET_IPGRE="NET_IPGRE: needed for network commands" +ERROR_NET_IPGRE_DEMUX="NET_IPGRE_DEMUX: needed for network commands" +ERROR_NET_IPIP="NET_IPIP: needed for network commands" +ERROR_NF_NAT_MASQUERADE_IPV4="NF_NAT_MASQUERADE_IPV4: needed for network commands" +ERROR_NF_NAT_MASQUERADE_IPV6="NF_NAT_MASQUERADE_IPV6: needed for network commands" +ERROR_VXLAN="VXLAN: needed for network commands" + +EGO_PN="github.com/lxc/lxd" + +src_prepare() { + eapply_user + eapply "${FILESDIR}/de-translation-newline-1.patch" + eapply "${FILESDIR}/ptbr-translation-newline.patch" + + cd "${S}/dist/dqlite" || die "Can't cd to dqlite dir" + eautoreconf +} + +src_configure() { + export GOPATH="${S}/dist" + cd "${GOPATH}/sqlite" || die "Can't cd to sqlite dir" + econf --enable-replication --disable-amalgamation --disable-tcl --libdir="${EPREFIX}/usr/lib/lxd" + + cd "${GOPATH}/dqlite" || die "Can't cd to dqlite dir" + PKG_CONFIG_PATH="${GOPATH}/sqlite/" econf --libdir=${EPREFIX}/usr/lib/lxd +} + +src_compile() { + export GOPATH="${S}/dist" + + cd "${GOPATH}/sqlite" || die "Can't cd to sqlite dir" + emake + + cd "${GOPATH}/dqlite" || die "Can't cd to dqlite dir" + emake CFLAGS="-I${GOPATH}/sqlite" LDFLAGS="-L${GOPATH}/sqlite" + + # We don't use the Makefile here because it builds targets with the + # assumption that `pwd` is in a deep gopath namespace, which we're not. + # It's simpler to manually call "go install" than patching the Makefile. + cd "${S}" + go install -v -x ${EGO_PN}/lxc || die "Failed to build the client" + + if use daemon; then + + # LXD depends on a patched, bundled sqlite with replication + # capabilities. + export CGO_CFLAGS="-I${GOPATH}/sqlite/ -I${GOPATH}/dqlite/include/" + export CGO_LDFLAGS="-L${GOPATH}/sqlite/.libs/ -L${GOPATH}/dqlite/.libs/ -Wl,-rpath,${EPREFIX}/usr/lib/lxd" + export LD_LIBRARY_PATH="${GOPATH}/sqlite/.libs/:${GOPATH}/dqlite/.libs/" + + go install -v -x -tags libsqlite3 ${EGO_PN}/lxd || die "Failed to build the daemon" + fi + + if use tools; then + go install -v -x ${EGO_PN}/fuidshift || die "Failed to build fuidshift" + go install -v -x ${EGO_PN}/lxc-to-lxd || die "Failed to build lxc-to-lxd" + go install -v -x ${EGO_PN}/lxd-benchmark || die "Failed to build lxd-benchmark" + go install -v -x ${EGO_PN}/lxd-p2c || die "Failed to build lxd-p2c" + fi + + use nls && emake build-mo +} + +src_test() { + if use daemon; then + export GOPATH="${S}/dist" + # This is mostly a copy/paste from the Makefile's "check" rule, but + # patching the Makefile to work in a non "fully-qualified" go namespace + # was more complicated than this modest copy/paste. + # Also: sorry, for now a network connection is needed to run tests. + # Will properly bundle test dependencies later. + go get -v -x github.com/rogpeppe/godeps + go get -v -x github.com/remyoudompheng/go-misc/deadcode + go get -v -x github.com/golang/lint/golint + go test -v ${EGO_PN}/lxd + else + einfo "No tests to run for client-only builds" + fi +} + +src_install() { + local bindir="dist/bin" + dobin ${bindir}/lxc + if use daemon; then + + export GOPATH="${S}/dist" + cd "${GOPATH}/sqlite" || die "Can't cd to sqlite dir" + emake DESTDIR="${D}" install + + cd "${GOPATH}/dqlite" || die "Can't cd to dqlite dir" + emake DESTDIR="${D}" install + + # Must only install libs + rm "${D}/usr/bin/sqlite3" || die "Can't remove custom sqlite3 binary" + rm -r "${D}/usr/include" || die "Can't remove include directory" + + cd "${S}" || die "Can't cd to \${S}" + dosbin ${bindir}/lxd + fi + + if use tools; then + dobin ${bindir}/fuidshift + dobin ${bindir}/lxc-to-lxd + dobin ${bindir}/lxd-benchmark + dobin ${bindir}/lxd-p2c + fi + + if use nls; then + domo po/*.mo + fi + + if use daemon; then + newinitd "${FILESDIR}"/${PN}.initd lxd + newconfd "${FILESDIR}"/${PN}.confd lxd + + systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service + fi + + newbashcomp scripts/bash/lxd-client lxc + + dodoc AUTHORS doc/* +} + +pkg_postinst() { + elog + elog "Consult https://wiki.gentoo.org/wiki/LXD for more information," + elog "including a Quick Start." + + # The messaging below only applies to daemon installs + use daemon || return 0 + + # The control socket will be owned by (and writeable by) this group. + enewgroup lxd + + # Ubuntu also defines an lxd user but it appears unused (the daemon + # must run as root) + + elog + elog "Though not strictly required, some features are enabled at run-time" + elog "when the relevant helper programs are detected:" + elog "- sys-apps/apparmor" + elog "- sys-fs/btrfs-progs" + elog "- sys-fs/lvm2" + elog "- sys-fs/zfs" + elog "- sys-process/criu" + elog + elog "Since these features can't be disabled at build-time they are" + elog "not USE-conditional." + elog + elog "Be sure to add your local user to the lxd group." + elog + elog "Networks with bridge.mode=fan are unsupported due to requiring" + elog "a patched kernel and iproute2." +} + +# TODO: +# - man page, I don't see cobra generating it +# - maybe implement LXD_CLUSTER_UPDATE per +# https://discuss.linuxcontainers.org/t/lxd-3-5-has-been-released/2656 +# EM I'm not convinced it's a good design. diff --git a/app-emulation/lxd/metadata.xml b/app-emulation/lxd/metadata.xml new file mode 100644 index 0000000..16a8be3 --- /dev/null +++ b/app-emulation/lxd/metadata.xml @@ -0,0 +1,40 @@ + + + + + holgersson@posteo.de + Nils Freydank + + + stasibear@gentoo.org + Erik Mackdanz + + + vdupras@gentoo.org + Virgil Dupras + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + By combining the speed and density of containers with + the security of traditional virtual machines, LXD is + the next-generation of container hypervisor for Linux + from Canonical. + + + lxc/lxd + + + + Build the system daemon, not just the client tool + + + Depend on dnsmasq to provide DHCP and DNS + + + Build and install optional tools + + + diff --git a/profiles/use.local.desc b/profiles/use.local.desc new file mode 100644 index 0000000..932cdc6 --- /dev/null +++ b/profiles/use.local.desc @@ -0,0 +1,3 @@ +app-emulation/lxd:daemon - Build the system daemon, not just the client tool +app-emulation/lxd:dnsmasq - Depend on dnsmasq to provide DHCP and DNS +app-emulation/lxd:tools - Build and install optional tools