]> git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-alpine.in
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
lxc-alpine: create a default tty for console
[mirror_lxc.git] / templates / lxc-alpine.in
1 #!/bin/sh
2
3 # Detect use under userns (unsupported)
4 for arg in "$@"; do
5 [ "$arg" = "--" ] && break
6 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
7 echo "This template can't be used for unprivileged containers." 1>&2
8 echo "You may want to try the \"download\" template instead." 1>&2
9 exit 1
10 fi
11 done
12
13 # Make sure the usual locations are in PATH
14 PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
15 export PATH
16
17 key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
18 2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub
19 ebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
20 1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
21 12f899e55a7691225603d6fb3324940fc51cd7f133e7ead788663c2b7eecb00c alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub"
22
23
24 get_static_apk () {
25 wget="wget -q -O -"
26 pkglist=alpine-keys:apk-tools-static
27 auto_repo_dir=
28
29 if [ -z "$repository" ]; then
30 url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi
31 if [ -z "$release" ]; then
32 echo -n "Determining the latest release... "
33 release=$($wget $url/.latest.$apk_arch.txt | \
34 cut -d " " -f 3 | cut -d / -f 1 | uniq)
35 if [ -z "$release" ]; then
36 echo failed
37 return 1
38 fi
39 echo $release
40 fi
41 auto_repo_dir=$release/main
42 repository=$url/$auto_repo_dir
43 pkglist=$pkglist:alpine-mirrors
44 fi
45
46 rootfs="$1"
47 echo "Using static apk from $repository/$apk_arch"
48 wget="$wget $repository/$apk_arch"
49
50 # parse APKINDEX to find the current versions
51 static_pkgs=$($wget/APKINDEX.tar.gz | \
52 tar -Oxz APKINDEX | \
53 awk -F: -v pkglist=$pkglist '
54 BEGIN { split(pkglist,pkg) }
55 $0 != "" { f[$1] = $2 }
56 $0 == "" { for (i in pkg)
57 if (pkg[i] == f["P"])
58 print(f["P"] "-" f["V"] ".apk") }')
59 [ "$static_pkgs" ] || return 1
60
61 mkdir -p "$rootfs" || return 1
62 for pkg in $static_pkgs; do
63 echo "Downloading $pkg"
64 $wget/$pkg | tar -xz -C "$rootfs"
65 done
66
67 # clean up .apk meta files
68 rm -f "$rootfs"/.[A-Z]*
69
70 # verify checksum of the key
71 keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
72 checksum=$(echo "$key_sha256sums" | grep -w "$keyname")
73 if [ -z "$checksum" ]; then
74 echo "ERROR: checksum is missing for $keyname"
75 return 1
76 fi
77 (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1
78
79 # verify the static apk binary signature
80 APK=$rootfs/sbin/apk.static
81 openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
82 -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
83
84 if [ "$auto_repo_dir" ]; then
85 mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt
86 mirror_count=$(wc -l $mirror_list | cut -d " " -f 1)
87 random=$(hexdump -n 2 -e '/2 "%u"' /dev/urandom)
88 repository=$(sed $(expr $random % $mirror_count + 1)\!d \
89 $mirror_list)$auto_repo_dir
90 echo "Selecting mirror $repository"
91 fi
92 }
93
94 install_alpine() {
95 rootfs="$1"
96 shift
97 mkdir -p "$rootfs"/etc/apk || return 1
98 : ${keys_dir:=/etc/apk/keys}
99 if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then
100 cp -r "$keys_dir" "$rootfs"/etc/apk/keys
101 fi
102 if [ -n "$repository" ]; then
103 echo "$repository" > "$rootfs"/etc/apk/repositories
104 else
105 cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1
106 if [ -n "$release" ]; then
107 sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
108 "$rootfs"/etc/apk/repositories
109 fi
110 fi
111 opt_arch=
112 if [ -n "$apk_arch" ]; then
113 opt_arch="--arch $apk_arch"
114 fi
115 $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base
116 }
117
118 configure_alpine() {
119 rootfs="$1"
120 echo "Setting up /etc/inittab"
121 cat >"$rootfs"/etc/inittab<<EOF
122 ::sysinit:/sbin/rc sysinit
123 ::wait:/sbin/rc default
124 console:12345:respawn:/sbin/getty 38400 console
125 tty1:12345:respawn:/sbin/getty 38400 tty1
126 tty2:12345:respawn:/sbin/getty 38400 tty2
127 tty3:12345:respawn:/sbin/getty 38400 tty3
128 tty4:12345:respawn:/sbin/getty 38400 tty4
129 ::ctrlaltdel:/sbin/reboot
130 ::shutdown:/sbin/rc shutdown
131 EOF
132 # set up timezone
133 if [ -f /etc/TZ ]; then
134 cp /etc/TZ "$rootfs/etc/TZ"
135 fi
136
137 # set up nameserver
138 grep nameserver /etc/resolv.conf > "$rootfs/etc/resolv.conf"
139
140 # configure the network using the dhcp
141 cat <<EOF > $rootfs/etc/network/interfaces
142 auto lo
143 iface lo inet loopback
144
145 auto eth0
146 iface eth0 inet dhcp
147 EOF
148
149 # set the hostname
150 echo $hostname > $rootfs/etc/hostname
151
152 # missing device nodes
153 echo "Setting up device nodes"
154 mkdir -p -m 755 "$rootfs/dev/pts"
155 mkdir -p -m 1777 "$rootfs/dev/shm"
156 mknod -m 666 "$rootfs/dev/zero" c 1 5
157 mknod -m 666 "$rootfs/dev/full" c 1 7
158 mknod -m 666 "$rootfs/dev/random" c 1 8
159 mknod -m 666 "$rootfs/dev/urandom" c 1 9
160 mknod -m 666 "$rootfs/dev/tty0" c 4 0
161 mknod -m 666 "$rootfs/dev/tty1" c 4 1
162 mknod -m 666 "$rootfs/dev/tty2" c 4 2
163 mknod -m 666 "$rootfs/dev/tty3" c 4 3
164 mknod -m 666 "$rootfs/dev/tty4" c 4 4
165 # mknod -m 600 "$rootfs/dev/initctl" p
166 mknod -m 666 "$rootfs/dev/tty" c 5 0
167 mknod -m 666 "$rootfs/dev/console" c 5 1
168 mknod -m 666 "$rootfs/dev/ptmx" c 5 2
169
170 # start services
171 ln -s /etc/init.d/bootmisc "$rootfs"/etc/runlevels/boot/bootmisc
172 ln -s /etc/init.d/syslog "$rootfs"/etc/runlevels/boot/syslog
173
174 return 0
175 }
176
177 copy_configuration() {
178 path=$1
179 rootfs=$2
180 hostname=$3
181
182 grep -q "^lxc.rootfs" $path/config 2>/dev/null \
183 || echo "lxc.rootfs = $rootfs" >> $path/config
184 if [ -n "$lxc_arch" ]; then
185 echo "lxc.arch = $lxc_arch" >> $path/config
186 fi
187
188 lxc_network_link_line="# lxc.network.link = br0"
189 for br in lxcbr0 virbr0 br0; do
190 if [ -d /sys/class/net/$br/bridge ]; then
191 lxc_network_link_line="lxc.network.link = $br"
192 break
193 fi
194 done
195
196 if ! grep -q "^lxc.network.type" $path/config 2>/dev/null; then
197 cat <<EOF >> $path/config
198 lxc.network.type = veth
199 $lxc_network_link_line
200 lxc.network.flags = up
201 EOF
202 fi
203
204 # if there is exactly one veth or macvlan network entry, make sure
205 # it has an associated mac address.
206 nics=$(awk -F '[ \t]*=[ \t]*' \
207 '$1=="lxc.network.type" && ($2=="veth" || $2=="macvlan") {print $2}' \
208 $path/config | wc -l)
209 if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config; then
210 # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
211 hwaddr="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
212 head -n 1 |awk '{print $2}' | cut -c1-10 |\
213 sed 's/\(..\)/\1:/g; s/.$//')"
214 echo "lxc.network.hwaddr = $hwaddr" >> $path/config
215 fi
216
217 cat <<EOF >> $path/config
218
219 lxc.tty = 4
220 lxc.pts = 1024
221 lxc.utsname = $hostname
222 lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
223
224 # When using LXC with apparmor, uncomment the next line to run unconfined:
225 #lxc.aa_profile = unconfined
226
227 # devices
228 lxc.cgroup.devices.deny = a
229 # /dev/null, zero and full
230 lxc.cgroup.devices.allow = c 1:3 rwm
231 lxc.cgroup.devices.allow = c 1:5 rwm
232 lxc.cgroup.devices.allow = c 1:7 rwm
233 # consoles
234 lxc.cgroup.devices.allow = c 5:1 rwm
235 lxc.cgroup.devices.allow = c 5:0 rwm
236 lxc.cgroup.devices.allow = c 4:0 rwm
237 lxc.cgroup.devices.allow = c 4:1 rwm
238 # /dev/{,u}random
239 lxc.cgroup.devices.allow = c 1:9 rwm
240 lxc.cgroup.devices.allow = c 1:8 rwm
241 lxc.cgroup.devices.allow = c 136:* rwm
242 lxc.cgroup.devices.allow = c 5:2 rwm
243 # rtc
244 lxc.cgroup.devices.allow = c 254:0 rm
245
246 # mounts point
247 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
248 lxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0
249 lxc.mount.entry=none dev/pts devpts gid=5,mode=620 0 0
250 lxc.mount.entry=shm dev/shm tmpfs nodev,nosuid,noexec,mode=1777 0 0
251
252 EOF
253
254 return 0
255 }
256
257 die() {
258 echo "$@" >&2
259 exit 1
260 }
261
262 usage() {
263 cat >&2 <<EOF
264 Usage: $(basename $0) [-h|--help] [-r|--repository <url>]
265 [-R|--release <release>] [-a|--arch <arch>]
266 [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
267 [PKG...]
268 EOF
269 }
270
271 usage_err() {
272 usage
273 exit 1
274 }
275
276 optarg_check() {
277 if [ -z "$2" ]; then
278 usage_err "option '$1' requires an argument"
279 fi
280 }
281
282 default_path=@LXCPATH@
283 release=
284 arch=$(uname -m)
285
286 # template mknods, requires root
287 if [ $(id -u) -ne 0 ]; then
288 echo "$(basename $0): must be run as root" >&2
289 exit 1
290 fi
291
292 while [ $# -gt 0 ]; do
293 opt="$1"
294 shift
295 case "$opt" in
296 -h|--help)
297 usage
298 exit 0
299 ;;
300 -n|--name)
301 optarg_check $opt "$1"
302 name=$1
303 shift
304 ;;
305 --rootfs)
306 optarg_check $opt "$1"
307 rootfs=$1
308 shift
309 ;;
310 -p|--path)
311 optarg_check $opt "$1"
312 path=$1
313 shift
314 ;;
315 -r|--repository)
316 optarg_check $opt "$1"
317 repository=$1
318 shift
319 ;;
320 -R|--release)
321 optarg_check $opt "$1"
322 release=$1
323 shift
324 ;;
325 -a|--arch)
326 optarg_check $opt "$1"
327 arch=$1
328 shift
329 ;;
330 --)
331 break;;
332 --*=*)
333 # split --myopt=foo=bar into --myopt foo=bar
334 set -- ${opt%=*} ${opt#*=} "$@"
335 ;;
336 -?)
337 usage_err "unknown option '$opt'"
338 ;;
339 -*)
340 # split opts -abc into -a -b -c
341 set -- $(echo "${opt#-}" | sed 's/\(.\)/ -\1/g') "$@"
342 ;;
343 esac
344 done
345
346
347 [ -z "$name" ] && usage_err
348
349 if [ -z "${path}" ]; then
350 path="${default_path}/${name}"
351 fi
352
353 if [ -z "$rootfs" ]; then
354 rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
355 if [ -z "$rootfs" ]; then
356 rootfs="${path}/rootfs"
357 fi
358 fi
359
360 lxc_arch=$arch
361 apk_arch=$arch
362
363 case "$arch" in
364 i[3-6]86)
365 apk_arch=x86
366 lxc_arch=x86
367 ;;
368 x86)
369 lxc_arch=i686
370 ;;
371 x86_64|"")
372 ;;
373 arm*)
374 apk_arch=armhf
375 ;;
376 *)
377 die "unsupported architecture: $arch"
378 ;;
379 esac
380
381 : ${APK:=apk}
382 if ! which $APK >/dev/null; then
383 get_static_apk "$rootfs" || die "Failed to download a valid static apk"
384 fi
385
386 install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name"
387 configure_alpine "$rootfs" "$name" || die "Failed to configure $name"
388 copy_configuration "$path" "$rootfs" "$name"
LXC mirror