]>
git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-alpine.in
3 key_sha256sums
="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
4 2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub"
8 pkglist
=alpine-keys
:apk-tools-static
11 if [ -z "$repository" ]; then
12 url
=http
://wiki.alpinelinux.org
/cgi-bin
/dl.cgi
13 if [ -z "$release" ]; then
14 echo -n "Determining the latest release... "
15 release
=$
($wget $url/.latest.
$apk_arch.txt | \
16 cut
-d " " -f 3 | cut
-d / -f 1 |
uniq)
17 if [ -z "$release" ]; then
23 auto_repo_dir
=$release/main
24 repository
=$url/$auto_repo_dir
25 pkglist
=$pkglist:alpine-mirrors
29 echo "Using static apk from $repository/$apk_arch"
30 wget
="$wget $repository/$apk_arch"
32 # parse APKINDEX to find the current versions
33 static_pkgs
=$
($wget/APKINDEX.
tar.gz | \
35 awk -F: -v pkglist
=$pkglist '
36 BEGIN { split(pkglist,pkg) }
37 $0 != "" { f[$1] = $2 }
38 $0 == "" { for (i in pkg)
40 print(f["P"] "-" f["V"] ".apk") }')
41 [ "$static_pkgs" ] ||
return 1
43 mkdir
-p "$rootfs" ||
return 1
44 for pkg
in $static_pkgs; do
45 echo "Downloading $pkg"
46 $wget/$pkg |
tar -xz -C "$rootfs"
49 # clean up .apk meta files
50 rm -f "$rootfs"/.
[A-Z
]*
52 # verify checksum of the key
53 keyname
=$
(echo $rootfs/sbin
/apk.static.
*.pub |
sed 's/.*\.SIGN\.RSA\.//')
54 checksum
=$
(echo "$key_sha256sums" |
grep -w "$keyname")
55 if [ -z "$checksum" ]; then
56 echo "ERROR: checksum is missing for $keyname"
59 (cd $rootfs/etc
/apk
/keys
&& echo "$checksum" | sha256sum
-c -) ||
return 1
61 # verify the static apk binary signature
62 APK
=$rootfs/sbin
/apk.static
63 openssl dgst
-verify $rootfs/etc
/apk
/keys
/$keyname \
64 -signature "$APK.SIGN.RSA.$keyname" "$APK" ||
return 1
66 if [ "$auto_repo_dir" ]; then
67 mirror_list
=$rootfs/usr
/share
/alpine-mirrors
/MIRRORS.txt
68 mirror_count
=$
(wc -l $mirror_list | cut
-d " " -f 1)
69 repository
=$
(sed $
(expr $RANDOM % $mirror_count + 1)\
!d \
70 $mirror_list)$auto_repo_dir
71 echo "Selecting mirror $repository"
78 mkdir
-p "$rootfs"/etc
/apk ||
return 1
79 : ${keys_dir:=/etc/apk/keys}
80 if ! [ -d "$rootfs"/etc
/apk
/keys
] && [ -d "$keys_dir" ]; then
81 cp -r "$keys_dir" "$rootfs"/etc
/apk
/keys
83 if [ -n "$repository" ]; then
84 echo "$repository" > "$rootfs"/etc
/apk
/repositories
86 cp /etc
/apk
/repositories
"$rootfs"/etc
/apk
/repositories ||
return 1
87 if [ -n "$release" ]; then
88 sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
89 "$rootfs"/etc
/apk
/repositories
93 if [ -n "$apk_arch" ]; then
94 opt_arch
="--arch $apk_arch"
96 $APK add
-U --initdb --root $rootfs $opt_arch "$@" alpine-base
101 echo "Setting up /etc/inittab"
102 cat >"$rootfs"/etc
/inittab
<<EOF
103 ::sysinit:/sbin/rc sysinit
104 ::wait:/sbin/rc default
105 tty1:12345:respawn:/sbin/getty 38400 tty1
106 tty2:12345:respawn:/sbin/getty 38400 tty2
107 tty3:12345:respawn:/sbin/getty 38400 tty3
108 tty4:12345:respawn:/sbin/getty 38400 tty4
109 ::ctrlaltdel:/sbin/reboot
110 ::shutdown:/sbin/rc shutdown
113 grep nameserver
/etc
/resolv.conf
> "$rootfs/etc/resolv.conf"
115 # configure the network using the dhcp
116 cat <<EOF > $rootfs/etc/network/interfaces
118 iface lo inet loopback
125 echo $hostname > $rootfs/etc
/hostname
127 # missing device nodes
128 echo "Setting up device nodes"
129 mkdir
-p -m 755 "$rootfs/dev/pts"
130 mkdir
-p -m 1777 "$rootfs/dev/shm"
131 mknod
-m 666 "$rootfs/dev/zero" c
1 5
132 mknod
-m 666 "$rootfs/dev/full" c
1 7
133 mknod
-m 666 "$rootfs/dev/random" c
1 8
134 mknod
-m 666 "$rootfs/dev/urandom" c
1 9
135 mknod
-m 666 "$rootfs/dev/tty0" c
4 0
136 mknod
-m 666 "$rootfs/dev/tty1" c
4 1
137 mknod
-m 666 "$rootfs/dev/tty2" c
4 2
138 mknod
-m 666 "$rootfs/dev/tty3" c
4 3
139 mknod
-m 666 "$rootfs/dev/tty4" c
4 4
140 # mknod -m 600 "$rootfs/dev/initctl" p
141 mknod
-m 666 "$rootfs/dev/tty" c
5 0
142 mknod
-m 666 "$rootfs/dev/console" c
5 1
143 mknod
-m 666 "$rootfs/dev/ptmx" c
5 2
146 ln -s /etc
/init.d
/bootmisc
"$rootfs"/etc
/runlevels
/boot
/bootmisc
147 ln -s /etc
/init.d
/syslog
"$rootfs"/etc
/runlevels
/boot
/syslog
152 copy_configuration
() {
157 grep -q "^lxc.rootfs" $path/config
2>/dev
/null \
158 ||
echo "lxc.rootfs = $rootfs" >> $path/config
159 if [ -n "$lxc_arch" ]; then
160 echo "lxc.arch = $lxc_arch" >> $path/config
163 lxc_network_link_line
="# lxc.network.link = br0"
164 for br
in lxcbr0 virbr0 br0
; do
165 if [ -d /sys
/class
/net
/$br/bridge
]; then
166 lxc_network_link_line
="lxc.network.link = $br"
171 if ! grep -q "^lxc.network.type" $path/config
2>/dev
/null
; then
172 cat <<EOF >> $path/config
173 lxc.network.type = veth
174 $lxc_network_link_line
175 lxc.network.flags = up
179 # if there is exactly one veth or macvlan network entry, make sure
180 # it has an associated mac address.
181 nics
=$
(awk -F '[ \t]*=[ \t]*' \
182 '$1=="lxc.network.type" && ($2=="veth" || $2=="macvlan") {print $2}' \
183 $path/config |
wc -l)
184 if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config
; then
185 # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
186 hwaddr
="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
187 head -1 |awk '{print $2}' | cut -c1-10 |\
188 sed 's/\(..\)/\1:/g; s/.$//')"
189 echo "lxc.network.hwaddr = $hwaddr" >> $path/config
192 cat <<EOF >> $path/config
196 lxc.utsname = $hostname
197 lxc.cap.drop = sys_module mac_admin mac_override sys_time
199 # When using LXC with apparmor, uncomment the next line to run unconfined:
200 #lxc.aa_profile = unconfined
203 lxc.cgroup.devices.deny = a
204 # /dev/null, zero and full
205 lxc.cgroup.devices.allow = c 1:3 rwm
206 lxc.cgroup.devices.allow = c 1:5 rwm
207 lxc.cgroup.devices.allow = c 1:7 rwm
209 lxc.cgroup.devices.allow = c 5:1 rwm
210 lxc.cgroup.devices.allow = c 5:0 rwm
211 lxc.cgroup.devices.allow = c 4:0 rwm
212 lxc.cgroup.devices.allow = c 4:1 rwm
214 lxc.cgroup.devices.allow = c 1:9 rwm
215 lxc.cgroup.devices.allow = c 1:8 rwm
216 lxc.cgroup.devices.allow = c 136:* rwm
217 lxc.cgroup.devices.allow = c 5:2 rwm
219 lxc.cgroup.devices.allow = c 254:0 rm
222 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
223 lxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0
224 lxc.mount.entry=none dev/pts devpts gid=5,mode=620 0 0
238 Usage: $(basename $0) [-h|--help] [-r|--repository <url>]
239 [-R|--release <release>] [-a|--arch <arch>]
240 [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
252 usage_err
"option '$1' requires an argument"
256 default_path
=@LXCPATH@
260 # template mknods, requires root
261 if [ $
(id
-u) -ne 0 ]; then
262 echo "$(basename $0): must be run as root" >&2
266 while [ $# -gt 0 ]; do
275 optarg_check
$opt "$1"
280 optarg_check
$opt "$1"
285 optarg_check
$opt "$1"
290 optarg_check
$opt "$1"
295 optarg_check
$opt "$1"
300 optarg_check
$opt "$1"
307 # split --myopt=foo=bar into --myopt foo=bar
308 set -- ${opt%=*} ${opt#*=} "$@"
311 usage_err
"unknown option '$opt'"
314 # split opts -abc into -a -b -c
315 set -- $
(echo "${opt#-}" |
sed 's/\(.\)/ -\1/g') "$@"
321 [ -z "$name" ] && usage_err
323 if [ -z "${path}" ]; then
324 path
="${default_path}/${name}"
327 if [ -z "$rootfs" ]; then
328 rootfs
=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
329 if [ -z "$rootfs" ]; then
330 rootfs
="${path}/rootfs"
347 die
"unsupported architecture: $arch"
352 if ! which $APK >/dev
/null
; then
353 get_static_apk
"$rootfs" || die
"Failed to download a valid static apk"
356 install_alpine
"$rootfs" "$@" || die
"Failed to install rootfs for $name"
357 configure_alpine
"$rootfs" "$name" || die
"Failed to configure $name"
358 copy_configuration
"$path" "$rootfs" "$name"