]>
git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-alpine.in
3 # Detect use under userns (unsupported)
5 [ "$arg" = "--" ] && break
6 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
7 echo "This template can't be used for unprivileged containers." 1>&2
8 echo "You may want to try the \"download\" template instead." 1>&2
13 # Make sure the usual locations are in PATH
14 PATH
=$PATH:/usr
/sbin
:/usr
/bin
:/sbin
:/bin
17 key_sha256sums
="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
18 2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub
19 ebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
20 1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
21 12f899e55a7691225603d6fb3324940fc51cd7f133e7ead788663c2b7eecb00c alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub"
26 pkglist
=alpine-keys
:apk-tools-static
29 if [ -z "$repository" ]; then
30 url
=http
://wiki.alpinelinux.org
/cgi-bin
/dl.cgi
31 if [ -z "$release" ]; then
32 echo -n "Determining the latest release... "
33 release
=$
($wget $url/.latest.
$apk_arch.txt | \
34 cut
-d " " -f 3 | cut
-d / -f 1 |
uniq)
35 if [ -z "$release" ]; then
41 auto_repo_dir
=$release/main
42 repository
=$url/$auto_repo_dir
43 pkglist
=$pkglist:alpine-mirrors
47 echo "Using static apk from $repository/$apk_arch"
48 wget
="$wget $repository/$apk_arch"
50 # parse APKINDEX to find the current versions
51 static_pkgs
=$
($wget/APKINDEX.
tar.gz | \
53 awk -F: -v pkglist
=$pkglist '
54 BEGIN { split(pkglist,pkg) }
55 $0 != "" { f[$1] = $2 }
56 $0 == "" { for (i in pkg)
58 print(f["P"] "-" f["V"] ".apk") }')
59 [ "$static_pkgs" ] ||
return 1
61 mkdir
-p "$rootfs" ||
return 1
62 for pkg
in $static_pkgs; do
63 echo "Downloading $pkg"
64 $wget/$pkg |
tar -xz -C "$rootfs"
67 # clean up .apk meta files
68 rm -f "$rootfs"/.
[A-Z
]*
70 # verify checksum of the key
71 keyname
=$
(echo $rootfs/sbin
/apk.static.
*.pub |
sed 's/.*\.SIGN\.RSA\.//')
72 checksum
=$
(echo "$key_sha256sums" |
grep -w "$keyname")
73 if [ -z "$checksum" ]; then
74 echo "ERROR: checksum is missing for $keyname"
77 (cd $rootfs/etc
/apk
/keys
&& echo "$checksum" | sha256sum
-c -) ||
return 1
79 # verify the static apk binary signature
80 APK
=$rootfs/sbin
/apk.static
81 openssl dgst
-verify $rootfs/etc
/apk
/keys
/$keyname \
82 -signature "$APK.SIGN.RSA.$keyname" "$APK" ||
return 1
84 if [ "$auto_repo_dir" ]; then
85 mirror_list
=$rootfs/usr
/share
/alpine-mirrors
/MIRRORS.txt
86 mirror_count
=$
(wc -l $mirror_list | cut
-d " " -f 1)
87 random
=$
(hexdump -n 2 -e '/2 "%u"' /dev
/urandom
)
88 repository
=$
(sed $
(expr $random % $mirror_count + 1)\
!d \
89 $mirror_list)$auto_repo_dir
90 echo "Selecting mirror $repository"
97 mkdir
-p "$rootfs"/etc
/apk ||
return 1
98 : ${keys_dir:=/etc/apk/keys}
99 if ! [ -d "$rootfs"/etc
/apk
/keys
] && [ -d "$keys_dir" ]; then
100 cp -r "$keys_dir" "$rootfs"/etc
/apk
/keys
102 if [ -n "$repository" ]; then
103 echo "$repository" > "$rootfs"/etc
/apk
/repositories
105 cp /etc
/apk
/repositories
"$rootfs"/etc
/apk
/repositories ||
return 1
106 if [ -n "$release" ]; then
107 sed -i -e "s:/[^/]\+/\([^/]\+\)$:/$release/\1:" \
108 "$rootfs"/etc
/apk
/repositories
112 if [ -n "$apk_arch" ]; then
113 opt_arch
="--arch $apk_arch"
115 $APK add
-U --initdb --root $rootfs $opt_arch "$@" alpine-base
120 echo "Setting up /etc/inittab"
121 cat >"$rootfs"/etc
/inittab
<<EOF
122 ::sysinit:/sbin/rc sysinit
123 ::wait:/sbin/rc default
124 console:12345:respawn:/sbin/getty 38400 console
125 tty1:12345:respawn:/sbin/getty 38400 tty1
126 tty2:12345:respawn:/sbin/getty 38400 tty2
127 tty3:12345:respawn:/sbin/getty 38400 tty3
128 tty4:12345:respawn:/sbin/getty 38400 tty4
129 ::ctrlaltdel:/sbin/reboot
130 ::shutdown:/sbin/rc shutdown
133 if [ -f /etc
/TZ
]; then
134 cp /etc
/TZ
"$rootfs/etc/TZ"
138 grep nameserver
/etc
/resolv.conf
> "$rootfs/etc/resolv.conf"
140 # configure the network using the dhcp
141 cat <<EOF > $rootfs/etc/network/interfaces
143 iface lo inet loopback
150 echo $hostname > $rootfs/etc
/hostname
152 # missing device nodes
153 echo "Setting up device nodes"
154 mkdir
-p -m 755 "$rootfs/dev/pts"
155 mkdir
-p -m 1777 "$rootfs/dev/shm"
156 mknod
-m 666 "$rootfs/dev/zero" c
1 5
157 mknod
-m 666 "$rootfs/dev/full" c
1 7
158 mknod
-m 666 "$rootfs/dev/random" c
1 8
159 mknod
-m 666 "$rootfs/dev/urandom" c
1 9
160 mknod
-m 666 "$rootfs/dev/tty0" c
4 0
161 mknod
-m 666 "$rootfs/dev/tty1" c
4 1
162 mknod
-m 666 "$rootfs/dev/tty2" c
4 2
163 mknod
-m 666 "$rootfs/dev/tty3" c
4 3
164 mknod
-m 666 "$rootfs/dev/tty4" c
4 4
165 # mknod -m 600 "$rootfs/dev/initctl" p
166 mknod
-m 666 "$rootfs/dev/tty" c
5 0
167 mknod
-m 666 "$rootfs/dev/console" c
5 1
168 mknod
-m 666 "$rootfs/dev/ptmx" c
5 2
171 ln -s /etc
/init.d
/bootmisc
"$rootfs"/etc
/runlevels
/boot
/bootmisc
172 ln -s /etc
/init.d
/syslog
"$rootfs"/etc
/runlevels
/boot
/syslog
177 copy_configuration
() {
182 grep -q "^lxc.rootfs" $path/config
2>/dev
/null \
183 ||
echo "lxc.rootfs = $rootfs" >> $path/config
184 if [ -n "$lxc_arch" ]; then
185 echo "lxc.arch = $lxc_arch" >> $path/config
188 lxc_network_link_line
="# lxc.network.link = br0"
189 for br
in lxcbr0 virbr0 br0
; do
190 if [ -d /sys
/class
/net
/$br/bridge
]; then
191 lxc_network_link_line
="lxc.network.link = $br"
196 if ! grep -q "^lxc.network.type" $path/config
2>/dev
/null
; then
197 cat <<EOF >> $path/config
198 lxc.network.type = veth
199 $lxc_network_link_line
200 lxc.network.flags = up
204 # if there is exactly one veth or macvlan network entry, make sure
205 # it has an associated mac address.
206 nics
=$
(awk -F '[ \t]*=[ \t]*' \
207 '$1=="lxc.network.type" && ($2=="veth" || $2=="macvlan") {print $2}' \
208 $path/config |
wc -l)
209 if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config
; then
210 # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
211 hwaddr
="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
212 head -n 1 |awk '{print $2}' | cut -c1-10 |\
213 sed 's/\(..\)/\1:/g; s/.$//')"
214 echo "lxc.network.hwaddr = $hwaddr" >> $path/config
217 cat <<EOF >> $path/config
221 lxc.utsname = $hostname
222 lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
224 # When using LXC with apparmor, uncomment the next line to run unconfined:
225 #lxc.aa_profile = unconfined
228 lxc.cgroup.devices.deny = a
229 # /dev/null, zero and full
230 lxc.cgroup.devices.allow = c 1:3 rwm
231 lxc.cgroup.devices.allow = c 1:5 rwm
232 lxc.cgroup.devices.allow = c 1:7 rwm
234 lxc.cgroup.devices.allow = c 5:1 rwm
235 lxc.cgroup.devices.allow = c 5:0 rwm
236 lxc.cgroup.devices.allow = c 4:0 rwm
237 lxc.cgroup.devices.allow = c 4:1 rwm
239 lxc.cgroup.devices.allow = c 1:9 rwm
240 lxc.cgroup.devices.allow = c 1:8 rwm
241 lxc.cgroup.devices.allow = c 136:* rwm
242 lxc.cgroup.devices.allow = c 5:2 rwm
244 lxc.cgroup.devices.allow = c 254:0 rm
247 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
248 lxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0
249 lxc.mount.entry=none dev/pts devpts gid=5,mode=620 0 0
250 lxc.mount.entry=shm dev/shm tmpfs nodev,nosuid,noexec,mode=1777 0 0
264 Usage: $(basename $0) [-h|--help] [-r|--repository <url>]
265 [-R|--release <release>] [-a|--arch <arch>]
266 [--rootfs <rootfs>] -p|--path <path> -n|--name <name>
278 usage_err
"option '$1' requires an argument"
282 default_path
=@LXCPATH@
286 # template mknods, requires root
287 if [ $
(id
-u) -ne 0 ]; then
288 echo "$(basename $0): must be run as root" >&2
292 while [ $# -gt 0 ]; do
301 optarg_check
$opt "$1"
306 optarg_check
$opt "$1"
311 optarg_check
$opt "$1"
316 optarg_check
$opt "$1"
321 optarg_check
$opt "$1"
326 optarg_check
$opt "$1"
333 # split --myopt=foo=bar into --myopt foo=bar
334 set -- ${opt%=*} ${opt#*=} "$@"
337 usage_err
"unknown option '$opt'"
340 # split opts -abc into -a -b -c
341 set -- $
(echo "${opt#-}" |
sed 's/\(.\)/ -\1/g') "$@"
347 [ -z "$name" ] && usage_err
349 if [ -z "${path}" ]; then
350 path
="${default_path}/${name}"
353 if [ -z "$rootfs" ]; then
354 rootfs
=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
355 if [ -z "$rootfs" ]; then
356 rootfs
="${path}/rootfs"
377 die
"unsupported architecture: $arch"
382 if ! which $APK >/dev
/null
; then
383 get_static_apk
"$rootfs" || die
"Failed to download a valid static apk"
386 install_alpine
"$rootfs" "$@" || die
"Failed to install rootfs for $name"
387 configure_alpine
"$rootfs" "$name" || die
"Failed to configure $name"
388 copy_configuration
"$path" "$rootfs" "$name"