]> git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-debian.in
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1718 from agaida/patch-1
[mirror_lxc.git] / templates / lxc-debian.in
1 #!/bin/bash
2
3 #
4 # lxc: linux Container library
5
6 # Authors:
7 # Daniel Lezcano <daniel.lezcano@free.fr>
8
9 # This library is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU Lesser General Public
11 # License as published by the Free Software Foundation; either
12 # version 2.1 of the License, or (at your option) any later version.
13
14 # This library is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 # Lesser General Public License for more details.
18
19 # You should have received a copy of the GNU Lesser General Public
20 # License along with this library; if not, write to the Free Software
21 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22
23 # Detect use under userns (unsupported)
24 for arg in "$@"; do
25 [ "$arg" = "--" ] && break
26 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
27 echo "This template can't be used for unprivileged containers." 1>&2
28 echo "You may want to try the \"download\" template instead." 1>&2
29 exit 1
30 fi
31 done
32
33 # Make sure the usual locations are in PATH
34 export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
35 export GREP_OPTIONS=""
36
37 MIRROR=${MIRROR:-http://deb.debian.org/debian}
38 SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.debian.org/}
39 LOCALSTATEDIR="@LOCALSTATEDIR@"
40 LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
41 # Allows the lxc-cache directory to be set by environment variable
42 LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"}
43
44 find_interpreter()
45 {
46 given_interpreter=$(basename "$1")
47
48 if [ ! -d /proc/sys/fs/binfmt_misc/ ] ; then
49 return 1
50 fi
51 for file in /proc/sys/fs/binfmt_misc/* ; do
52 if [ "$file" = "/proc/sys/fs/binfmt_misc/register" -o \
53 "$file" = "/proc/sys/fs/binfmt_misc/status" ] ; then
54 continue
55 fi
56 interpreter_path=$(sed -n "/^interpreter/s/interpreter \([^[:space:]]*\)/\1/p" "$file")
57 interpreter=$(basename "$interpreter_path")
58
59 if [ "$given_interpreter" = "$interpreter" ] ; then
60 echo "$interpreter_path"
61 return 0
62 fi
63 done
64 return 1
65 }
66
67 configure_debian()
68 {
69 rootfs=$1
70 hostname=$2
71 num_tty=$3
72
73 # squeeze only has /dev/tty and /dev/tty0 by default,
74 # therefore creating missing device nodes for tty1-4.
75 for tty in $(seq 1 "$num_tty"); do
76 if [ ! -e "$rootfs/dev/tty$tty" ]; then
77 mknod "$rootfs/dev/tty$tty" c 4 "$tty"
78 fi
79 done
80
81 # configure the inittab
82 cat <<EOF > $rootfs/etc/inittab
83 id:3:initdefault:
84 si::sysinit:/etc/init.d/rcS
85 l0:0:wait:/etc/init.d/rc 0
86 l1:1:wait:/etc/init.d/rc 1
87 l2:2:wait:/etc/init.d/rc 2
88 l3:3:wait:/etc/init.d/rc 3
89 l4:4:wait:/etc/init.d/rc 4
90 l5:5:wait:/etc/init.d/rc 5
91 l6:6:wait:/etc/init.d/rc 6
92 # Normally not reached, but fallthrough in case of emergency.
93 z6:6:respawn:/sbin/sulogin
94 1:2345:respawn:/sbin/getty 38400 console
95 $(for tty in $(seq 1 "$num_tty"); do echo "c${tty}:12345:respawn:/sbin/getty 38400 tty${tty} linux" ; done;)
96 p6::ctrlaltdel:/sbin/init 6
97 p0::powerfail:/sbin/init 0
98 EOF
99
100 # symlink mtab
101 [ -e "$rootfs/etc/mtab" ] && rm "$rootfs/etc/mtab"
102 ln -s /proc/self/mounts "$rootfs/etc/mtab"
103
104 # disable selinux in debian
105 mkdir -p "$rootfs/selinux"
106 echo 0 > "$rootfs/selinux/enforce"
107
108 # configure the network using the dhcp
109 cat <<EOF > $rootfs/etc/network/interfaces
110 auto lo
111 iface lo inet loopback
112
113 auto eth0
114 iface eth0 inet dhcp
115 EOF
116
117 # set the hostname
118 cat <<EOF > $rootfs/etc/hostname
119 $hostname
120 EOF
121
122 # reconfigure some services
123
124 # but first reconfigure locales - so we get no noisy perl-warnings
125 if [ -z "$LANG" ]; then
126 cat >> "$rootfs/etc/locale.gen" << EOF
127 en_US.UTF-8 UTF-8
128 EOF
129 chroot "$rootfs" locale-gen en_US.UTF-8 UTF-8
130 chroot "$rootfs" update-locale LANG=en_US.UTF-8
131 else
132 encoding=$(echo "$LANG" | cut -d. -f2)
133 chroot "$rootfs" sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \
134 -i /etc/locale.gen 2> /dev/null
135 cat >> "$rootfs/etc/locale.gen" << EOF
136 $LANG $encoding
137 EOF
138 chroot "$rootfs" locale-gen "$LANG" "$encoding"
139 chroot "$rootfs" update-locale LANG="$LANG"
140 fi
141
142 # remove pointless services in a container
143 chroot "$rootfs" /usr/sbin/update-rc.d -f checkroot.sh disable
144 chroot "$rootfs" /usr/sbin/update-rc.d -f umountfs disable
145 chroot "$rootfs" /usr/sbin/update-rc.d -f hwclock.sh disable
146 chroot "$rootfs" /usr/sbin/update-rc.d -f hwclockfirst.sh disable
147
148 # generate new SSH keys
149 if [ -x "$rootfs/var/lib/dpkg/info/openssh-server.postinst" ]; then
150 cat > "$rootfs/usr/sbin/policy-rc.d" << EOF
151 #!/bin/sh
152 exit 101
153 EOF
154 chmod +x "$rootfs/usr/sbin/policy-rc.d"
155
156 if [ -f "$rootfs/etc/init/ssh.conf" ]; then
157 mv "$rootfs/etc/init/ssh.conf" "$rootfs/etc/init/ssh.conf.disabled"
158 fi
159
160 rm -f "$rootfs/etc/ssh/"ssh_host_*key*
161
162 DPKG_MAINTSCRIPT_PACKAGE=openssh DPKG_MAINTSCRIPT_NAME=postinst chroot "$rootfs" /var/lib/dpkg/info/openssh-server.postinst configure
163 sed -i "s/root@$(hostname)/root@$hostname/g" "$rootfs/etc/ssh/"ssh_host_*.pub
164
165 if [ -f "$rootfs/etc/init/ssh.conf.disabled" ]; then
166 mv "$rootfs/etc/init/ssh.conf.disabled" "$rootfs/etc/init/ssh.conf"
167 fi
168
169 rm -f "$rootfs/usr/sbin/policy-rc.d"
170 fi
171
172 # set initial timezone as on host
173 if [ -f /etc/timezone ]; then
174 cat /etc/timezone > "$rootfs/etc/timezone"
175 chroot "$rootfs" dpkg-reconfigure -f noninteractive tzdata
176 elif [ -f /etc/sysconfig/clock ]; then
177 . /etc/sysconfig/clock
178 echo "$ZONE" > "$rootfs/etc/timezone"
179 chroot "$rootfs" dpkg-reconfigure -f noninteractive tzdata
180 else
181 echo "Timezone in container is not configured. Adjust it manually."
182 fi
183
184 if [ -n "$authkey" ]; then
185 local ssh_dir_path="${rootfs}/root/.ssh"
186 mkdir -p "$ssh_dir_path"
187 cp "$authkey" "${ssh_dir_path}/authorized_keys"
188 chmod 700 "$ssh_dir_path"
189 echo "Inserted SSH public key from '$authkey' into /root/.ssh/authorized_keys"
190 fi
191
192 return 0
193 }
194
195 write_sourceslist()
196 {
197 local rootfs="$1"; shift
198 local release="$1"; shift
199 local arch="$1"; shift
200
201 local prefix="deb"
202 if [ -n "${arch}" ]; then
203 prefix="deb [arch=${arch}]"
204 fi
205
206 if [ "$mainonly" = 1 ]; then
207 non_main=''
208 else
209 non_main=' contrib non-free'
210 fi
211
212 cat >> "${rootfs}/etc/apt/sources.list" << EOF
213 ${prefix} $MIRROR ${release} main${non_main}
214 EOF
215
216 if [ "$release" != "unstable" -a "$release" != "sid" ]; then
217 cat >> "${rootfs}/etc/apt/sources.list" << EOF
218 ${prefix} $SECURITY_MIRROR ${release}/updates main${non_main}
219 EOF
220 fi
221 }
222
223 install_packages()
224 {
225 local rootfs="$1"; shift
226 local packages="$*"
227
228 chroot "${rootfs}" apt-get update
229 if [ -n "${packages}" ]; then
230 chroot "${rootfs}" apt-get install --force-yes -y --no-install-recommends ${packages}
231 fi
232 }
233
234 configure_debian_systemd()
235 {
236 path=$1
237 rootfs=$2
238 config=$3
239 num_tty=$4
240
241 # just in case systemd is not installed
242 mkdir -p "${rootfs}/lib/systemd/system"
243 mkdir -p "${rootfs}/etc/systemd/system/getty.target.wants"
244
245 # Fix getty-static-service as debootstrap does not install dbus
246 if [ -e "$rootfs//lib/systemd/system/getty-static.service" ] ; then
247 local tty_services
248 tty_services=$(for i in $(seq 2 "$num_tty"); do echo -n "getty@tty${i}.service "; done; )
249 sed 's/ getty@tty.*/'" $tty_services "'/g' \
250 "$rootfs/lib/systemd/system/getty-static.service" | \
251 sed 's/\(tty2-tty\)[5-9]/\1'"${num_tty}"'/g' > "$rootfs/etc/systemd/system/getty-static.service"
252 fi
253
254 # This function has been copied and adapted from lxc-fedora
255 rm -f "${rootfs}/etc/systemd/system/default.target"
256 chroot "${rootfs}" ln -s /dev/null /etc/systemd/system/udev.service
257 chroot "${rootfs}" ln -s /dev/null /etc/systemd/system/systemd-udevd.service
258 chroot "${rootfs}" ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
259 # Setup getty service on the ttys we are going to allow in the
260 # default config. Number should match lxc.tty.max
261 ( cd "${rootfs}/etc/systemd/system/getty.target.wants"
262 for i in $(seq 1 "$num_tty") ; do ln -sf ../getty\@.service getty@tty"${i}".service; done )
263
264 # Since we use static-getty.target; we need to mask container-getty@.service generated by
265 # container-getty-generator, so we don't get multiple instances of agetty running.
266 # See https://github.com/lxc/lxc/issues/520 and https://github.com/lxc/lxc/issues/484
267 ( cd "${rootfs}/etc/systemd/system/getty.target.wants"
268 for i in $(seq 0 "$num_tty"); do ln -sf /dev/null container-getty\@"${i}".service; done )
269
270 return 0
271 }
272
273 # Check if given path is in a btrfs partition
274 is_btrfs()
275 {
276 [ -e "$1" -a "$(stat -f -c '%T' "$1")" = "btrfs" ]
277 }
278
279 # Check if given path is the root of a btrfs subvolume
280 is_btrfs_subvolume()
281 {
282 [ -d "$1" -a "$(stat -f -c '%T' "$1")" = "btrfs" -a "$(stat -c '%i' "$1")" -eq 256 ]
283 }
284
285 try_mksubvolume()
286 {
287 path=$1
288 [ -d "$path" ] && return 0
289 mkdir -p "$(dirname "$path")"
290 if which btrfs >/dev/null 2>&1 && is_btrfs "$(dirname "$path")"; then
291 btrfs subvolume create "$path"
292 else
293 mkdir -p "$path"
294 fi
295 }
296
297 try_rmsubvolume()
298 {
299 path=$1
300 [ -d "$path" ] || return 0
301 if which btrfs >/dev/null 2>&1 && is_btrfs_subvolume "$path"; then
302 btrfs subvolume delete "$path"
303 else
304 rm -rf "$path"
305 fi
306 }
307
308 cleanup()
309 {
310 try_rmsubvolume "$cache/partial-$release-$arch"
311 try_rmsubvolume "$cache/rootfs-$release-$arch"
312 }
313
314 download_debian()
315 {
316 case "$release" in
317 wheezy)
318 init=sysvinit
319 ;;
320 *)
321 init=init
322 ;;
323 esac
324 packages=\
325 $init,\
326 ifupdown,\
327 locales,\
328 dialog,\
329 isc-dhcp-client,\
330 netbase,\
331 net-tools,\
332 iproute,\
333 openssh-server
334
335 cache=$1
336 arch=$2
337 release=$3
338 interpreter="$4"
339 interpreter_path="$5"
340
341 trap cleanup EXIT SIGHUP SIGINT SIGTERM
342
343 # Create the cache
344 mkdir -p "$cache"
345
346 # If debian-archive-keyring isn't installed, fetch GPG keys directly
347 releasekeyring=/usr/share/keyrings/debian-archive-keyring.gpg
348 if [ ! -f $releasekeyring ]; then
349 releasekeyring="$cache/archive-key.gpg"
350 case $release in
351 "wheezy")
352 gpgkeyname="archive-key-7.0"
353 ;;
354 *)
355 gpgkeyname="archive-key-8"
356 ;;
357 esac
358 wget https://ftp-master.debian.org/keys/${gpgkeyname}.asc -O - --quiet \
359 | gpg --import --no-default-keyring --keyring="${releasekeyring}"
360 fi
361 # check the mini debian was not already downloaded
362 try_mksubvolume "$cache/partial-$release-$arch"
363 if [ $? -ne 0 ]; then
364 echo "Failed to create '$cache/partial-$release-$arch' directory"
365 return 1
366 fi
367
368 # download a mini debian into a cache
369 echo "Downloading debian minimal ..."
370 if [ "$interpreter" = "" ] ; then
371 debootstrap --verbose --variant=minbase --arch="$arch" \
372 --include=$packages --keyring="${releasekeyring}" \
373 "$release" "$cache/partial-$release-$arch" "$MIRROR"
374 if [ $? -ne 0 ]; then
375 echo "Failed to download the rootfs, aborting."
376 return 1
377 fi
378 else
379 debootstrap --foreign --verbose --variant=minbase --arch="$arch" \
380 --include=$packages --keyring="${releasekeyring}" \
381 "$release" "$cache/partial-$release-$arch" "$MIRROR"
382 if [ $? -ne 0 ]; then
383 echo "Failed to download the rootfs, aborting."
384 return 1
385 fi
386 mkdir -p "$(basename "$cache/partial-$release-$arch/$interpreter_path")"
387 cp "$interpreter" "$cache/partial-$release-$arch/$interpreter_path"
388 if [ $? -ne 0 ]; then
389 echo "failed to copy $interpreter to $cache/partial-$release-$arch/$interpreter_path"
390 return 1
391 fi
392 chroot "$cache/partial-$release-$arch" debootstrap/debootstrap --second-stage
393 if [ $? -ne 0 ]; then
394 echo "failed to update the rootfs, aborting"
395 return 1
396 fi
397 fi
398
399 mv "$1/partial-$release-$arch" "$1/rootfs-$release-$arch"
400 echo "Download complete."
401 trap EXIT
402 trap SIGINT
403 trap SIGTERM
404 trap SIGHUP
405
406 return 0
407 }
408
409 copy_debian()
410 {
411 cache=$1
412 arch=$2
413 rootfs=$3
414 release=$4
415
416 # make a local copy of the minidebian
417 echo -n "Copying rootfs to $rootfs..."
418 try_mksubvolume "$rootfs"
419 if which btrfs >/dev/null 2>&1 && \
420 is_btrfs_subvolume "$cache/rootfs-$release-$arch" && \
421 is_btrfs_subvolume "$rootfs"; then
422 realrootfs="$(dirname "$config")"/rootfs
423 [ "$rootfs" = "$realrootfs" ] || umount "$rootfs" || return 1
424 btrfs subvolume delete "$realrootfs" || return 1
425 btrfs subvolume snapshot "$cache/rootfs-$release-$arch" "$realrootfs" || return 1
426 [ "$rootfs" = "$realrootfs" ] || mount --bind "$realrootfs" "$rootfs" || return 1
427 else
428 rsync -SHaAX "$cache/rootfs-$release-$arch"/ $rootfs/ || return 1
429 fi
430 return 0
431 }
432
433 install_debian()
434 {
435 rootfs=$1
436 release=$2
437 arch=$3
438 cache="$4/debian"
439 interpreter="$5"
440 interpreter_path="$6"
441 flushcache=$7
442 mkdir -p $LOCALSTATEDIR/lock/subsys/
443 (
444 flock -x 9
445 if [ $? -ne 0 ]; then
446 echo "Cache repository is busy."
447 return 1
448 fi
449
450 if [ "$flushcache" -eq 1 ]; then
451 echo "Flushing cache..."
452 cleanup
453 fi
454
455 echo "Checking cache download in $cache/rootfs-$release-$arch ... "
456 if [ ! -e "$cache/rootfs-$release-$arch" ]; then
457 download_debian "$cache" "$arch" "$release" "$interpreter" "$interpreter_path"
458 if [ $? -ne 0 ]; then
459 echo "Failed to download 'debian base'"
460 return 1
461 fi
462 fi
463
464 copy_debian "$cache" "$arch" "$rootfs" "$release"
465 if [ $? -ne 0 ]; then
466 echo "Failed to copy rootfs"
467 return 1
468 fi
469
470 return 0
471
472 ) 9>$LOCALSTATEDIR/lock/subsys/lxc-debian
473
474 return $?
475 }
476
477 copy_configuration()
478 {
479 path=$1
480 rootfs=$2
481 hostname=$3
482 arch=$4
483 num_tty=$5
484
485 # Generate the configuration file
486 # if there is exactly one veth network entry, make sure it has an
487 # associated hwaddr.
488 nics=$(grep -ce '^lxc\.net\.0\.type[ \t]*=[ \t]*veth' "$path/config")
489 if [ "$nics" -eq 1 ]; then
490 grep -q "^lxc.net.0.hwaddr" "$path/config" || sed -i -e "/^lxc\.net\.0\.type[ \t]*=[ \t]*veth/a lxc.net.0.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" "$path/config"
491 fi
492
493 ## Add all the includes
494 echo "" >> "$path/config"
495 echo "# Common configuration" >> "$path/config"
496 if [ -e "${LXC_TEMPLATE_CONFIG}/debian.common.conf" ]; then
497 echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/debian.common.conf" >> "$path/config"
498 fi
499 if [ -e "${LXC_TEMPLATE_CONFIG}/debian.${release}.conf" ]; then
500 echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/debian.${release}.conf" >> "$path/config"
501 fi
502
503 ## Add the container-specific config
504 echo "" >> "$path/config"
505 echo "# Container specific configuration" >> "$path/config"
506 grep -q "^lxc.rootfs.path" "$path/config" 2> /dev/null || echo "lxc.rootfs.path = $rootfs" >> "$path/config"
507
508 cat <<EOF >> $path/config
509 lxc.tty.max = $num_tty
510 lxc.uts.name = $hostname
511 lxc.arch = $arch
512 lxc.pty.max = 1024
513 EOF
514
515 if [ $? -ne 0 ]; then
516 echo "Failed to add configuration"
517 return 1
518 fi
519
520 return 0
521 }
522
523 post_process()
524 {
525 local rootfs="$1"; shift
526 local release="$1"; shift
527 local arch="$1"; shift
528 local hostarch="$1"; shift
529 local interpreter="$1"; shift
530 local packages="$*"
531
532 # Disable service startup
533 cat > "${rootfs}/usr/sbin/policy-rc.d" << EOF
534 #!/bin/sh
535 exit 101
536 EOF
537 chmod +x "${rootfs}/usr/sbin/policy-rc.d"
538
539 # If the container isn't running a native architecture, setup multiarch
540 if [ "$interpreter" = "" -a "${arch}" != "${hostarch}" ]; then
541 # Test if dpkg supports multiarch
542 if ! chroot "$rootfs" dpkg --print-foreign-architectures 2>&1; then
543 chroot "$rootfs" dpkg --add-architecture "${hostarch}"
544 fi
545 fi
546
547 # Write a new sources.list containing both native and multiarch entries
548 > "${rootfs}/etc/apt/sources.list"
549 if [ "$interpreter" != "" -a "${arch}" = "${hostarch}" ]; then
550 write_sourceslist "${rootfs}" "${release}" "${arch}"
551 else
552 write_sourceslist "${rootfs}" "${release}"
553 fi
554
555 # Install Packages in container
556 if [ -n "${packages}" ]; then
557 local pack_list
558 pack_list="${packages//,/ }"
559 echo "Installing packages: ${pack_list}"
560 install_packages "${rootfs}" "${pack_list}"
561 fi
562
563 # Re-enable service startup
564 rm "${rootfs}/usr/sbin/policy-rc.d"
565
566 # end
567 }
568
569 clean()
570 {
571 cache=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc/debian"}
572
573 if [ ! -e "$cache" ]; then
574 exit 0
575 fi
576
577 # lock, so we won't purge while someone is creating a repository
578 (
579 flock -x 9
580 if [ $? != 0 ]; then
581 echo "Cache repository is busy."
582 exit 1
583 fi
584
585 echo -n "Purging the download cache..."
586 rm --preserve-root --one-file-system -rf "$cache" && echo "Done." || exit 1
587 exit 0
588
589 ) 9>$LOCALSTATEDIR/lock/subsys/lxc-debian
590 }
591
592 usage()
593 {
594 cat <<EOF
595 Template specific options can be passed to lxc-create after a '--' like this:
596
597 lxc-create --name=NAME [-lxc-create-options] -- [-template-options]
598
599 Usage: $1 -h|--help -p|--path=<path> [-c|--clean] [-a|--arch=<arch>] [-r|--release=<release>]
600 [--mirror=<mirror>] [--security-mirror=<security mirror>]
601 [--package=<package_name1,package_name2,...>]
602 [-I|--interpreter-path=<interpreter path>]
603 [-F | --flush-cache] [-S|--auth-key=<keyfile>]
604
605 Options :
606
607 -h, --help print this help text
608 -p, --path=PATH directory where config and rootfs of this VM will be kept
609 -S, --auth-key=KEYFILE SSH public key to inject into the container as the root user.
610 -a, --arch=ARCH The container architecture. Can be one of: i686, x86_64,
611 amd64, armhf, armel, powerpc. Defaults to host arch.
612 -r, --release=RELEASE Debian release. Can be one of: wheezy, jessie, stretch, buster, sid.
613 Defaults to current stable.
614 --mirror=MIRROR Debian mirror to use during installation. Overrides the MIRROR
615 environment variable (see below).
616 --security-mirror=SECURITY_MIRROR
617 Debian mirror to use for security updates. Overrides the
618 SECURITY_MIRROR environment variable (see below).
619 --packages=PACKAGE_NAME1,PACKAGE_NAME2,...
620 List of additional packages to install. Comma separated, without space.
621 -c, --clean only clean up the cache and terminate
622 --enable-non-free include also Debian's contrib and non-free repositories.
623 -I|--interpreter-path=INTERPRETER-PATH
624 Path of the binfmt interpreter to copy to the rootfs
625 -F | --flush-cache Flush the debian release cache
626
627 Environment variables:
628
629 MIRROR The Debian package mirror to use. See also the --mirror switch above.
630 Defaults to '$MIRROR'
631 SECURITY_MIRROR The Debian package security mirror to use. See also the --security-mirror switch above.
632 Defaults to '$SECURITY_MIRROR'
633
634 EOF
635 return 0
636 }
637
638 options=$(getopt -o hp:n:a:r:cI:FS: -l arch:,auth-key:,clean,help,enable-non-free,mirror:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache -- "$@")
639 if [ $? -ne 0 ]; then
640 usage "$(basename "$0")"
641 exit 1
642 fi
643 eval set -- "$options"
644
645 littleendian=$(lscpu | grep '^Byte Order' | grep -q Little && echo yes)
646
647 arch=$(uname -m)
648 if [ "$arch" = "i686" ]; then
649 arch="i386"
650 elif [ "$arch" = "x86_64" ]; then
651 arch="amd64"
652 elif [ "$arch" = "armv7l" ]; then
653 arch="armhf"
654 elif [ "$arch" = "aarch64" ]; then
655 arch="arm64"
656 elif [ "$arch" = "ppc" ]; then
657 arch="powerpc"
658 elif [ "$arch" = "ppc64le" ]; then
659 arch="ppc64el"
660 elif [ "$arch" = "mips" -a "$littleendian" = "yes" ]; then
661 arch="mipsel"
662 elif [ "$arch" = "mips64" -a "$littleendian" = "yes" ]; then
663 arch="mips64el"
664 fi
665 hostarch=$arch
666 mainonly=1
667 flushcache=0
668
669 while true
670 do
671 case "$1" in
672 -h|--help) usage "$0" && exit 1;;
673 --) shift 1; break ;;
674
675 -a|--arch) arch=$2; shift 2;;
676 -S|--auth-key) authkey=$2; shift 2;;
677 -I|--interpreter-path)
678 interpreter="$2"; shift 2;;
679 -c|--clean) clean=1; shift 1;;
680 --enable-non-free) mainonly=0; shift 1;;
681 --mirror) MIRROR=$2; shift 2;;
682 -n|--name) name=$2; shift 2;;
683 --packages) packages=$2; shift 2;;
684 -p|--path) path=$2; shift 2;;
685 -r|--release) release=$2; shift 2;;
686 --rootfs) rootfs=$2; shift 2;;
687 --security-mirror) SECURITY_MIRROR=$2; shift 2;;
688 -F|--flush-cache) flushcache=1; shift 1;;
689 *) break ;;
690 esac
691 done
692
693 if [ ! -z "$clean" -a -z "$path" ]; then
694 clean || exit 1
695 exit 0
696 fi
697
698 if [ "$arch" = "i686" ]; then
699 arch=i386
700 fi
701
702 if [ "$arch" = "x86_64" ]; then
703 arch=amd64
704 fi
705
706 if [ "$interpreter" = "" ] ; then
707 if [ $hostarch = "i386" -a $arch = "amd64" ]; then
708 echo "can't create $arch container on $hostarch"
709 exit 1
710 fi
711
712 if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
713 [ $arch != "armhf" -a $arch != "armel" ]; then
714 echo "can't create $arch container on $hostarch"
715 exit 1
716 fi
717
718 if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then
719 echo "can't create $arch container on $hostarch"
720 exit 1
721 fi
722
723 if [ $hostarch = "mips" -a $arch != "mips" ] || \
724 [ $hostarch = "mipsel" -a $arch != "mipsel" ] || \
725 [ $hostarch = "mips64" -a $arch != "mips" -a $arch != "mips64" ] || \
726 [ $hostarch = "mips64el" -a $arch != "mipsel" -a $arch != "mips64el" ]; then
727 echo "can't create $arch container on $hostarch"
728 exit 1
729 fi
730 else
731 if ! file -b "${interpreter}" |grep -q "statically linked" ; then
732 echo "'${interpreter}' must be statically linked" 1>&2
733 exit 1
734 fi
735 interpreter_path=$(find_interpreter "$interpreter")
736 if [ $? -ne 0 ] ; then
737 echo "no binfmt interpreter using $(basename "$interpreter")" 1>&2
738 exit 1
739 fi
740 fi
741
742 type debootstrap
743 if [ $? -ne 0 ]; then
744 echo "'debootstrap' command is missing"
745 exit 1
746 fi
747
748 if [ -z "$path" ]; then
749 echo "'path' parameter is required"
750 exit 1
751 fi
752
753 if [ "$(id -u)" != "0" ]; then
754 echo "This script should be run as 'root'"
755 exit 1
756 fi
757
758 if [ -n "$authkey" ]; then
759 if [ ! -f "$authkey" ]; then
760 echo "SSH keyfile '$authkey' not found"
761 exit 1
762 fi
763 # This is mostly to prevent accidental uage of the private key instead
764 # of the public key.
765 if [ "${authkey: -4}" != ".pub" ]; then
766 echo "SSH keyfile '$authkey' does not end with '.pub'"
767 exit 1
768 fi
769 fi
770
771 current_release=$(wget "${MIRROR}/dists/stable/Release" -O - 2> /dev/null | head |awk '/^Codename: (.*)$/ { print $2; }')
772 release=${release:-${current_release}}
773 valid_releases=('wheezy' 'jessie' 'stretch' 'buster' 'sid')
774 if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]; then
775 echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}"
776 exit 1
777 fi
778
779 # detect rootfs
780 config="$path/config"
781 if [ -z "$rootfs" ]; then
782 if grep -q '^lxc.rootfs.path' "$config" 2> /dev/null ; then
783 rootfs=$(awk -F= '/^lxc.rootfs.path[ \t]+=/{ print $2 }' "$config")
784 else
785 rootfs=$path/rootfs
786 fi
787 fi
788
789 # determine the number of ttys - default is 4
790 if grep -q '^lxc.tty.max' "$config" 2> /dev/null ; then
791 num_tty=$(awk -F= '/^lxc.tty.max[ \t]+=/{ print $2 }' "$config")
792 else
793 num_tty=4
794 fi
795
796 install_debian "$rootfs" "$release" "$arch" "$LXC_CACHE_PATH" "$interpreter" "$interpreter_path" "$flushcache"
797 if [ $? -ne 0 ]; then
798 echo "failed to install debian"
799 exit 1
800 fi
801
802 configure_debian "$rootfs" "$name" $num_tty
803 if [ $? -ne 0 ]; then
804 echo "failed to configure debian for a container"
805 exit 1
806 fi
807
808 copy_configuration "$path" "$rootfs" "$name" $arch $num_tty
809 if [ $? -ne 0 ]; then
810 echo "failed write configuration file"
811 exit 1
812 fi
813
814 configure_debian_systemd "$path" "$rootfs" "$config" $num_tty
815
816 post_process "${rootfs}" "${release}" ${arch} ${hostarch} "${interpreter}" "${packages}"
817
818 if [ ! -z "$clean" ]; then
819 clean || exit 1
820 exit 0
821 fi
LXC mirror