]>
git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-alpine.in
3 # Detect use under userns (unsupported)
5 [ "$arg" = "--" ] && break
6 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
7 echo "This template can't be used for unprivileged containers." 1>&2
8 echo "You may want to try the \"download\" template instead." 1>&2
13 # Make sure the usual locations are in PATH
14 PATH
=$PATH:/usr
/sbin
:/usr
/bin
:/sbin
:/bin
17 key_sha256sums
="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
18 2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub
19 ebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
20 1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
21 12f899e55a7691225603d6fb3324940fc51cd7f133e7ead788663c2b7eecb00c alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub"
26 pkglist
=alpine-keys
:apk-tools-static
29 if [ -z "$repository" ]; then
30 url
=http
://wiki.alpinelinux.org
/cgi-bin
/dl.cgi
31 yaml_path
="latest-stable/releases/$apk_arch/latest-releases.yaml"
32 if [ -z "$release" ]; then
33 echo -n "Determining the latest release... "
34 release
=$
($wget $url/$yaml_path | \
35 awk '$1 == "branch:" {print $2; exit 0}')
36 if [ -z "$release" ]; then
37 release
=$
($wget $url/.latest.
$apk_arch.txt | \
38 cut
-d " " -f 3 | cut
-d / -f 1 |
uniq)
40 if [ -z "$release" ]; then
46 auto_repo_dir
=$release/main
47 repository
=$url/$auto_repo_dir
48 pkglist
=$pkglist:alpine-mirrors
52 echo "Using static apk from $repository/$apk_arch"
53 wget
="$wget $repository/$apk_arch"
55 # parse APKINDEX to find the current versions
56 static_pkgs
=$
($wget/APKINDEX.
tar.gz | \
58 awk -F: -v pkglist
=$pkglist '
59 BEGIN { split(pkglist,pkg) }
60 $0 != "" { f[$1] = $2 }
61 $0 == "" { for (i in pkg)
63 print(f["P"] "-" f["V"] ".apk") }')
64 [ "$static_pkgs" ] ||
return 1
66 mkdir
-p "$rootfs" ||
return 1
67 for pkg
in $static_pkgs; do
68 echo "Downloading $pkg"
69 $wget/$pkg |
tar -xz -C "$rootfs"
72 # clean up .apk meta files
73 rm -f "$rootfs"/.
[A-Z
]*
75 # verify checksum of the key
76 keyname
=$
(echo $rootfs/sbin
/apk.static.
*.pub |
sed 's/.*\.SIGN\.RSA\.//')
77 checksum
=$
(echo "$key_sha256sums" |
grep -w "$keyname")
78 if [ -z "$checksum" ]; then
79 echo "ERROR: checksum is missing for $keyname"
82 (cd $rootfs/etc
/apk
/keys
&& echo "$checksum" | sha256sum
-c -) ||
return 1
84 # verify the static apk binary signature
85 APK
=$rootfs/sbin
/apk.static
86 openssl dgst
-verify $rootfs/etc
/apk
/keys
/$keyname \
87 -signature "$APK.SIGN.RSA.$keyname" "$APK" ||
return 1
89 if [ "$auto_repo_dir" ]; then
90 mirror_list
=$rootfs/usr
/share
/alpine-mirrors
/MIRRORS.txt
91 mirror_count
=$
(wc -l $mirror_list | cut
-d " " -f 1)
92 random
=$
(hexdump -n 2 -e '/2 "%u"' /dev
/urandom
)
93 repository
=$
(sed $
(expr $random % $mirror_count + 1)\
!d \
94 $mirror_list)$auto_repo_dir
95 echo "Selecting mirror $repository"
102 mkdir
-p "$rootfs"/etc
/apk ||
return 1
103 : ${keys_dir:=/etc/apk/keys}
104 if ! [ -d "$rootfs"/etc
/apk
/keys
] && [ -d "$keys_dir" ]; then
105 cp -r "$keys_dir" "$rootfs"/etc
/apk
/keys
107 if [ -n "$repository" ]; then
108 echo "$repository" > "$rootfs"/etc
/apk
/repositories
110 cp /etc
/apk
/repositories
"$rootfs"/etc
/apk
/repositories ||
return 1
111 if [ -n "$release" ]; then
112 sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
113 "$rootfs"/etc
/apk
/repositories
117 if [ -n "$apk_arch" ]; then
118 opt_arch
="--arch $apk_arch"
120 $APK add
-U --initdb --root $rootfs $opt_arch "$@" alpine-base
125 echo "Setting up /etc/inittab"
126 cat >"$rootfs"/etc
/inittab
<<EOF
127 ::sysinit:/sbin/rc sysinit
128 ::wait:/sbin/rc default
129 console:12345:respawn:/sbin/getty 38400 console
130 tty1:12345:respawn:/sbin/getty 38400 tty1
131 tty2:12345:respawn:/sbin/getty 38400 tty2
132 tty3:12345:respawn:/sbin/getty 38400 tty3
133 tty4:12345:respawn:/sbin/getty 38400 tty4
134 ::ctrlaltdel:/sbin/reboot
135 ::shutdown:/sbin/rc shutdown
138 if [ -f /etc
/TZ
]; then
139 cp /etc
/TZ
"$rootfs/etc/TZ"
143 grep nameserver
/etc
/resolv.conf
> "$rootfs/etc/resolv.conf"
145 # configure the network using the dhcp
146 cat <<EOF > $rootfs/etc/network/interfaces
148 iface lo inet loopback
155 echo $hostname > $rootfs/etc
/hostname
157 # missing device nodes
158 echo "Setting up device nodes"
159 mkdir
-p -m 755 "$rootfs/dev/pts"
160 mkdir
-p -m 1777 "$rootfs/dev/shm"
161 mknod
-m 666 "$rootfs/dev/zero" c
1 5
162 mknod
-m 666 "$rootfs/dev/full" c
1 7
163 mknod
-m 666 "$rootfs/dev/random" c
1 8
164 mknod
-m 666 "$rootfs/dev/urandom" c
1 9
165 mknod
-m 666 "$rootfs/dev/tty0" c
4 0
166 mknod
-m 666 "$rootfs/dev/tty1" c
4 1
167 mknod
-m 666 "$rootfs/dev/tty2" c
4 2
168 mknod
-m 666 "$rootfs/dev/tty3" c
4 3
169 mknod
-m 666 "$rootfs/dev/tty4" c
4 4
170 # mknod -m 600 "$rootfs/dev/initctl" p
171 mknod
-m 666 "$rootfs/dev/tty" c
5 0
172 mknod
-m 666 "$rootfs/dev/console" c
5 1
173 mknod
-m 666 "$rootfs/dev/ptmx" c
5 2
176 ln -s /etc
/init.d
/bootmisc
"$rootfs"/etc
/runlevels
/boot
/bootmisc
177 ln -s /etc
/init.d
/syslog
"$rootfs"/etc
/runlevels
/boot
/syslog
182 copy_configuration
() {
187 grep -q "^lxc.rootfs" $path/config
2>/dev
/null \
188 ||
echo "lxc.rootfs = $rootfs" >> $path/config
189 if [ -n "$lxc_arch" ]; then
190 echo "lxc.arch = $lxc_arch" >> $path/config
193 lxc_network_link_line
="# lxc.network.link = br0"
194 for br
in lxcbr0 virbr0 br0
; do
195 if [ -d /sys
/class
/net
/$br/bridge
]; then
196 lxc_network_link_line
="lxc.network.link = $br"
201 if ! grep -q "^lxc.network.type" $path/config
2>/dev
/null
; then
202 cat <<EOF >> $path/config
203 lxc.network.type = veth
204 $lxc_network_link_line
205 lxc.network.flags = up
209 # if there is exactly one veth or macvlan network entry, make sure
210 # it has an associated mac address.
211 nics
=$
(awk -F '[ \t]*=[ \t]*' \
212 '$1=="lxc.network.type" && ($2=="veth" || $2=="macvlan") {print $2}' \
213 $path/config |
wc -l)
214 if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config
; then
215 # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
216 hwaddr
="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
217 head -n 1 |awk '{print $2}' | cut -c1-10 |\
218 sed 's/\(..\)/\1:/g; s/.$//')"
219 echo "lxc.network.hwaddr = $hwaddr" >> $path/config
222 cat <<EOF >> $path/config
226 lxc.utsname = $hostname
227 lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
229 # When using LXC with apparmor, uncomment the next line to run unconfined:
230 #lxc.aa_profile = unconfined
233 lxc.cgroup.devices.deny = a
234 # /dev/null, zero and full
235 lxc.cgroup.devices.allow = c 1:3 rwm
236 lxc.cgroup.devices.allow = c 1:5 rwm
237 lxc.cgroup.devices.allow = c 1:7 rwm
239 lxc.cgroup.devices.allow = c 5:1 rwm
240 lxc.cgroup.devices.allow = c 5:0 rwm
241 lxc.cgroup.devices.allow = c 4:0 rwm
242 lxc.cgroup.devices.allow = c 4:1 rwm
244 lxc.cgroup.devices.allow = c 1:9 rwm
245 lxc.cgroup.devices.allow = c 1:8 rwm
246 lxc.cgroup.devices.allow = c 136:* rwm
247 lxc.cgroup.devices.allow = c 5:2 rwm
249 lxc.cgroup.devices.allow = c 254:0 rm
252 lxc.mount.auto=cgroup:mixed proc:mixed sys:mixed
253 lxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0
254 lxc.mount.entry=shm dev/shm tmpfs nodev,nosuid,noexec,mode=1777 0 0
268 Usage: $(basename $0) [-h|--help] [-r|--repository <url>]
269 [-R|--release <release>] [-a|--arch <arch>]
270 [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
282 usage_err
"option '$1' requires an argument"
286 default_path
=@LXCPATH@
290 # template mknods, requires root
291 if [ $
(id
-u) -ne 0 ]; then
292 echo "$(basename $0): must be run as root" >&2
296 while [ $# -gt 0 ]; do
305 optarg_check
$opt "$1"
310 optarg_check
$opt "$1"
315 optarg_check
$opt "$1"
320 optarg_check
$opt "$1"
325 optarg_check
$opt "$1"
330 optarg_check
$opt "$1"
337 # split --myopt=foo=bar into --myopt foo=bar
338 set -- ${opt%=*} ${opt#*=} "$@"
341 usage_err
"unknown option '$opt'"
344 # split opts -abc into -a -b -c
345 set -- $
(echo "${opt#-}" |
sed 's/\(.\)/ -\1/g') "$@"
351 [ -z "$name" ] && usage_err
353 if [ -z "${path}" ]; then
354 path
="${default_path}/${name}"
357 if [ -z "$rootfs" ]; then
358 rootfs
=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
359 if [ -z "$rootfs" ]; then
360 rootfs
="${path}/rootfs"
381 die
"unsupported architecture: $arch"
386 if ! which $APK >/dev
/null
; then
387 get_static_apk
"$rootfs" || die
"Failed to download a valid static apk"
390 install_alpine
"$rootfs" "$@" || die
"Failed to install rootfs for $name"
391 configure_alpine
"$rootfs" "$name" || die
"Failed to configure $name"
392 copy_configuration
"$path" "$rootfs" "$name"