[mirror_lxc.git] / templates / lxc-download.in

#!/bin/sh

# Client script for LXC container images.
#
# Copyright © 2014 Stéphane Graber <stgraber@ubuntu.com>
#
#  This library is free software; you can redistribute it and/or
#  modify it under the terms of the GNU Lesser General Public
#  License as published by the Free Software Foundation; either
#  version 2.1 of the License, or (at your option) any later version.

#  This library is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#  Lesser General Public License for more details.

#  You should have received a copy of the GNU Lesser General Public
#  License along with this library; if not, write to the Free Software
#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
#  USA

set -eu

LOCALSTATEDIR="@LOCALSTATEDIR@"
LXC_HOOK_DIR="@LXCHOOKDIR@"
LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"

# Defaults
DOWNLOAD_ARCH=
DOWNLOAD_BUILD=
DOWNLOAD_COMPAT_LEVEL=2
DOWNLOAD_DIST=
DOWNLOAD_FLUSH_CACHE="false"
DOWNLOAD_FORCE_CACHE="false"
DOWNLOAD_INTERACTIVE="false"
DOWNLOAD_KEYID="0xBAEFF88C22F6E216"
DOWNLOAD_KEYSERVER="hkp://pool.sks-keyservers.net"
DOWNLOAD_LIST_IMAGES="false"
DOWNLOAD_MODE="system"
DOWNLOAD_READY_GPG="false"
DOWNLOAD_RELEASE=
DOWNLOAD_SERVER="images.linuxcontainers.org"
DOWNLOAD_SHOW_GPG_WARNING="true"
DOWNLOAD_SHOW_HTTP_WARNING="true"
DOWNLOAD_TARGET="system"
DOWNLOAD_URL=
DOWNLOAD_USE_CACHE="false"
DOWNLOAD_VALIDATE="true"
DOWNLOAD_VARIANT="default"

LXC_MAPPED_GID=
LXC_MAPPED_UID=
LXC_NAME=
LXC_PATH=
LXC_ROOTFS=

# Deal with GPG over http proxy
if [ -n "${http_proxy:-}" ]; then
    DOWNLOAD_KEYSERVER="hkp://p80.pool.sks-keyservers.net:80"
fi

# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin

# Some useful functions
cleanup() {
    if [ -d "$DOWNLOAD_TEMP" ]; then
        rm -Rf $DOWNLOAD_TEMP
    fi
}

wget_wrapper() {
    for i in $(seq 3); do
        if wget $@; then
            return 0
        fi
    done

    return 1
}

download_file() {
    if ! wget_wrapper -T 30 -q https://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
        if ! wget_wrapper -T 30 -q http://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
            if [ "$3" = "noexit" ]; then
                return 1
            else
                echo "ERROR: Failed to download http://${DOWNLOAD_SERVER}/$1" 1>&2
                exit 1
            fi
        elif [ "$DOWNLOAD_SHOW_HTTP_WARNING" = "true" ]; then
            DOWNLOAD_SHOW_HTTP_WARNING="false"
            echo "WARNING: Failed to download the file over HTTPs." 1>&2
            echo -n "         The file was instead download over HTTP. " 1>&2
            echo "A server replay attack may be possible!" 1>&2
        fi
    fi
}

download_sig() {
    if ! download_file $1 $2 noexit; then
        if [ "$DOWNLOAD_VALIDATE" = "true" ]; then
            if [ "$3" = "normal" ]; then
                echo "ERROR: Failed to download http://${DOWNLOAD_SERVER}/$1" 1>&2
                exit 1
            else
                return 1
            fi
        else
            return 0
        fi
    fi
}

gpg_setup() {
    if [ "$DOWNLOAD_VALIDATE" = "false" ]; then
        return
    fi

    if [ "$DOWNLOAD_READY_GPG" = "true" ]; then
        return
    fi

    echo "Setting up the GPG keyring"

    mkdir -p "$DOWNLOAD_TEMP/gpg"
    chmod 700 "$DOWNLOAD_TEMP/gpg"
    export GNUPGHOME="$DOWNLOAD_TEMP/gpg"

    success=
    for i in $(seq 3); do
        if gpg --keyserver $DOWNLOAD_KEYSERVER \
            --recv-keys ${DOWNLOAD_KEYID} >/dev/null 2>&1; then
            success=1
            break
        fi
    done

    if [ -z "$success" ]; then
        echo "ERROR: Unable to fetch GPG key from keyserver."
        exit 1
    fi

    DOWNLOAD_READY_GPG="true"
}

gpg_validate() {
    if [ "$DOWNLOAD_VALIDATE" = "false" ]; then
        if [ "$DOWNLOAD_SHOW_GPG_WARNING" = "true" ]; then
            echo "WARNING: Running without gpg validation!" 1>&2
        fi
        DOWNLOAD_SHOW_GPG_WARNING="false"
        return 0
    fi

    if ! gpg --verify $1 >/dev/zero 2>&1; then
        echo "ERROR: Invalid signature for $1" 1>&2
        exit 1
    fi
}

in_userns() {
    [ -e /proc/self/uid_map ] || { echo no; return; }
    while read line; do
        fields=$(echo $line | awk '{ print $1 " " $2 " " $3 }')
        [ "$fields" = "0 0 4294967295" ] && { echo no; return; } || true
        echo $fields | grep -q " 0 1$" && { echo userns-root; return; } || true
    done < /proc/self/uid_map

    [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
        { echo userns-root; return; }
    echo yes
}

relevant_file() {
    FILE_PATH="${LXC_CACHE_PATH}/$1"
    if [ -e "${FILE_PATH}-${DOWNLOAD_MODE}" ]; then
        FILE_PATH="${FILE_PATH}-${DOWNLOAD_MODE}"
    fi
    if [ -e "$FILE_PATH.${DOWNLOAD_COMPAT_LEVEL}" ]; then
        FILE_PATH="${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}"
    fi

    echo $FILE_PATH
}

usage() {
    cat <<EOF
LXC container image downloader

Special arguments:
[ -h | --help ]: Print this help message and exit.
[ -l | --list ]: List all available images and exit.

Required arguments:
[ -d | --dist <distribution> ]: The name of the distribution
[ -r | --release <release> ]: Release name/version
[ -a | --arch <architecture> ]: Architecture of the container

Optional arguments:
[ --variant <variant> ]: Variant of the image (default: "default")
[ --server <server> ]: Image server (default: "images.linuxcontainers.org")
[ --keyid <keyid> ]: GPG keyid (default: 0x...)
[ --keyserver <keyserver> ]: GPG keyserver to use
[ --no-validate ]: Disable GPG validation (not recommended)
[ --flush-cache ]: Flush the local copy (if present)
[ --force-cache ]: Force the use of the local copy even if expired

LXC internal arguments (do not pass manually!):
[ --name <name> ]: The container name
[ --path <path> ]: The path to the container
[ --rootfs <rootfs> ]: The path to the container's rootfs
[ --mapped-uid <map> ]: A uid map (user namespaces)
[ --mapped-gid <map> ]: A gid map (user namespaces)
EOF
    return 0
}

options=$(getopt -o d:r:a:hl -l dist:,release:,arch:,help,list,variant:,\
server:,keyid:,keyserver:,no-validate,flush-cache,force-cache,name:,path:,\
rootfs:,mapped-uid:,mapped-gid: -- "$@")

if [ $? -ne 0 ]; then
    usage
    exit 1
fi
eval set -- "$options"

while :; do
    case "$1" in
        -h|--help)          usage && exit 1;;
        -l|--list)          DOWNLOAD_LIST_IMAGES="true"; shift 1;;
        -d|--dist)          DOWNLOAD_DIST=$2; shift 2;;
        -r|--release)       DOWNLOAD_RELEASE=$2; shift 2;;
        -a|--arch)          DOWNLOAD_ARCH=$2; shift 2;;
        --variant)          DOWNLOAD_VARIANT=$2; shift 2;;
        --server)           DOWNLOAD_SERVER=$2; shift 2;;
        --keyid)            DOWNLOAD_KEYID=$2; shift 2;;
        --keyserver)        DOWNLOAD_KEYSERVER=$2; shift 2;;
        --no-validate)      DOWNLOAD_VALIDATE="false"; shift 1;;
        --flush-cache)      DOWNLOAD_FLUSH_CACHE="true"; shift 1;;
        --force-cache)      DOWNLOAD_FORCE_CACHE="true"; shift 1;;
        --name)             LXC_NAME=$2; shift 2;;
        --path)             LXC_PATH=$2; shift 2;;
        --rootfs)           LXC_ROOTFS=$2; shift 2;;
        --mapped-uid)       LXC_MAPPED_UID=$2; shift 2;;
        --mapped-gid)       LXC_MAPPED_GID=$2; shift 2;;
        *)                  break;;
    esac
done

# Check for required binaries
for bin in tar xz wget; do
    if ! type $bin >/dev/null 2>&1; then
        echo "ERROR: Missing required tool: $bin" 1>&2
        exit 1
    fi
done

# Check for GPG
if [ "$DOWNLOAD_VALIDATE" = "true" ]; then
    if ! type gpg >/dev/null 2>&1; then
        echo "ERROR: Missing recommended tool: gpg" 1>&2
        echo "You can workaround this by using --no-validate." 1>&2
        exit 1
    fi
fi

# Check that we have all variables we need
if [ -z "$LXC_NAME" ] || [ -z "$LXC_PATH" ] || [ -z "$LXC_ROOTFS" ]; then
    if [ "$DOWNLOAD_LIST_IMAGES" != "true" ]; then
        echo "ERROR: Not running through LXC." 1>&2
        exit 1
    fi
fi

USERNS=$(in_userns)

if [ "$USERNS" != "no" ]; then
    if [ "$USERNS" = "yes" ]; then
        if [ -z "$LXC_MAPPED_UID" ] || [ "$LXC_MAPPED_UID" = "-1" ]; then
            echo "ERROR: In a user namespace without a map." 1>&2
            exit 1
        fi
        DOWNLOAD_MODE="user"
        DOWNLOAD_TARGET="user"
    else
        DOWNLOAD_MODE="user"
        DOWNLOAD_TARGET="system"
    fi
fi

if [ -z "$DOWNLOAD_DIST" ] || [ -z "$DOWNLOAD_RELEASE" ] || \
   [ -z "$DOWNLOAD_ARCH" ]; then
    DOWNLOAD_INTERACTIVE="true"
fi

# Trap all exit signals
trap cleanup EXIT HUP INT TERM

if ! type mktemp >/dev/null 2>&1; then
    DOWNLOAD_TEMP=/tmp/lxc-download.$$
    mkdir -p $DOWNLOAD_TEMP
else
    DOWNLOAD_TEMP=$(mktemp -d)
fi

# Simply list images
if [ "$DOWNLOAD_LIST_IMAGES" = "true" ] || \
   [ "$DOWNLOAD_INTERACTIVE" = "true" ]; then
    # Initialize GPG
    gpg_setup

    # Grab the index
    DOWNLOAD_INDEX_PATH=/meta/1.0/index-${DOWNLOAD_MODE}

    echo "Downloading the image index"
    if ! download_file ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL} \
         ${DOWNLOAD_TEMP}/index noexit ||
       ! download_sig ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc \
            ${DOWNLOAD_TEMP}/index.asc noexit; then
        download_file ${DOWNLOAD_INDEX_PATH} ${DOWNLOAD_TEMP}/index normal
        download_sig  ${DOWNLOAD_INDEX_PATH}.asc \
            ${DOWNLOAD_TEMP}/index.asc normal
    fi

    gpg_validate ${DOWNLOAD_TEMP}/index.asc

    # Parse it
    echo ""
    echo "---"
    printf "DIST\tRELEASE\tARCH\tVARIANT\tBUILD\n"
    echo "---"
    while read line; do
        # Basic CSV parser
        OLD_IFS=$IFS
        IFS=";"
        set -- $line
        IFS=$OLD_IFS

        [ -n "$DOWNLOAD_DIST" ] && [ "$1" != "$DOWNLOAD_DIST" ] && continue
        [ -n "$DOWNLOAD_RELEASE" ] && [ "$2" != "$DOWNLOAD_RELEASE" ] && continue
        [ -n "$DOWNLOAD_ARCH" ] && [ "$3" != "$DOWNLOAD_ARCH" ] && continue
        [ -n "$DOWNLOAD_VARIANT" ] && [ "$4" != "$DOWNLOAD_VARIANT" ] && continue
        [ -z "$5" ] || [ -z "$6" ] && continue

        printf "$1\t$2\t$3\t$4\t$5\n"
    done < ${DOWNLOAD_TEMP}/index
    echo "---"

    if [ "$DOWNLOAD_LIST_IMAGES" = "true" ]; then
        exit 1
    fi

    # Interactive mode
    echo ""

    if [ -z "$DOWNLOAD_DIST" ]; then
        echo -n "Distribution: "
        read DOWNLOAD_DIST
    fi

    if [ -z "$DOWNLOAD_RELEASE" ]; then
        echo -n "Release: "
        read DOWNLOAD_RELEASE
    fi

    if [ -z "$DOWNLOAD_ARCH" ]; then
        echo -n "Architecture: "
        read DOWNLOAD_ARCH
    fi

    echo ""
fi

# Setup the cache
if [ "$DOWNLOAD_TARGET" = "system" ]; then
    LXC_CACHE_BASE="$LOCALSTATEDIR/cache/lxc/"
else
    LXC_CACHE_BASE="$HOME/.cache/lxc/"
fi

LXC_CACHE_PATH="$LXC_CACHE_BASE/download/$DOWNLOAD_DIST"
LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_RELEASE/$DOWNLOAD_ARCH/"
LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_VARIANT"

if [ -d "$LXC_CACHE_PATH" ]; then
    if [ "$DOWNLOAD_FLUSH_CACHE" = "true" ]; then
        echo "Flushing the cache..."
        rm -Rf $LXC_CACHE_PATH
    elif [ "$DOWNLOAD_FORCE_CACHE" = "true" ]; then
        DOWNLOAD_USE_CACHE="true"
    else
        DOWNLOAD_USE_CACHE="true"
        if [ -e "$(relevant_file expiry)" ]; then
            if [ "$(cat $(relevant_file expiry))" -lt $(date +%s) ]; then
                echo "The cached copy has expired, re-downloading..."
                DOWNLOAD_USE_CACHE="false"
            fi
        fi
    fi
fi

# Download what's needed
if [ "$DOWNLOAD_USE_CACHE" = "false" ]; then
    # Initialize GPG
    gpg_setup

    # Grab the index
    DOWNLOAD_INDEX_PATH=/meta/1.0/index-${DOWNLOAD_MODE}

    echo "Downloading the image index"
    if ! download_file ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL} \
         ${DOWNLOAD_TEMP}/index noexit ||
       ! download_sig ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc \
            ${DOWNLOAD_TEMP}/index.asc noexit; then
        download_file ${DOWNLOAD_INDEX_PATH} ${DOWNLOAD_TEMP}/index normal
        download_sig  ${DOWNLOAD_INDEX_PATH}.asc \
            ${DOWNLOAD_TEMP}/index.asc normal
    fi

    gpg_validate ${DOWNLOAD_TEMP}/index.asc

    # Parse it
    while read line; do
        # Basic CSV parser
        OLD_IFS=$IFS
        IFS=";"
        set -- $line
        IFS=$OLD_IFS

        if [ "$1" != "$DOWNLOAD_DIST" ] || \
           [ "$2" != "$DOWNLOAD_RELEASE" ] || \
           [ "$3" != "$DOWNLOAD_ARCH" ] || \
           [ "$4" != "$DOWNLOAD_VARIANT" ] || \
           [ -z "$6" ]; then
            continue
        fi

        DOWNLOAD_BUILD=$5
        DOWNLOAD_URL=$6
        break
    done < ${DOWNLOAD_TEMP}/index

    if [ -z "$DOWNLOAD_URL" ]; then
        echo "ERROR: Couldn't find a matching image." 1>&1
        exit 1
    fi

    if [ -d "$LXC_CACHE_PATH" ] && [ -f "$LXC_CACHE_PATH/build_id" ] && \
       [ "$(cat $LXC_CACHE_PATH/build_id)" = "$DOWNLOAD_BUILD" ]; then
        echo "The cache is already up to date."
        echo "Using image from local cache"
    else
        # Download the actual files
        echo "Downloading the rootfs"
        download_file $DOWNLOAD_URL/rootfs.tar.xz \
            ${DOWNLOAD_TEMP}/rootfs.tar.xz normal
        download_sig  $DOWNLOAD_URL/rootfs.tar.xz.asc \
             ${DOWNLOAD_TEMP}/rootfs.tar.xz.asc normal
        gpg_validate ${DOWNLOAD_TEMP}/rootfs.tar.xz.asc

        echo "Downloading the metadata"
        download_file $DOWNLOAD_URL/meta.tar.xz \
            ${DOWNLOAD_TEMP}/meta.tar.xz normal
        download_sig  $DOWNLOAD_URL/meta.tar.xz.asc \
            ${DOWNLOAD_TEMP}/meta.tar.xz.asc normal
        gpg_validate ${DOWNLOAD_TEMP}/meta.tar.xz.asc

        if [ -d $LXC_CACHE_PATH ]; then
            rm -Rf $LXC_CACHE_PATH
        fi
        mkdir -p $LXC_CACHE_PATH
        mv ${DOWNLOAD_TEMP}/rootfs.tar.xz $LXC_CACHE_PATH
        if ! tar Jxf ${DOWNLOAD_TEMP}/meta.tar.xz -C $LXC_CACHE_PATH; then
            echo "ERROR: Invalid rootfs tarball." 2>&1
            exit 1
        fi

        echo $DOWNLOAD_BUILD > $LXC_CACHE_PATH/build_id

        if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
            chown -R $LXC_MAPPED_UID $LXC_CACHE_BASE >/dev/null 2>&1 || true
        fi
        if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
            chgrp -R $LXC_MAPPED_GID $LXC_CACHE_BASE >/dev/null 2>&1 || true
        fi
        echo "The image cache is now ready"
    fi
else
    echo "Using image from local cache"
fi

# Unpack the rootfs
echo "Unpacking the rootfs"

EXCLUDES=""
excludelist=$(relevant_file excludes)
if [ -f "${excludelist}" ]; then
    while read line; do
        EXCLUDES="$EXCLUDES --exclude=$line"
    done < $excludelist
fi

tar  --anchored ${EXCLUDES} --numeric-owner -xpJf \
    ${LXC_CACHE_PATH}/rootfs.tar.xz -C ${LXC_ROOTFS}

mkdir -p ${LXC_ROOTFS}/dev/pts/

# Setup the configuration
configfile=$(relevant_file config)
fstab=$(relevant_file fstab)
if [ ! -e $configfile ]; then
    echo "ERROR: meta tarball is missing the configuration file" 1>&2
    exit 1
fi

## Extract all the network config entries
sed -i -e "/lxc.network/{w ${LXC_PATH}/config-network" -e "d}" \
    ${LXC_PATH}/config

## Extract any other config entry
sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" ${LXC_PATH}/config

## Append the defaults
echo "" >> ${LXC_PATH}/config
echo "# Distribution configuration" >> ${LXC_PATH}/config
cat $configfile >> ${LXC_PATH}/config

## Add the container-specific config
echo "" >> ${LXC_PATH}/config
echo "# Container specific configuration" >> ${LXC_PATH}/config
if [ -e "${LXC_PATH}/config-auto" ]; then
    cat ${LXC_PATH}/config-auto >> ${LXC_PATH}/config
    rm ${LXC_PATH}/config-auto
fi
if [ -e "$fstab" ]; then
    echo "lxc.mount = ${LXC_PATH}/fstab" >> ${LXC_PATH}/config
fi
echo "lxc.utsname = ${LXC_NAME}" >> ${LXC_PATH}/config

## Re-add the previously removed network config
if [ -e "${LXC_PATH}/config-network" ]; then
    echo "" >> ${LXC_PATH}/config
    echo "# Network configuration" >> ${LXC_PATH}/config
    cat ${LXC_PATH}/config-network >> ${LXC_PATH}/config
    rm ${LXC_PATH}/config-network
fi

TEMPLATE_FILES="${LXC_PATH}/config"

# Setup the fstab
if [ -e $fstab ]; then
    cp ${fstab} ${LXC_PATH}/fstab
    TEMPLATE_FILES="$TEMPLATE_FILES ${LXC_PATH}/fstab"
fi

# Look for extra templates
if [ -e "$(relevant_file templates)" ]; then
    while read line; do
        fullpath=${LXC_ROOTFS}/$line
        [ ! -e "$fullpath" ] && continue
        TEMPLATE_FILES="$TEMPLATE_FILES $fullpath"
    done < $(relevant_file templates)
fi

# Replace variables in all templates
for file in $TEMPLATE_FILES; do
    [ ! -f "$file" ] && continue

    sed -i "s#LXC_NAME#$LXC_NAME#g" $file
    sed -i "s#LXC_PATH#$LXC_PATH#g" $file
    sed -i "s#LXC_ROOTFS#$LXC_ROOTFS#g" $file
    sed -i "s#LXC_TEMPLATE_CONFIG#$LXC_TEMPLATE_CONFIG#g" $file
    sed -i "s#LXC_HOOK_DIR#$LXC_HOOK_DIR#g" $file
done

# prevent mingetty from calling vhangup(2) since it fails with userns on Centos / Oracle
if [ -f ${LXC_ROOTFS}/etc/init/tty.conf ]; then
    sed -i 's|mingetty|mingetty --nohangup|' ${LXC_ROOTFS}/etc/init/tty.conf
fi

if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
    chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
fi
if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
    chgrp $LXC_MAPPED_GID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
fi

if [ -e "$(relevant_file create-message)" ]; then
    echo ""
    echo "---"
    cat "$(relevant_file create-message)"
fi

exit 0
Commit	Line	Data
71d3a659 SG	1	#!/bin/sh
	2
	3	# Client script for LXC container images.
	4	#
	5	# Copyright © 2014 Stéphane Graber <stgraber@ubuntu.com>
	6	#
	7	# This library is free software; you can redistribute it and/or
	8	# modify it under the terms of the GNU Lesser General Public
	9	# License as published by the Free Software Foundation; either
	10	# version 2.1 of the License, or (at your option) any later version.
	11
	12	# This library is distributed in the hope that it will be useful,
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	# Lesser General Public License for more details.
	16
	17	# You should have received a copy of the GNU Lesser General Public
	18	# License along with this library; if not, write to the Free Software
	19	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
	20	# USA
	21
	22	set -eu
	23
71d3a659	24	LOCALSTATEDIR="@LOCALSTATEDIR@"
f74e080c SG	25	LXC_HOOK_DIR="@LXCHOOKDIR@"
f74e080c SG	26	LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
71d3a659 SG	27
71d3a659 SG	28	# Defaults
71d3a659	29	DOWNLOAD_ARCH=
f74e080c	30	DOWNLOAD_BUILD=
ce7aee4d	31	DOWNLOAD_COMPAT_LEVEL=2
f74e080c	32	DOWNLOAD_DIST=
71d3a659	33	DOWNLOAD_FLUSH_CACHE="false"
41670b35	34	DOWNLOAD_FORCE_CACHE="false"
f74e080c SG	35	DOWNLOAD_INTERACTIVE="false"
	36	DOWNLOAD_KEYID="0xBAEFF88C22F6E216"
	37	DOWNLOAD_KEYSERVER="hkp://pool.sks-keyservers.net"
	38	DOWNLOAD_LIST_IMAGES="false"
71d3a659	39	DOWNLOAD_MODE="system"
b0f0932a	40	DOWNLOAD_READY_GPG="false"
f74e080c SG	41	DOWNLOAD_RELEASE=
	42	DOWNLOAD_SERVER="images.linuxcontainers.org"
	43	DOWNLOAD_SHOW_GPG_WARNING="true"
	44	DOWNLOAD_SHOW_HTTP_WARNING="true"
	45	DOWNLOAD_TARGET="system"
	46	DOWNLOAD_URL=
	47	DOWNLOAD_USE_CACHE="false"
	48	DOWNLOAD_VALIDATE="true"
	49	DOWNLOAD_VARIANT="default"
71d3a659	50
f74e080c SG	51	LXC_MAPPED_GID=
f74e080c SG	52	LXC_MAPPED_UID=
71d3a659 SG	53	LXC_NAME=
	54	LXC_PATH=
	55	LXC_ROOTFS=
71d3a659	56
4eb706b3 SG	57	# Deal with GPG over http proxy
4eb706b3 SG	58	if [ -n "${http_proxy:-}" ]; then
ef9512b4	59	DOWNLOAD_KEYSERVER="hkp://p80.pool.sks-keyservers.net:80"
4eb706b3 SG	60	fi
4eb706b3 SG	61
207bf0e4 SG	62	# Make sure the usual locations are in PATH
	63	export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
	64
71d3a659 SG	65	# Some useful functions
	66	cleanup() {
	67	if [ -d "$DOWNLOAD_TEMP" ]; then
	68	rm -Rf $DOWNLOAD_TEMP
	69	fi
	70	}
	71
acabe1fa SG	72	wget_wrapper() {
	73	for i in $(seq 3); do
	74	if wget $@; then
	75	return 0
	76	fi
	77	done
	78
	79	return 1
	80	}
	81
71d3a659	82	download_file() {
acabe1fa SG	83	if ! wget_wrapper -T 30 -q https://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
acabe1fa SG	84	if ! wget_wrapper -T 30 -q http://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
71d3a659 SG	85	if [ "$3" = "noexit" ]; then
	86	return 1
	87	else
fad96766	88	echo "ERROR: Failed to download http://${DOWNLOAD_SERVER}/$1" 1>&2
71d3a659 SG	89	exit 1
	90	fi
	91	elif [ "$DOWNLOAD_SHOW_HTTP_WARNING" = "true" ]; then
	92	DOWNLOAD_SHOW_HTTP_WARNING="false"
	93	echo "WARNING: Failed to download the file over HTTPs." 1>&2
	94	echo -n " The file was instead download over HTTP. " 1>&2
	95	echo "A server replay attack may be possible!" 1>&2
	96	fi
	97	fi
	98	}
	99
fad96766	100	download_sig() {
33aa351a SG	101	if ! download_file $1 $2 noexit; then
	102	if [ "$DOWNLOAD_VALIDATE" = "true" ]; then
	103	if [ "$3" = "normal" ]; then
	104	echo "ERROR: Failed to download http://${DOWNLOAD_SERVER}/$1" 1>&2
	105	exit 1
	106	else
	107	return 1
	108	fi
	109	else
	110	return 0
	111	fi
fad96766 DE	112	fi
	113	}
	114
71d3a659 SG	115	gpg_setup() {
	116	if [ "$DOWNLOAD_VALIDATE" = "false" ]; then
	117	return
	118	fi
	119
b0f0932a SG	120	if [ "$DOWNLOAD_READY_GPG" = "true" ]; then
	121	return
	122	fi
	123
71d3a659 SG	124	echo "Setting up the GPG keyring"
	125
	126	mkdir -p "$DOWNLOAD_TEMP/gpg"
	127	chmod 700 "$DOWNLOAD_TEMP/gpg"
	128	export GNUPGHOME="$DOWNLOAD_TEMP/gpg"
809a1539 SG	129
	130	success=
	131	for i in $(seq 3); do
	132	if gpg --keyserver $DOWNLOAD_KEYSERVER \
71d3a659	133	--recv-keys ${DOWNLOAD_KEYID} >/dev/null 2>&1; then
809a1539 SG	134	success=1
	135	break
	136	fi
	137	done
	138
	139	if [ -z "$success" ]; then
71d3a659 SG	140	echo "ERROR: Unable to fetch GPG key from keyserver."
	141	exit 1
	142	fi
b0f0932a SG	143
b0f0932a SG	144	DOWNLOAD_READY_GPG="true"
71d3a659 SG	145	}
	146
	147	gpg_validate() {
	148	if [ "$DOWNLOAD_VALIDATE" = "false" ]; then
	149	if [ "$DOWNLOAD_SHOW_GPG_WARNING" = "true" ]; then
	150	echo "WARNING: Running without gpg validation!" 1>&2
	151	fi
	152	DOWNLOAD_SHOW_GPG_WARNING="false"
	153	return 0
	154	fi
	155
	156	if ! gpg --verify $1 >/dev/zero 2>&1; then
	157	echo "ERROR: Invalid signature for $1" 1>&2
	158	exit 1
	159	fi
	160	}
	161
	162	in_userns() {
	163	[ -e /proc/self/uid_map ] \|\| { echo no; return; }
9f15e86a SG	164	while read line; do
	165	fields=$(echo $line \| awk '{ print $1 " " $2 " " $3 }')
	166	[ "$fields" = "0 0 4294967295" ] && { echo no; return; } \|\| true
	167	echo $fields \| grep -q " 0 1$" && { echo userns-root; return; } \|\| true
	168	done < /proc/self/uid_map
a1b6244e	169
f74e080c SG	170	[ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
f74e080c SG	171	{ echo userns-root; return; }
71d3a659 SG	172	echo yes
	173	}
	174
	175	relevant_file() {
	176	FILE_PATH="${LXC_CACHE_PATH}/$1"
	177	if [ -e "${FILE_PATH}-${DOWNLOAD_MODE}" ]; then
	178	FILE_PATH="${FILE_PATH}-${DOWNLOAD_MODE}"
	179	fi
	180	if [ -e "$FILE_PATH.${DOWNLOAD_COMPAT_LEVEL}" ]; then
	181	FILE_PATH="${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}"
	182	fi
	183
	184	echo $FILE_PATH
	185	}
	186
	187	usage() {
	188	cat <<EOF
	189	LXC container image downloader
	190
7d540a26 MA	191	Special arguments:
	192	[ -h \| --help ]: Print this help message and exit.
	193	[ -l \| --list ]: List all available images and exit.
	194
71d3a659 SG	195	Required arguments:
	196	[ -d \| --dist <distribution> ]: The name of the distribution
	197	[ -r \| --release <release> ]: Release name/version
	198	[ -a \| --arch <architecture> ]: Architecture of the container
71d3a659 SG	199
	200	Optional arguments:
	201	[ --variant <variant> ]: Variant of the image (default: "default")
	202	[ --server <server> ]: Image server (default: "images.linuxcontainers.org")
	203	[ --keyid <keyid> ]: GPG keyid (default: 0x...)
	204	[ --keyserver <keyserver> ]: GPG keyserver to use
	205	[ --no-validate ]: Disable GPG validation (not recommended)
	206	[ --flush-cache ]: Flush the local copy (if present)
e145b7bb	207	[ --force-cache ]: Force the use of the local copy even if expired
71d3a659 SG	208
	209	LXC internal arguments (do not pass manually!):
	210	[ --name <name> ]: The container name
	211	[ --path <path> ]: The path to the container
	212	[ --rootfs <rootfs> ]: The path to the container's rootfs
2133f58c SH	213	[ --mapped-uid <map> ]: A uid map (user namespaces)
2133f58c SH	214	[ --mapped-gid <map> ]: A gid map (user namespaces)
71d3a659 SG	215	EOF
	216	return 0
	217	}
	218
10a5fab6	219	options=$(getopt -o d:r:a:hl -l dist:,release:,arch:,help,list,variant:,\
3cd988cc	220	server:,keyid:,keyserver:,no-validate,flush-cache,force-cache,name:,path:,\
2133f58c	221	rootfs:,mapped-uid:,mapped-gid: -- "$@")
71d3a659 SG	222
	223	if [ $? -ne 0 ]; then
	224	usage
	225	exit 1
	226	fi
	227	eval set -- "$options"
	228
	229	while :; do
	230	case "$1" in
10a5fab6 SG	231	-h\|--help) usage && exit 1;;
10a5fab6 SG	232	-l\|--list) DOWNLOAD_LIST_IMAGES="true"; shift 1;;
71d3a659 SG	233	-d\|--dist) DOWNLOAD_DIST=$2; shift 2;;
	234	-r\|--release) DOWNLOAD_RELEASE=$2; shift 2;;
	235	-a\|--arch) DOWNLOAD_ARCH=$2; shift 2;;
	236	--variant) DOWNLOAD_VARIANT=$2; shift 2;;
	237	--server) DOWNLOAD_SERVER=$2; shift 2;;
	238	--keyid) DOWNLOAD_KEYID=$2; shift 2;;
3cd988cc	239	--keyserver) DOWNLOAD_KEYSERVER=$2; shift 2;;
71d3a659 SG	240	--no-validate) DOWNLOAD_VALIDATE="false"; shift 1;;
71d3a659 SG	241	--flush-cache) DOWNLOAD_FLUSH_CACHE="true"; shift 1;;
9accc2ef	242	--force-cache) DOWNLOAD_FORCE_CACHE="true"; shift 1;;
71d3a659 SG	243	--name) LXC_NAME=$2; shift 2;;
	244	--path) LXC_PATH=$2; shift 2;;
	245	--rootfs) LXC_ROOTFS=$2; shift 2;;
	246	--mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
2133f58c	247	--mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
71d3a659 SG	248	*) break;;
	249	esac
	250	done
	251
	252	# Check for required binaries
	253	for bin in tar xz wget; do
	254	if ! type $bin >/dev/null 2>&1; then
	255	echo "ERROR: Missing required tool: $bin" 1>&2
	256	exit 1
	257	fi
	258	done
	259
	260	# Check for GPG
	261	if [ "$DOWNLOAD_VALIDATE" = "true" ]; then
	262	if ! type gpg >/dev/null 2>&1; then
	263	echo "ERROR: Missing recommended tool: gpg" 1>&2
	264	echo "You can workaround this by using --no-validate." 1>&2
	265	exit 1
	266	fi
	267	fi
	268
	269	# Check that we have all variables we need
	270	if [ -z "$LXC_NAME" ] \|\| [ -z "$LXC_PATH" ] \|\| [ -z "$LXC_ROOTFS" ]; then
308f4f39 MA	271	if [ "$DOWNLOAD_LIST_IMAGES" != "true" ]; then
	272	echo "ERROR: Not running through LXC." 1>&2
	273	exit 1
	274	fi
71d3a659 SG	275	fi
71d3a659 SG	276
f74e080c SG	277	USERNS=$(in_userns)
	278
	279	if [ "$USERNS" != "no" ]; then
	280	if [ "$USERNS" = "yes" ]; then
	281	if [ -z "$LXC_MAPPED_UID" ] \|\| [ "$LXC_MAPPED_UID" = "-1" ]; then
	282	echo "ERROR: In a user namespace without a map." 1>&2
	283	exit 1
	284	fi
	285	DOWNLOAD_MODE="user"
	286	DOWNLOAD_TARGET="user"
	287	else
	288	DOWNLOAD_MODE="user"
	289	DOWNLOAD_TARGET="system"
71d3a659	290	fi
71d3a659 SG	291	fi
71d3a659 SG	292
b0f0932a SG	293	if [ -z "$DOWNLOAD_DIST" ] \|\| [ -z "$DOWNLOAD_RELEASE" ] \|\| \
	294	[ -z "$DOWNLOAD_ARCH" ]; then
	295	DOWNLOAD_INTERACTIVE="true"
71d3a659 SG	296	fi
	297
	298	# Trap all exit signals
	299	trap cleanup EXIT HUP INT TERM
843a5874 SG	300
	301	if ! type mktemp >/dev/null 2>&1; then
	302	DOWNLOAD_TEMP=/tmp/lxc-download.$$
	303	mkdir -p $DOWNLOAD_TEMP
	304	else
	305	DOWNLOAD_TEMP=$(mktemp -d)
	306	fi
71d3a659	307
10a5fab6	308	# Simply list images
b0f0932a SG	309	if [ "$DOWNLOAD_LIST_IMAGES" = "true" ] \|\| \
b0f0932a SG	310	[ "$DOWNLOAD_INTERACTIVE" = "true" ]; then
10a5fab6 SG	311	# Initialize GPG
	312	gpg_setup
	313
	314	# Grab the index
	315	DOWNLOAD_INDEX_PATH=/meta/1.0/index-${DOWNLOAD_MODE}
	316
	317	echo "Downloading the image index"
	318	if ! download_file ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL} \
	319	${DOWNLOAD_TEMP}/index noexit \|\|
	320	! download_sig ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc \
	321	${DOWNLOAD_TEMP}/index.asc noexit; then
	322	download_file ${DOWNLOAD_INDEX_PATH} ${DOWNLOAD_TEMP}/index normal
	323	download_sig ${DOWNLOAD_INDEX_PATH}.asc \
	324	${DOWNLOAD_TEMP}/index.asc normal
	325	fi
	326
	327	gpg_validate ${DOWNLOAD_TEMP}/index.asc
	328
	329	# Parse it
	330	echo ""
	331	echo "---"
96283b54	332	printf "DIST\tRELEASE\tARCH\tVARIANT\tBUILD\n"
10a5fab6 SG	333	echo "---"
	334	while read line; do
	335	# Basic CSV parser
	336	OLD_IFS=$IFS
	337	IFS=";"
	338	set -- $line
	339	IFS=$OLD_IFS
	340
	341	[ -n "$DOWNLOAD_DIST" ] && [ "$1" != "$DOWNLOAD_DIST" ] && continue
	342	[ -n "$DOWNLOAD_RELEASE" ] && [ "$2" != "$DOWNLOAD_RELEASE" ] && continue
	343	[ -n "$DOWNLOAD_ARCH" ] && [ "$3" != "$DOWNLOAD_ARCH" ] && continue
	344	[ -n "$DOWNLOAD_VARIANT" ] && [ "$4" != "$DOWNLOAD_VARIANT" ] && continue
	345	[ -z "$5" ] \|\| [ -z "$6" ] && continue
	346
96283b54	347	printf "$1\t$2\t$3\t$4\t$5\n"
10a5fab6 SG	348	done < ${DOWNLOAD_TEMP}/index
	349	echo "---"
	350
b0f0932a SG	351	if [ "$DOWNLOAD_LIST_IMAGES" = "true" ]; then
	352	exit 1
	353	fi
	354
	355	# Interactive mode
	356	echo ""
	357
	358	if [ -z "$DOWNLOAD_DIST" ]; then
	359	echo -n "Distribution: "
	360	read DOWNLOAD_DIST
	361	fi
	362
	363	if [ -z "$DOWNLOAD_RELEASE" ]; then
	364	echo -n "Release: "
	365	read DOWNLOAD_RELEASE
	366	fi
	367
	368	if [ -z "$DOWNLOAD_ARCH" ]; then
	369	echo -n "Architecture: "
	370	read DOWNLOAD_ARCH
	371	fi
	372
	373	echo ""
10a5fab6 SG	374	fi
10a5fab6 SG	375
71d3a659	376	# Setup the cache
f74e080c	377	if [ "$DOWNLOAD_TARGET" = "system" ]; then
b56661fe	378	LXC_CACHE_BASE="$LOCALSTATEDIR/cache/lxc/"
71d3a659 SG	379	else
71d3a659 SG	380	LXC_CACHE_BASE="$HOME/.cache/lxc/"
71d3a659 SG	381	fi
71d3a659 SG	382
b56661fe SG	383	LXC_CACHE_PATH="$LXC_CACHE_BASE/download/$DOWNLOAD_DIST"
	384	LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_RELEASE/$DOWNLOAD_ARCH/"
	385	LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_VARIANT"
	386
71d3a659 SG	387	if [ -d "$LXC_CACHE_PATH" ]; then
	388	if [ "$DOWNLOAD_FLUSH_CACHE" = "true" ]; then
	389	echo "Flushing the cache..."
	390	rm -Rf $LXC_CACHE_PATH
9accc2ef SG	391	elif [ "$DOWNLOAD_FORCE_CACHE" = "true" ]; then
9accc2ef SG	392	DOWNLOAD_USE_CACHE="true"
71d3a659 SG	393	else
	394	DOWNLOAD_USE_CACHE="true"
	395	if [ -e "$(relevant_file expiry)" ]; then
	396	if [ "$(cat $(relevant_file expiry))" -lt $(date +%s) ]; then
	397	echo "The cached copy has expired, re-downloading..."
	398	DOWNLOAD_USE_CACHE="false"
71d3a659 SG	399	fi
	400	fi
	401	fi
	402	fi
	403
	404	# Download what's needed
	405	if [ "$DOWNLOAD_USE_CACHE" = "false" ]; then
	406	# Initialize GPG
	407	gpg_setup
	408
	409	# Grab the index
	410	DOWNLOAD_INDEX_PATH=/meta/1.0/index-${DOWNLOAD_MODE}
	411
	412	echo "Downloading the image index"
	413	if ! download_file ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL} \
	414	${DOWNLOAD_TEMP}/index noexit \|\|
33aa351a	415	! download_sig ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc \
71d3a659 SG	416	${DOWNLOAD_TEMP}/index.asc noexit; then
71d3a659 SG	417	download_file ${DOWNLOAD_INDEX_PATH} ${DOWNLOAD_TEMP}/index normal
fad96766	418	download_sig ${DOWNLOAD_INDEX_PATH}.asc \
33aa351a	419	${DOWNLOAD_TEMP}/index.asc normal
71d3a659 SG	420	fi
	421
	422	gpg_validate ${DOWNLOAD_TEMP}/index.asc
	423
	424	# Parse it
	425	while read line; do
	426	# Basic CSV parser
	427	OLD_IFS=$IFS
	428	IFS=";"
	429	set -- $line
	430	IFS=$OLD_IFS
	431
	432	if [ "$1" != "$DOWNLOAD_DIST" ] \|\| \
	433	[ "$2" != "$DOWNLOAD_RELEASE" ] \|\| \
	434	[ "$3" != "$DOWNLOAD_ARCH" ] \|\| \
	435	[ "$4" != "$DOWNLOAD_VARIANT" ] \|\| \
	436	[ -z "$6" ]; then
	437	continue
	438	fi
	439
9accc2ef	440	DOWNLOAD_BUILD=$5
71d3a659 SG	441	DOWNLOAD_URL=$6
	442	break
	443	done < ${DOWNLOAD_TEMP}/index
	444
	445	if [ -z "$DOWNLOAD_URL" ]; then
	446	echo "ERROR: Couldn't find a matching image." 1>&1
	447	exit 1
	448	fi
	449
9accc2ef SG	450	if [ -d "$LXC_CACHE_PATH" ] && [ -f "$LXC_CACHE_PATH/build_id" ] && \
	451	[ "$(cat $LXC_CACHE_PATH/build_id)" = "$DOWNLOAD_BUILD" ]; then
	452	echo "The cache is already up to date."
	453	echo "Using image from local cache"
	454	else
	455	# Download the actual files
	456	echo "Downloading the rootfs"
	457	download_file $DOWNLOAD_URL/rootfs.tar.xz \
	458	${DOWNLOAD_TEMP}/rootfs.tar.xz normal
	459	download_sig $DOWNLOAD_URL/rootfs.tar.xz.asc \
	460	${DOWNLOAD_TEMP}/rootfs.tar.xz.asc normal
	461	gpg_validate ${DOWNLOAD_TEMP}/rootfs.tar.xz.asc
	462
	463	echo "Downloading the metadata"
	464	download_file $DOWNLOAD_URL/meta.tar.xz \
	465	${DOWNLOAD_TEMP}/meta.tar.xz normal
	466	download_sig $DOWNLOAD_URL/meta.tar.xz.asc \
	467	${DOWNLOAD_TEMP}/meta.tar.xz.asc normal
	468	gpg_validate ${DOWNLOAD_TEMP}/meta.tar.xz.asc
	469
	470	if [ -d $LXC_CACHE_PATH ]; then
	471	rm -Rf $LXC_CACHE_PATH
	472	fi
	473	mkdir -p $LXC_CACHE_PATH
	474	mv ${DOWNLOAD_TEMP}/rootfs.tar.xz $LXC_CACHE_PATH
	475	if ! tar Jxf ${DOWNLOAD_TEMP}/meta.tar.xz -C $LXC_CACHE_PATH; then
	476	echo "ERROR: Invalid rootfs tarball." 2>&1
	477	exit 1
	478	fi
71d3a659	479
9accc2ef SG	480	echo $DOWNLOAD_BUILD > $LXC_CACHE_PATH/build_id
	481
	482	if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
0d656b05	483	chown -R $LXC_MAPPED_UID $LXC_CACHE_BASE >/dev/null 2>&1 \|\| true
9accc2ef	484	fi
2133f58c SH	485	if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
	486	chgrp -R $LXC_MAPPED_GID $LXC_CACHE_BASE >/dev/null 2>&1 \|\| true
	487	fi
9accc2ef	488	echo "The image cache is now ready"
71d3a659	489	fi
71d3a659 SG	490	else
	491	echo "Using image from local cache"
	492	fi
	493
	494	# Unpack the rootfs
	495	echo "Unpacking the rootfs"
fecf101c SG	496
	497	EXCLUDES=""
	498	excludelist=$(relevant_file excludes)
	499	if [ -f "${excludelist}" ]; then
	500	while read line; do
	501	EXCLUDES="$EXCLUDES --exclude=$line"
	502	done < $excludelist
71d3a659 SG	503	fi
71d3a659 SG	504
fecf101c SG	505	tar --anchored ${EXCLUDES} --numeric-owner -xpJf \
	506	${LXC_CACHE_PATH}/rootfs.tar.xz -C ${LXC_ROOTFS}
	507
	508	mkdir -p ${LXC_ROOTFS}/dev/pts/
	509
71d3a659 SG	510	# Setup the configuration
	511	configfile=$(relevant_file config)
	512	fstab=$(relevant_file fstab)
	513	if [ ! -e $configfile ]; then
	514	echo "ERROR: meta tarball is missing the configuration file" 1>&2
	515	exit 1
	516	fi
	517
	518	## Extract all the network config entries
	519	sed -i -e "/lxc.network/{w ${LXC_PATH}/config-network" -e "d}" \
	520	${LXC_PATH}/config
	521
	522	## Extract any other config entry
	523	sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" ${LXC_PATH}/config
	524
	525	## Append the defaults
	526	echo "" >> ${LXC_PATH}/config
	527	echo "# Distribution configuration" >> ${LXC_PATH}/config
	528	cat $configfile >> ${LXC_PATH}/config
	529
	530	## Add the container-specific config
	531	echo "" >> ${LXC_PATH}/config
	532	echo "# Container specific configuration" >> ${LXC_PATH}/config
	533	if [ -e "${LXC_PATH}/config-auto" ]; then
	534	cat ${LXC_PATH}/config-auto >> ${LXC_PATH}/config
	535	rm ${LXC_PATH}/config-auto
	536	fi
	537	if [ -e "$fstab" ]; then
	538	echo "lxc.mount = ${LXC_PATH}/fstab" >> ${LXC_PATH}/config
	539	fi
	540	echo "lxc.utsname = ${LXC_NAME}" >> ${LXC_PATH}/config
	541
	542	## Re-add the previously removed network config
	543	if [ -e "${LXC_PATH}/config-network" ]; then
	544	echo "" >> ${LXC_PATH}/config
	545	echo "# Network configuration" >> ${LXC_PATH}/config
	546	cat ${LXC_PATH}/config-network >> ${LXC_PATH}/config
	547	rm ${LXC_PATH}/config-network
	548	fi
	549
	550	TEMPLATE_FILES="${LXC_PATH}/config"
	551
	552	# Setup the fstab
	553	if [ -e $fstab ]; then
	554	cp ${fstab} ${LXC_PATH}/fstab
	555	TEMPLATE_FILES="$TEMPLATE_FILES ${LXC_PATH}/fstab"
	556	fi
	557
	558	# Look for extra templates
	559	if [ -e "$(relevant_file templates)" ]; then
	560	while read line; do
	561	fullpath=${LXC_ROOTFS}/$line
	562	[ ! -e "$fullpath" ] && continue
	563	TEMPLATE_FILES="$TEMPLATE_FILES $fullpath"
	564	done < $(relevant_file templates)
	565	fi
	566
	567	# Replace variables in all templates
	568	for file in $TEMPLATE_FILES; do
fad96766	569	[ ! -f "$file" ] && continue
71d3a659 SG	570
	571	sed -i "s#LXC_NAME#$LXC_NAME#g" $file
	572	sed -i "s#LXC_PATH#$LXC_PATH#g" $file
	573	sed -i "s#LXC_ROOTFS#$LXC_ROOTFS#g" $file
	574	sed -i "s#LXC_TEMPLATE_CONFIG#$LXC_TEMPLATE_CONFIG#g" $file
	575	sed -i "s#LXC_HOOK_DIR#$LXC_HOOK_DIR#g" $file
	576	done
	577
6e53ca56 SC	578	# prevent mingetty from calling vhangup(2) since it fails with userns on Centos / Oracle
	579	if [ -f ${LXC_ROOTFS}/etc/init/tty.conf ]; then
	580	sed -i 's\|mingetty\|mingetty --nohangup\|' ${LXC_ROOTFS}/etc/init/tty.conf
	581	fi
	582
71d3a659	583	if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
0d656b05	584	chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 \|\| true
71d3a659	585	fi
2133f58c SH	586	if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then
	587	chgrp $LXC_MAPPED_GID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 \|\| true
	588	fi
71d3a659 SG	589
	590	if [ -e "$(relevant_file create-message)" ]; then
	591	echo ""
	592	echo "---"
	593	cat "$(relevant_file create-message)"
	594	fi
	595
	596	exit 0