[gentoo-commits] repo/gentoo:master commit in: app-emulation/lxc/

["Joonas Niilola" <juippis@gentoo.org>]

commit:     7e107ad831468a1840a501f2a3dfe1de2aafc6db
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 14 03:38:37 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jan 14 03:38:37 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e107ad8

app-emulation/lxc: bump to 4.0.6

 - always enable seccomp,
 - introduce acct-*/lxc for unprivileged container support.

Closes: https://bugs.gentoo.org/729322
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 app-emulation/lxc/Manifest         |   2 +
 app-emulation/lxc/lxc-4.0.6.ebuild | 174 +++++++++++++++++++++++++++++++++++++
 2 files changed, 176 insertions(+)

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index 8026777cd7c..2a8b7300158 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -1,2 +1,4 @@
 DIST lxc-4.0.5.tar.gz 1368909 BLAKE2B 9fdef5600fe5fd427703312f07ed6499285a59d74c7c0572f036a108454192347166fe08df4551fa8df4e414167b7b081b8a1902036c7c8a012f27b99cc83335 SHA512 d536e767f4b7c1ea974469a19f89ddbcebbc3f8c7922b174b966fb2e80ae33199a8a915a962da9cbc7e075442555bc355525f2d4f8e76498b8a7e49f46dc006f
 DIST lxc-4.0.5.tar.gz.asc 833 BLAKE2B 8cc3f00e3a3359b525f7ead48f4cce7b386a75c04b43eefe0ec939786e368712c2674a17fe9e9ef58649147c7f2d5682f5a0c280ddc8ca8c34664069d5efd4b5 SHA512 9e67932fa424224d39ec6c5c32a6e6c3cdf305d3e4d7c8ddbb8ab86a38392c30b56a20b11e4f85e3645a97c106a13ef868a5d3c78ac57bc8cb44cee20e83a700
+DIST lxc-4.0.6.tar.gz 1363162 BLAKE2B e2d9d281cf521575aeecefbcba0c7b7f336ab73193be94e760b37eb6f3423ec3520f194549def6f64c1662f22b7df5a03dfc6b4e6dac1bf229c5f726f51b4d43 SHA512 98514796ef2091a291516ed7fde737df07ccfe374a0f8b4314e0ee992837e98ed02aa9f7809f8808a2f5ee1c7ae2dcea163531cdaedbb577211eeb9beff90c15
+DIST lxc-4.0.6.tar.gz.asc 833 BLAKE2B 04b6bda0ed52a6ab8eebde4d3d5f1f6cb19eea017ae989d47323831d467324f99801b40c3bb70f00d7521753a298e6fa339f0da039c4d72b0163d0efc815d7e7 SHA512 baeafa5b63034e2884d5ab4f11710612bed1c61cd493ac19b9b24b93365b89325518b69878015b4b752f71beda47ecabf774b698e6be9ec9aa86376df2c302db

diff --git a/app-emulation/lxc/lxc-4.0.6.ebuild b/app-emulation/lxc/lxc-4.0.6.ebuild
new file mode 100644
index 00000000000..c8596294b80
--- /dev/null
+++ b/app-emulation/lxc/lxc-4.0.6.ebuild
@@ -0,0 +1,174 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig
+
+DESCRIPTION="A userspace interface for the Linux kernel containment features"
+HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
+	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
+
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="apparmor +caps doc examples libressl man pam selinux +ssl +tools verify-sig"
+
+RDEPEND="acct-group/lxc
+	acct-user/lxc
+	app-misc/pax-utils
+	sys-apps/util-linux
+	sys-libs/libcap
+	sys-libs/libseccomp
+	virtual/awk
+	caps? ( sys-libs/libcap )
+	pam? ( sys-libs/pam )
+	selinux? ( sys-libs/libselinux )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)"
+DEPEND="${RDEPEND}
+	>=sys-kernel/linux-headers-4
+	apparmor? ( sys-apps/apparmor )"
+BDEPEND="doc? ( app-doc/doxygen )
+	man? ( app-text/docbook-sgml-utils )
+	verify-sig? ( app-crypt/openpgp-keys-linuxcontainers )"
+
+CONFIG_CHECK="~!NETPRIO_CGROUP
+	~CGROUPS
+	~CGROUP_CPUACCT
+	~CGROUP_DEVICE
+	~CGROUP_FREEZER
+
+	~CGROUP_SCHED
+	~CPUSETS
+	~IPC_NS
+	~MACVLAN
+
+	~MEMCG
+	~NAMESPACES
+	~NET_NS
+	~PID_NS
+
+	~POSIX_MQUEUE
+	~USER_NS
+	~UTS_NS
+	~VETH"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
+ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
+
+DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )
+
+pkg_setup() {
+	linux-info_pkg_setup
+}
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
+	"${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	local myeconfargs=(
+		--bindir=/usr/bin
+		--localstatedir=/var
+		--sbindir=/usr/bin
+
+		--with-config-path=/var/lib/lxc
+		--with-distro=gentoo
+		--with-init-script=systemd
+		--with-rootfs-path=/var/lib/lxc/rootfs
+		--with-runtime-path=/run
+		--with-systemdsystemunitdir=$(systemd_get_systemunitdir)
+
+		--disable-asan
+		--disable-coverity-build
+		--disable-dlog
+		--disable-mutex-debugging
+		--disable-rpath
+		--disable-tests
+		--disable-ubsan
+		--disable-werror
+
+		--enable-bash
+		--enable-commands
+		--enable-memfd-rexec
+		--enable-seccomp
+		--enable-thread-safety
+
+		$(use_enable apparmor)
+		$(use_enable caps capabilities)
+		$(use_enable doc api-docs)
+		$(use_enable examples)
+		$(use_enable man doc)
+		$(use_enable pam)
+		$(use_enable selinux)
+		$(use_enable ssl openssl)
+		$(use_enable tools)
+
+		$(use_with pam pamdir $(getpam_mod_dir))
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+	bashcomp_alias ${PN}-start \
+		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
+
+	find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.8" ${PN}
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/${PN}_at.service.4.0.0 "lxc@.service"
+
+	DOC_CONTENTS="
+		For openrc, there is an init script provided with the package.
+		You should only need to symlink /etc/init.d/lxc to
+		/etc/init.d/lxc.configname to start the container defined in
+		/etc/lxc/configname.conf.
+
+		Correspondingly, for systemd a service file lxc@.service is installed.
+		Enable and start lxc@configname in order to start the container defined
+		in /etc/lxc/configname.conf."
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+
+	elog "Please run 'lxc-checkconfig' to see optional kernel features."
+	elog
+	elog "Optional uninstalled dependencies:"
+	optfeature "automatic template scripts" app-emulation/lxc-templates
+	optfeature "Debian-based distribution container image support" dev-util/debootstrap
+	optfeature "snapshot & restore functionality" sys-process/criu
+}