feat(app-emulation/docker): add docker

add docker and lxc

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild

@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+# $Header:$
+#
+
+EAPI=2
+EGIT_REPO_URI="https://github.com/dotcloud/docker"
+inherit toolchain-funcs systemd git-2
+
+DESCRIPTION="Docker container management"
+HOMEPAGE="http://docker.io"
+SRC_URI=""
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE=""
+
+DEPEND=">=dev-lang/go-1.0.2"
+RDEPEND="app-emulation/lxc"
+
+src_compile() {
+	emake
+}
+
+src_install() {
+	dobin ${S}/bin/${PN}
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_enable_service multi-user.target ${PN}.service
+}

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service

@@ -0,0 +1,5 @@
+[Service]
+ExecStart=/usr/bin/docker -d
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-emulation/lxc/ChangeLog

@@ -0,0 +1,263 @@
+# ChangeLog for app-emulation/lxc
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/ChangeLog,v 1.44 2012/11/14 02:15:10 flameeyes Exp $
+
+*lxc-0.8.0-r1 (14 Nov 2012)
+
+  14 Nov 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0-r1.ebuild,
+  -lxc-0.8.0.ebuild, files/lxc.initd.2:
+  Drop one kernel config check for a kernel config that's been dropped; drop the
+  vanilla USE flag; fix a mistake in the setarch call in the init script for
+  32-bit guests.
+
+*lxc-0.8.0 (11 Nov 2012)
+
+  11 Nov 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0.ebuild:
+  Version bump.
+
+*lxc-0.8.0_rc2-r1 (04 Aug 2012)
+
+  04 Aug 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0_rc2-r1.ebuild,
+  -lxc-0.8.0_rc2.ebuild:
+  Fix lxc-sshd template; don't remove lxc-ls.
+
+*lxc-0.8.0_rc2 (21 Jul 2012)
+
+  21 Jul 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0_rc2.ebuild,
+  -lxc-0.8.0_rc1-r5.ebuild, files/lxc.initd.2:
+  Version bump; also fixes bug #427078 and #427086, thanks to Alexander Zubkov
+  for the report.
+
+*lxc-0.8.0_rc1-r5 (07 Jun 2012)
+
+  07 Jun 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0_rc1-r5.ebuild,
+  -lxc-0.8.0_rc1-r4.ebuild, files/lxc.initd.2:
+  Update init script to better handle x32 containers.
+
+  31 May 2012; Zac Medico <zmedico@gentoo.org> lxc-0.8.0_rc1-r4.ebuild:
+  tweak inherit so repoman can parse it
+
+  12 May 2012; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.8.0_rc1-r4.ebuild:
+  Make sure to check for CGROUP_DEVICE in particular, see bug #409371.
+
+  01 May 2012; Diego E. Pettenò <flameeyes@gentoo.org> files/lxc.initd.2:
+  Make the init.d decide whether it needs or uses the network interface
+  depending on configuration.
+
+*lxc-0.8.0_rc1-r4 (01 May 2012)
+
+  01 May 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0_rc1-r4.ebuild,
+  -files/lxc-0.8.0_rc1-blockmount.patch, -files/lxc-0.8.0_rc1-libtoolize.patch,
+  -files/lxc.initd, -lxc-0.7.5-r3.ebuild, -lxc-0.8.0_rc1-r3.ebuild:
+  Remove old; move patches to backports tarball (it's in git); add a patch to
+  fix bug #423737 by Kevin Pyle (kernel sources are no longer required for
+  build).
+
+  29 Apr 2012; Diego E. Pettenò <flameeyes@gentoo.org> files/lxc.initd.2:
+  Make sure to need the network interface, not use it.
+
+*lxc-0.8.0_rc1-r3 (29 Apr 2012)
+
+  29 Apr 2012; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.8.0_rc1-r3.ebuild,
+  -lxc-0.8.0_rc1-r2.ebuild, files/lxc-0.8.0_rc1-blockmount.patch:
+  Fix my own patch for mounting devices and files.
+
+*lxc-0.8.0_rc1-r2 (28 Apr 2012)
+
+  28 Apr 2012; Diego E. Pettenò <flameeyes@gentoo.org>
+  +files/lxc-0.8.0_rc1-blockmount.patch, +lxc-0.8.0_rc1-r2.ebuild,
+  -lxc-0.8.0_rc1-r1.ebuild:
+  Add a patch to fix handling of mount points for block devices; also add some
+  warnings related to grsecurity and LXC.
+
+  27 Mar 2012; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.8.0_rc1.ebuild,
+  lxc-0.7.5-r3.ebuild, lxc-0.8.0_rc1-r1.ebuild:
+  Fix dependencies for lxc 0.7.5; depend on a newer OpenRC to have cgroups
+  mounted for us in the init script.
+
+*lxc-0.8.0_rc1-r1 (24 Mar 2012)
+
+  24 Mar 2012; Diego E. Pettenò <flameeyes@gentoo.org>
+  +files/lxc-0.8.0_rc1-libtoolize.patch, +lxc-0.8.0_rc1-r1.ebuild:
+  Add a patch that libtoolizes lxc, and builds a static lxc-init executable.
+
+*lxc-0.8.0_rc1 (24 Mar 2012)
+
+  24 Mar 2012; Diego E. Pettenò <flameeyes@gentoo.org> +files/lxc.initd.2,
+  +lxc-0.8.0_rc1.ebuild:
+  Version bump; change init script as the path is changed. Assume a modern
+  OpenRC is used.
+
+*lxc-0.7.5-r3 (19 Oct 2011)
+
+  19 Oct 2011; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.5-r2.ebuild,
+  +lxc-0.7.5-r3.ebuild, files/lxc.initd:
+  Revision bump to fix two issues with the init script reported by Alexander Y.
+  Fomichev (bug #387675 and #387679).
+
+*lxc-0.7.5-r2 (28 Sep 2011)
+
+  28 Sep 2011; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.5-r1.ebuild,
+  +lxc-0.7.5-r2.ebuild, files/lxc.initd:
+  Fix init script to find the correct PID for the container's init and use a
+  30-seconds timeout to see if it has stopped correctly. Thanks to Stef Simoens
+  for both (bug #384265).
+
+*lxc-0.7.5-r1 (14 Sep 2011)
+
+  14 Sep 2011; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.4.2.ebuild,
+  -lxc-0.7.5.ebuild, +lxc-0.7.5-r1.ebuild, files/lxc.initd:
+  Fix init script not to look for a configuration file when generating
+  dependencies for the base (multiplexed) init script. Revision bump to make
+  sure users reinstall the ebuild, and remove old. Closes bug #382519.
+
+*lxc-0.7.5 (05 Sep 2011)
+
+  05 Sep 2011; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.4.1-r1.ebuild,
+  +lxc-0.7.5.ebuild, files/lxc.initd:
+  Version bump; also includes fixes for the init script, closing bugs #379679
+  and #379683 by George Georgiev.
+
+*lxc-0.7.4.2 (26 Jul 2011)
+
+  26 Jul 2011; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.7.4.2.ebuild:
+  Version bump.
+
+  05 Jul 2011; Mark Loeser <halcy0n@gentoo.org> lxc-0.7.4.1-r1.ebuild:
+  Mark ~ppc64
+
+  06 May 2011; Diego E. Pettenò <flameeyes@gentoo.org> files/lxc.initd:
+  Reset the environment when starting the container so that its environment is
+  picked up entirely.
+
+*lxc-0.7.4.1-r1 (24 Apr 2011)
+
+  24 Apr 2011; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.4.1.ebuild,
+  +lxc-0.7.4.1-r1.ebuild, files/lxc.initd:
+  Revision bump to improve the init script so that it searches the new location
+  of configuration files created by lxc-create (closes bug #364611).
+
+*lxc-0.7.4.1 (30 Mar 2011)
+
+  30 Mar 2011; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.2-r1.ebuild,
+  -lxc-0.7.3-r1.ebuild, -lxc-0.7.4.ebuild, +lxc-0.7.4.1.ebuild:
+  Version bump.
+
+*lxc-0.7.4 (26 Feb 2011)
+
+  26 Feb 2011; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.7.4.ebuild,
+  files/lxc.initd:
+  Version bump; update warnings (configuration is now back to 0.7.2 syntax);
+  make sure the init script logs warnings, as otherwise you'll never know
+  what's going on.
+
+  22 Nov 2010; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.7.3-r1.ebuild:
+  Add a postinst note about the new location, since upstream provides no
+  changelog.
+
+*lxc-0.7.3-r1 (22 Nov 2010)
+
+  22 Nov 2010; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.3.ebuild,
+  +lxc-0.7.3-r1.ebuild:
+  Revision bump to make sure that the rootfs mount point is the same between
+  32-bit and 64-bit systems.
+
+*lxc-0.7.3 (16 Nov 2010)
+
+  16 Nov 2010; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.7.3.ebuild:
+  Version bump; this also solves bug #345259.
+
+  15 Oct 2010; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.1.ebuild:
+  Cleanup old version.
+
+*lxc-0.7.2-r1 (01 Aug 2010)
+
+  01 Aug 2010; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.7.2.ebuild,
+  +lxc-0.7.2-r1.ebuild, files/lxc.initd:
+  New init script, with more thorough verification of the config, support
+  for mounting the cgroup pseudo-fs, proper network dependencies, improved
+  start-up (verifies that the container actually started up) and stop (won't
+  waste time if the container was externally stopped).
+
+*lxc-0.7.2 (01 Aug 2010)
+
+  01 Aug 2010; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.7.2.ebuild,
+  +files/lxc.initd, metadata.xml:
+  Version bump, add the long-requested init script (protected with a
+  USE=vanilla for those preferring not to have it).
+
+*lxc-0.7.1 (28 Jun 2010)
+
+  28 Jun 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+  -files/lxc-0.6.4-fix-full-system.patch,
+  -files/lxc-0.6.4-lxc.network.pair.patch,
+  -files/lxc-0.6.4-move-rcfile.patch, -files/lxc-0.6.4-tty-malloc.patch,
+  -lxc-0.6.5.ebuild, -lxc-0.7.0.ebuild, +lxc-0.7.1.ebuild:
+  Version bump, remove old versions, remove stray patch files.
+
+*lxc-0.7.0 (20 Jun 2010)
+
+  20 Jun 2010; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.7.0.ebuild:
+  Version bump.
+
+  16 Mar 2010; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.6.5.ebuild:
+  Avoid testing for file capabilities support: we don't support the setcap
+  mode for lxc and it has been dropped by 2.6.33 onward. Thanks to Vadim
+  Kuznetsov in bug #309267.
+
+  11 Mar 2010; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.6.5.ebuild:
+  Stop trying to remove /etc/lxc, it's no longer installed.
+
+  09 Mar 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+  -lxc-0.6.4-r2.ebuild, lxc-0.6.5.ebuild, metadata.xml:
+  Remove old version, install man pages even with USE=-doc now that they are
+  shipped upstream, thanks to Allen Parker in bug #308553. Assign to
+  virtualization herd to have a fallback maintainer if me and Tiziano are
+  not available.
+
+*lxc-0.6.5 (30 Jan 2010)
+
+  30 Jan 2010; Diego E. Pettenò <flameeyes@gentoo.org> -lxc-0.6.4.ebuild,
+  -lxc-0.6.4-r1.ebuild, +lxc-0.6.5.ebuild:
+  Version bump; remove old versions.
+
+*lxc-0.6.4-r2 (08 Dec 2009)
+
+  08 Dec 2009; Sven Wegener <swegener@gentoo.org> +lxc-0.6.4-r2.ebuild,
+  +files/lxc-0.6.4-tty-malloc.patch:
+  Also include my tty malloc() fix, it prevents memory corruption.
+
+*lxc-0.6.4-r1 (07 Dec 2009)
+
+  07 Dec 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+  -files/0.6.2-as-needed.patch, -lxc-0.6.3.ebuild, +lxc-0.6.4-r1.ebuild,
+  +files/lxc-0.6.4-fix-full-system.patch,
+  +files/lxc-0.6.4-lxc.network.pair.patch,
+  +files/lxc-0.6.4-move-rcfile.patch:
+  Backport fixes from upstream, including one to not break host systems if
+  lxc-start is launched in the old (pre-0.6.4) way. Thanks to Andrian Nord
+  in bug #296030.
+
+  25 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.6.4.ebuild,
+  metadata.xml:
+  Enable doc USE flag by default and explicit in the description that it
+  enables the man pages as well.
+
+  24 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org> lxc-0.6.4.ebuild:
+  Remove autotools inherit and add the ~x86 KEYWORD.
+
+*lxc-0.6.4 (24 Nov 2009)
+
+  24 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org> +lxc-0.6.4.ebuild:
+  Version bump, improve checking of kernel features.
+
+  14 Nov 2009; Sven Wegener <swegener@gentoo.org> lxc-0.6.3.ebuild:
+  Add ~x86 keyword.
+
+*lxc-0.6.3 (24 Oct 2009)
+
+  24 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+  +files/0.6.2-as-needed.patch, +lxc-0.6.3.ebuild, +metadata.xml:
+  Initial import of lxc; based upon dev-zero's ebuild, modified by me. It
+  diverges a bit from upstream, in the path used, to stay more
+  Gentoo-styled. Init scripts will likely be added separately.

sdk_container/src/third_party/coreos-overlay/app-emulation/lxc/Manifest

@@ -0,0 +1,23 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX lxc.initd.2 3673 SHA256 bb7780168695e934549909c5c7baa7d6cdc92b0e19093a3d04a1313081a832e1 SHA512 25b0474d6f16fcede89a8e17518a658f810cb554eaef10aae3ce1fdd8c8640118aa6375cbee443f0b26e8086eb7c25375ceaaaf29a4110bd779f94b2f4b0d300 WHIRLPOOL 28f56d71b95b26c7f6ad5402a37413a973bc7bdf08fd3963ad192888ae1b49809a56c16009bc6049061d419ecffb1279e153e6ef5acbe06956efca154eae6a01
+DIST lxc-0.8.0-backports-1.tar.xz 2424 SHA256 5b68b96b9fbc2d0f5b2ad2e7fb996a3d837114237a306de39d9939f31756a522 SHA512 9898d78836cc546e80015a18070e3976118d2efb006584ecfb2887a4474598766e023eb6c120c16dae2e94dddc33c8a4e928fd44bc6fb2260a1913c06f5d374e WHIRLPOOL ef11f25ec8891f431be7aed32b38c0cc51e1096a37ea71c38aed4448ab0305784b510e2b55bdc73e5ef2128344a6c88adb3add798323f77e276b5185e53f5ef9
+DIST lxc-0.8.0-rc2-backports-2.tar.xz 4616 SHA256 c371817b5be47ed70dea410a32dc434a060073992d5299d2c88853de79aa2111 SHA512 ca646ae325a4cf94632c443397834a8a7dc004874b528d2d685b698b3eda1e72e09ecfd68899b9c0cd17d5d7bf1a62230dd6d17d26f73d2d4ecbf1932c31b996 WHIRLPOOL 76deca3e2b7fe306c0e2f538759fb33656f08c52d1b59570edc6f3d2444d387a0f7944f759baf41402e747eb055ab403a82a40b95ba0c7d42d0644a5f990e851
+DIST lxc-0.8.0-rc2.tar.gz 302999 SHA256 1f0ee0464507d26e494784e841b68c765ecd3abc5976012e226f69d1aa361bef SHA512 e6608f980489f67d412c9a50f8c3f65c1afbba520dfdfe2b695c597c2706544291f31c8cfca2d86cfbab09029f8a5706fae5ab72f1c45dccca5f7e2ae8851181 WHIRLPOOL b41fe7e14315b9e6702070535edfee68379c01fba23d143c5f11afa20f6d392c8bc32953da46ec3f74d7a2affe9f828d918f23a8a16c430e3b8ffcc9b2c10057
+DIST lxc-0.8.0.tar.gz 309973 SHA256 eac833730b94e423d4bef6834bc4a716437d2abd6ab8b24334c506aaaa08692c SHA512 47333e2010d0f4488b8876ba933f2d26304874bec0371a7ab3b6e5bd1a50a7d2312ff8507e273f1ee2341a7f2e3b79cd71e5e19ac31006a4e429ee96b01733f6 WHIRLPOOL 693b7d354dec7c6102d5ce3a42a9b618e213fd9ee8c592068ebadb7f25094606abce6c3da77b483fab0938410215010f71d487f336856c87327d6a98f20b65dd
+EBUILD lxc-0.8.0-r1.ebuild 4504 SHA256 2199fc1bce5cabcf082519476fd0b3bed090767c0b72ab607f230b7a1d50da0a SHA512 62074bb7f4f976e544f5bfe3cbaffdc6748982e68ba65bac14c16d64c8bb1520f3976d4016756be9f60d6a5307d0afa8975b27fded4db296c6705eb748c3bc90 WHIRLPOOL 2b64f73490bff91801afe86907c90dfba4a20b0627fa49c3f96bc3315a01527affabbefa64c606b1cb401a66327f361cca7c74155ecb427713b3d98fa85693e4
+EBUILD lxc-0.8.0_rc2-r1.ebuild 4671 SHA256 516d8f213a7b7a723e58ebe2223f953b97564f66c0f3285f48c1339c559199c9 SHA512 d1011c6a2985d88842ee41b57a44e884afdb0404d5bcb5ca4c803c4d0d04972c73fd046b488e966d9d42de43b56f00e0e5a05fec79c67c6e67a0b3047dc814f1 WHIRLPOOL df3bc703c5ff2e15e9ec8d38e728b17e8be03ad461ff024cce3a94876f4944036f09b92bd84b1c727ed35b7cd2215ff2d4a34b55f6072c3872ccd454ff1210e0
+MISC ChangeLog 10256 SHA256 17319c5e186d2e2a0debdf7e7aa2551a43a1276342eb6b49e4b8d5dca003895a SHA512 8cad663a2d5c57c76125c09b9d3ce2cd7d9662e3bc2b759d3b607f50c62110f0db9eec2e07bf4657d1fe2677e31cfa1d9c11e458b2e70815ff7a37c280dff08c WHIRLPOOL 4e79e29cb6d81b70837a39bbca33e8f13b154180289e9cbca9369699dbff30ca3d54e4ce7a8a84158259a8cf4ad2d08b38391c0568e9581edfe3e8d73f0852ea
+MISC metadata.xml 653 SHA256 35f64761067f47ff7abd0e3f3cb57f4bab888a2546bf3267d59987505101a190 SHA512 d227bc432c37518190c224b280116439dde42678f93925ae3a8eb2d2e91918377b33171d8e72ae4ab12f3e5d9faead4223a60e53bb4916d7770982deb64b0b70 WHIRLPOOL 4067036bca1ad2906cdba69c42c0ca5b14042ad7eab2ac8e9a2fbe4eb61e8a3972e4d40b6d9d6e7109a0d2f84a8598a8a9560dbddd43b35633f44ad5362937b0
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+iQEcBAEBCAAGBQJQov9IAAoJEBzRPIrUMBNCdasH/3qjjjotBIDg5ILfktFpUA47
+RE9Vy90N0aNX0ywRVBmJn8a88X7zibArVn2cBMzvC1VTxa/LyV6upcU77c4q0T9+
+brZF7v7BxqTa9Bdu3WqIrXlKT0LH3j9WgT7IHRQSNV5Kae8k4Rs4GuKFkvux1k0q
+KIHNycPdKBRTEhbRI2DzazgJaKzHpIxoNBHtin8vxu/ViV1P1OjvPic+6FJhl5M4
+DAs7w+bqpRk4VZWe0OwKpSP+Mm6LOIBsMB7StfFJsDR4WF1H0a7+O+oy8KEMECy0
+7+98cLqy9RjqvhVDBDjUej/nr+p1hTWA34MJ7vc5P948reG4nB8pFf1D0eBtxVw=
+=UqJx
+-----END PGP SIGNATURE-----

sdk_container/src/third_party/coreos-overlay/app-emulation/lxc/files/lxc.initd.2

@@ -0,0 +1,132 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/files/lxc.initd.2,v 1.6 2012/11/14 02:15:10 flameeyes Exp $
+
+CONTAINER=${SVCNAME#*.}
+
+lxc_get_configfile() {
+	if [ -f "/etc/lxc/${CONTAINER}.conf" ]; then
+		echo "/etc/lxc/${CONTAINER}.conf"
+	elif [ -f "/etc/lxc/${CONTAINER}/config" ]; then
+		echo "/etc/lxc/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.utsname)
+	if [ ${CONTAINER} != ${utsname} ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+
+	# find out which network interface the container is linked to,
+	# and then require that to be enabled, so that the
+	# dependencies are correct.
+	netif=$(lxc_get_var lxc.network.link)
+
+	# when the network type is set to phys, we can make use of a
+	# network service (for instance to set it up before we disable
+	# the net_admin capability), but we might also not set it up
+	# at all on the host and leave the net_admin capable service
+	# to take care of it.
+	nettype=$(lxc_get_var lxc.network.type)
+
+	if [ -n "${netif}" ]; then
+	    case "${nettype}" in
+		phys)	use net.${netif} ;;
+		*)	need net.${netif} ;;
+	    esac
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	rm /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting ${CONTAINER}"
+	env -i ${setarch} $(type -p lxc-start) -l WARN -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 0.5
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	[ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+
+	if ! [ -d /sys/fs/cgroup/cpuset/lxc/${CONTAINER} ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	init_pid=$(lxc-info -n ${CONTAINER} --pid | awk '{ print $2 }')
+
+	if [ "${init_pid}" = "-1" ]; then
+	    ewarn "${CONTAINER} doesn't seem to be running."
+	    return 0
+	fi
+
+	ebegin "Shutting down system in ${CONTAINER}"
+	kill -PWR ${init_pid}
+	eend $?
+
+	TIMEOUT=${TIMEOUT:-30}
+	i=0
+	while [ -n "$(pgrep -P ${init_pid})" -a $i -lt ${TIMEOUT} ]; do
+		sleep 1
+		i=$(expr $i + 1)
+	done
+
+	if [ -n "${missingprocs}" ]; then
+		ewarn "Something failed to properly shut down in ${CONTAINER}"
+	fi
+
+	ebegin "Stopping ${CONTAINER}"
+	lxc-stop -n ${CONTAINER}
+	eend $?
+}

sdk_container/src/third_party/coreos-overlay/app-emulation/lxc/lxc-0.8.0-r1.ebuild

@@ -0,0 +1,140 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/lxc-0.8.0-r1.ebuild,v 1.1 2012/11/14 02:15:10 flameeyes Exp $
+
+EAPI="4"
+
+MY_P="${P/_/-}"
+
+BACKPORTS=1
+
+inherit eutils linux-info versionator flag-o-matic
+
+if [[ -n ${BACKPORTS} ]]; then
+	inherit autotools
+fi
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="http://lxc.sourceforge.net/"
+SRC_URI="http://lxc.sourceforge.net/download/lxc/${MY_P}.tar.gz
+	${BACKPORTS:+http://dev.gentoo.org/~flameeyes/${PN}/${MY_P}-backports-${BACKPORTS}.tar.xz}"
+S="${WORKDIR}/${MY_P}"
+
+KEYWORDS="~amd64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="examples"
+
+RDEPEND="sys-libs/libcap"
+
+DEPEND="${RDEPEND}
+	>=sys-kernel/linux-headers-3.2"
+
+RDEPEND="${RDEPEND}
+	sys-apps/util-linux
+	app-misc/pax-utils
+	virtual/awk"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~RESOURCE_COUNTERS
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:	needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:	needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:	needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:	needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:	needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:	needed for internal (inter-container) networking"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:	needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:	as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT=":CONFIG_GRKERNSEC_CHROOT_MOUNT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS	some GRSEC features make LXC unusable see postinst notes"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS TODO README doc/FAQ.txt)
+
+src_prepare() {
+	if [[ -n ${BACKPORTS} ]]; then
+		epatch "${WORKDIR}"/patches/*
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/sbin \
+		--with-config-path=/etc/lxc	\
+		--with-rootfs-path=/usr/lib/lxc/rootfs \
+		--disable-doc \
+		--disable-apparmor \
+		$(use_enable examples)
+}
+
+src_install() {
+	default
+
+	rm -r "${D}"/usr/sbin/lxc-setcap \
+		|| die "unable to remove lxc-setcap"
+
+	keepdir /etc/lxc /usr/lib/lxc/rootfs
+
+	find "${D}" -name '*.la' -delete
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.2" ${PN}
+	keepdir /var/log/lxc
+}
+
+pkg_postinst() {
+	elog "There is an init script provided with the package now; no documentation"
+	elog "is currently available though, so please check out /etc/init.d/lxc ."
+	elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+	elog "to start the container defined into /etc/lxc/configname.conf ."
+	elog "For further information about LXC development see"
+	elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+	elog ""
+	ewarn "With version 0.7.4, the mountpoint syntax came back to the one used by 0.7.2"
+	ewarn "and previous versions. This means you'll have to use syntax like the following"
+	ewarn ""
+	ewarn "    lxc.rootfs = /container"
+	ewarn "    lxc.mount.entry = /usr/portage /container/usr/portage none bind 0 0"
+	ewarn ""
+	ewarn "To use the Fedora, Debian and (various) Ubuntu auto-configuration scripts, you"
+	ewarn "will need sys-apps/yum or dev-util/debootstrap."
+	ewarn ""
+	ewarn "Some GrSecurity settings in relation to chroot security will cause LXC not to"
+	ewarn "work, while others will actually make it much more secure. Please refer to"
+	ewarn "Diego Elio Pettenò's weblog at http://blog.flameeyes.eu/tag/lxc for further"
+	ewarn "details."
+}

sdk_container/src/third_party/coreos-overlay/app-emulation/lxc/lxc-0.8.0_rc2-r1.ebuild

@@ -0,0 +1,150 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/lxc-0.8.0_rc2-r1.ebuild,v 1.1 2012/08/04 04:58:06 flameeyes Exp $
+
+EAPI="4"
+
+MY_P="${P/_/-}"
+
+BACKPORTS=2
+
+inherit eutils linux-info versionator flag-o-matic
+
+if [[ -n ${BACKPORTS} ]]; then
+	inherit autotools
+fi
+
+DESCRIPTION="LinuX Containers userspace utilities"
+HOMEPAGE="http://lxc.sourceforge.net/"
+SRC_URI="http://lxc.sourceforge.net/download/lxc/${MY_P}.tar.gz
+	${BACKPORTS:+http://dev.gentoo.org/~flameeyes/${PN}/${MY_P}-backports-${BACKPORTS}.tar.xz}"
+S="${WORKDIR}/${MY_P}"
+
+KEYWORDS="~amd64 ~ppc64 ~x86"
+
+LICENSE="LGPL-3"
+SLOT="0"
+IUSE="examples vanilla"
+
+RDEPEND="sys-libs/libcap"
+
+DEPEND="${RDEPEND}
+	app-text/docbook-sgml-utils
+	>=sys-kernel/linux-headers-3.2"
+
+# For init script, so protect with vanilla, they are not strictly
+# needed.
+RDEPEND="${RDEPEND}
+	!vanilla? (
+		sys-apps/util-linux
+		app-misc/pax-utils
+		>=sys-apps/openrc-0.9.9.1
+		virtual/awk
+	)"
+
+CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
+	~CPUSETS ~CGROUP_CPUACCT
+	~RESOURCE_COUNTERS ~CGROUP_MEM_RES_CTLR
+	~CGROUP_SCHED
+
+	~NAMESPACES
+	~IPC_NS ~USER_NS ~PID_NS
+
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUP_FREEZER
+	~UTS_NS ~NET_NS
+	~VETH ~MACVLAN
+
+	~POSIX_MQUEUE
+	~!NETPRIO_CGROUP
+
+	~!GRKERNSEC_CHROOT_MOUNT
+	~!GRKERNSEC_CHROOT_DOUBLE
+	~!GRKERNSEC_CHROOT_PIVOT
+	~!GRKERNSEC_CHROOT_CHMOD
+	~!GRKERNSEC_CHROOT_CAPS
+"
+
+ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:	needed for pts inside container"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:	needed to freeze containers"
+
+ERROR_UTS_NS="CONFIG_UTS_NS:	needed to unshare hostnames and uname info"
+ERROR_NET_NS="CONFIG_NET_NS:	needed for unshared network"
+
+ERROR_VETH="CONFIG_VETH:	needed for internal (host-to-container) networking"
+ERROR_MACVLAN="CONFIG_MACVLAN:	needed for internal (inter-container) networking"
+
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:	needed for lxc-execute command"
+
+ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:	as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
+
+ERROR_GRKERNSEC_CHROOT_MOUNT=":CONFIG_GRKERNSEC_CHROOT_MOUNT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_DOUBLE=":CONFIG_GRKERNSEC_CHROOT_DOUBLE	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_PIVOT=":CONFIG_GRKERNSEC_CHROOT_PIVOT	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CHMOD=":CONFIG_GRKERNSEC_CHROOT_CHMOD	some GRSEC features make LXC unusable see postinst notes"
+ERROR_GRKERNSEC_CHROOT_CAPS=":CONFIG_GRKERNSEC_CHROOT_CAPS	some GRSEC features make LXC unusable see postinst notes"
+
+DOCS=(AUTHORS CONTRIBUTING MAINTAINERS TODO README doc/FAQ.txt)
+
+src_prepare() {
+	if [[ -n ${BACKPORTS} ]]; then
+		epatch "${WORKDIR}"/patches/*
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	econf \
+		--localstatedir=/var \
+		--bindir=/usr/sbin \
+		--docdir=/usr/share/doc/${PF} \
+		--with-config-path=/etc/lxc	\
+		--with-rootfs-path=/usr/lib/lxc/rootfs \
+		--enable-doc \
+		$(use_enable examples)
+}
+
+src_install() {
+	default
+
+	rm -r "${D}"/usr/sbin/lxc-setcap \
+		|| die "unable to remove lxc-setcap"
+
+	keepdir /etc/lxc /usr/lib/lxc/rootfs
+
+	find "${D}" -name '*.la' -delete
+
+	use vanilla && return 0
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/${PN}.initd.2" ${PN}
+	keepdir /var/log/lxc
+}
+
+pkg_postinst() {
+	if ! use vanilla; then
+		elog "There is an init script provided with the package now; no documentation"
+		elog "is currently available though, so please check out /etc/init.d/lxc ."
+		elog "You _should_ only need to symlink it to /etc/init.d/lxc.configname"
+		elog "to start the container defined into /etc/lxc/configname.conf ."
+		elog "For further information about LXC development see"
+		elog "http://blog.flameeyes.eu/tag/lxc" # remove once proper doc is available
+		elog ""
+	fi
+	ewarn "With version 0.7.4, the mountpoint syntax came back to the one used by 0.7.2"
+	ewarn "and previous versions. This means you'll have to use syntax like the following"
+	ewarn ""
+	ewarn "    lxc.rootfs = /container"
+	ewarn "    lxc.mount.entry = /usr/portage /container/usr/portage none bind 0 0"
+	ewarn ""
+	ewarn "To use the Fedora, Debian and (various) Ubuntu auto-configuration scripts, you"
+	ewarn "will need sys-apps/yum or dev-util/debootstrap."
+	ewarn ""
+	ewarn "Some GrSecurity settings in relation to chroot security will cause LXC not to"
+	ewarn "work, while others will actually make it much more secure. Please refer to"
+	ewarn "Diego Elio Pettenò's weblog at http://blog.flameeyes.eu/tag/lxc for further"
+	ewarn "details."
+}

sdk_container/src/third_party/coreos-overlay/app-emulation/lxc/metadata.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>virtualization</herd>
+  <maintainer>
+    <email>flameeyes@gentoo.org</email>
+  </maintainer>
+  <maintainer>
+    <email>dev-zero@gentoo.org</email>
+  </maintainer>
+
+  <use>
+    <flag name="vanilla">
+      Avoid adding Gentoo Linux-specific modifications, which include
+      the custom init script. This is present as a flag to avoid
+      forcing dependencies over users that might not want have them
+      around as they use LXC in contexts where the init script is not
+      useful.
+    </flag>
+  </use>
+</pkgmetadata>

sdk_container/src/third_party/coreos-overlay/profiles/targets/coreos/package.accept_keywords

@@ -130,3 +130,5 @@
 =net-dialup/ppp-2.4.5-r3 ~amd64
 =app-admin/systemd-rest-9999	~amd64 ~x86
 =coreos-base/motd-http-9999	~amd64 ~x86
+=app-emulation/docker-9999	~amd64 ~x86
+=app-emulation/lxc-0.8.0-r1	~amd64 ~x86