diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest new file mode 100644 index 0000000000..dd1c352481 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest @@ -0,0 +1,10 @@ +DIST incus-6.0.3.tar.xz 11916020 BLAKE2B d3d998bd50124604c52ff007eefed586c216ce1a0a77d45724fd489db1d93f2fa304f5d6e1c368ff2dd4d1170b24605fd24bbf2a6e4506207686ca392936c200 SHA512 6a879e6634cf545b4c427800d923a32e5fe58a6eaf220ad8d0cb08e0ced5e6c4be09274ae095bb9dae25a55445462ea83d3d9235f67bbb9896944f596bf17e1a +DIST incus-6.0.3.tar.xz.asc 833 BLAKE2B 38835ab036709161150992cb40df4ff1ae1887d4f3e0b037d0415f75d2bb711cb3c5945bffe1b91d289acfb7e19e726964278e5c2ab31731ba9f7534f139dec7 SHA512 7d5360ab91aafe1d047a60e38a07e24c3c7b158e753087a943ec5e59d6a27c19a872080c9007b6cf592040d3408845bc188d76f6e732408d0680a3782cebce47 +DIST incus-6.0.4.tar.xz 12000208 BLAKE2B 99a4ba40d2eea48515b88f4534c282adc925fe1b5487dc98901f000894b3781aec89f617d2246314cf9a95a7d65531e486c4092f8939722e1b3c2bf7d33063c8 SHA512 14a5cdad3f9365d58e526c8f451d9e7a57729010073caff31256e0b94d28206adc82ead4820278e7eac17b74d22a76d9f3b9f5f8424ddbfa6b74a5cea13e019f +DIST incus-6.0.4.tar.xz.asc 833 BLAKE2B 96c94cde55cd2e9f7f28db7adb098adf4895437d300dfd42aeac540cdab6677fb604831c28f40f8581e60b89b228557d81696cd64950a1c2147b445a5ec58b30 SHA512 1ef2063eab424467c805f8c86b5b0caca848f46d2ef7ebf602049fe32ee15a7e1006d5a2710b355604aef73802b4333cd0428c772e1c5fc4da588c2cd7ee1694 +DIST incus-6.10.1.tar.xz 18023076 BLAKE2B c35c7a81448b17db6db8959458c23a58392d9e3dcfedaf6d1094964c0c35d46d551a4d6cbaab93cde4b9006bdeb064dcc50148fc2cded6c9ca122f635dab58cd SHA512 12566fef798b34e3d1f3abe4bebada50a99f0e30fd33e1c5ffab458a2ebdac484650e6bf35a48bc4680669d24c9fd912b549e43ed01318bdac52d1b1767cb275 +DIST incus-6.10.1.tar.xz.asc 833 BLAKE2B 2e2de67bae59502fdad66a7ac5b7771d4e305f87e4b3e35bc829a73bd053a7ca8256f9bfa8e4c2fc6ee2268cdc8bd9b9bac7ed319e5cda14829daeaa39108b51 SHA512 4f00405913b0d04a0eec407756928e59e477ecf4dfc07b063a13fc5683fcc6e18efe1d2947a6b9c12e5fb1b64d39dc076f4a41da129fe132d30e7cfc23af80a4 +DIST incus-6.11.tar.xz 11997736 BLAKE2B 8764c1189fceeb65caedc0b9cf562f8f78a4e905101022c4efe98693ed70ef069b580d10f74e1830e0225a5332b5b37a9068c636aec738a6496a01430d6074c3 SHA512 0d52e71ce55aa59bb2b3a4c9f7926d43a6dfae1809d42c2c0c591019eaef648a4e15159a826de382e06149aa3488d60c283f69055335124d85597199d231367f +DIST incus-6.11.tar.xz.asc 833 BLAKE2B b399138638c2c503600b29899b81a4ce691af2ad16ab2d8f8994c92e317e0b48dc2021095346e9784f58a631b724c134186be026acb06fb9a63a01cc0d1cb970 SHA512 f2b108129fe3111e184544b4fce8d5503b59764b202582c901699602d3a7434e3876684ad0f625b7beeb8ca92e6cd9468ced804bcbb8e00336d48d4bce4de1fe +DIST incus-6.12.tar.xz 12041616 BLAKE2B 25bb157839a6d86f45614f71cb8f61ec2d92ca96322e90dc9d4f47603aee8b246621b941cd223a3c9007bbb4dbb65ffe432a72d2e7af5fefae40bc398406424b SHA512 1234f54965f2b50fa04c286405dd3b7dcbf86f88f91dd38476695a57961dd13fbc8da3c698ce1c254da71239b4af64fda25b9de7c6db017e7728b5bc4db52bf4 +DIST incus-6.12.tar.xz.asc 833 BLAKE2B e74dbefea68db25458da3956e6b5fc99b2cc861d9a20c5d10a9fa2d1803068b2b36a350d35960bfb289e9e1e747baa8bc5d2fdb0a93fcfb8ee7b0ffcd65befe7 SHA512 11f63160366a17d7d2679eb52f318d3c0e2a6d91a76c968d6483db9fb45892006d831f85e30bedfa9237a55d9b517458b01c3d1311e7e5f9ea1c3b3bbc18975a diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service new file mode 100644 index 0000000000..17aea1de12 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service @@ -0,0 +1,22 @@ +[Unit] +Description=Incus - main daemon +After=network-online.target lxcfs.service incus.socket +Requires=network-online.target lxcfs.service incus.socket + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/sbin/incusd --group incus-admin --syslog +ExecStartPost=/usr/sbin/incusd waitready --timeout=600 +ExecStartPre=/bin/mkdir -p /var/log/incus +ExecStartPre=/bin/chown -R root:incus-admin /var/log/incus +KillMode=process +PermissionsStartOnly=true +TimeoutStartSec=600s +TimeoutStopSec=30s +Restart=on-failure +LimitNOFILE=1048576 +LimitNPROC=infinity +TasksMax=infinity + +[Install] +Also=incus-startup.service incus.socket diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket new file mode 100644 index 0000000000..741fadd030 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Incus - Daemon (unix socket) + +[Socket] +ListenStream=/var/lib/incus/unix.socket +SocketGroup=incus-admin +SocketMode=0660 +Service=incus.service + +[Install] +WantedBy=sockets.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd new file mode 100644 index 0000000000..d75a9071ac --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd @@ -0,0 +1,27 @@ +## "INCUS_OPTIONS+=" is not POSIX-compliant, so we use +## "INCUS_OPTIONS="${INCUS_OPTIONS}"" to not rely on bashmisms. +## bgo#929138 + +# Group which owns the shared socket +INCUS_OPTIONS="${INCUS_OPTIONS} --group incus-admin" + +# Enable cpu profiling into the specified file +#INCUS_OPTIONS="${INCUS_OPTIONS} --cpuprofile /tmp/lxc_cpu_profile" + +# Enable memory profiling into the specified file +#INCUS_OPTIONS="${INCUS_OPTIONS} --memprofile /tmp/lxc_mem_profile" + +# Enable debug mode +#INCUS_OPTIONS="${INCUS_OPTIONS} --debug" + +# For debugging, print a complete stack trace every n seconds +#INCUS_OPTIONS="${INCUS_OPTIONS} --print-goroutines-every 5" + +# Enable verbose mode +#INCUS_OPTIONS="${INCUS_OPTIONS} -v" + +# Logfile to log to +#INCUS_OPTIONS="${INCUS_OPTIONS} --logfile /var/log/incus/incus.log" + +# Enable syslog logging +#INCUS_OPTIONS="${INCUS_OPTIONS} --syslog" diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd new file mode 100644 index 0000000000..fb0d80ee79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd @@ -0,0 +1,63 @@ +#!/sbin/openrc-run +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/usr/sbin/incusd +PIDFILE=/run/incus.pid + +depend() { + need net + need lxcfs +} + +start() { + ebegin "Starting incus daemon service" + + modprobe -f loop > /dev/null 2>&1 + + # Call prlimit from the init.d file instead of ulimit through rc_ulimit, + # bgo#929138 + prlimit --nofile=1048576 --memlock=unlimited --pid=$$ + + # Fix permissions on /var/lib/incus and make sure it exists. + # Create a log directory for incus with correct permissions. + install -d /var/lib/incus --group incus-admin --owner root --mode 0775 + install -d /var/log/incus --group incus-admin --owner root + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + ${INCUS_OPTIONS} + eend ${?} + + # Create necessary systemd paths in order for systemd containers to work on openrc host. + # /etc/rc.conf should have following values: + # rc_cgroup_mode="hybrid" + if [ -d /sys/fs/cgroup/unified ] && + [ ! -d /sys/fs/cgroup/systemd ]; then + install -d /sys/fs/cgroup/systemd --group incus-admin --owner root + mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd + fi +} + +stop() { + if [ "${RC_CMD}" = restart ]; then + ebegin "Stopping incus daemon service (but not containers)" + # start-stop-daemon sends SIGTERM with a timeout of 5s by default. + # SIGTERM indicates to INCUS that it will be stopped temporarily. + # Instances will keep running. + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + else + ebegin "Stopping incus daemon service and containers, waiting 40s" + # SIGPWR indicates to INCUS that the host is going down. + # LXD will do a clean shutdown of all instances. + # After 30s all remaining instances will be killed. + # We wait up to 40s for INCUS. + start-stop-daemon --stop --quiet -R SIGPWR/40 -p "${PIDFILE}" + eend ${?} + fi +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service new file mode 100644 index 0000000000..8838bdc494 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service @@ -0,0 +1,15 @@ +[Unit] +Description=Incus - Startup check +After=incus.socket incus.service +Requires=incus.socket + +[Service] +Type=oneshot +ExecStart=/usr/sbin/incus-startup start +ExecStop=/usr/sbin/incus-startup stop +TimeoutStartSec=600s +TimeoutStopSec=600s +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh new file mode 100644 index 0000000000..6b19f22e4c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh @@ -0,0 +1,21 @@ +#!/bin/sh +set -e + +case "$1" in + start) + systemctl is-active incus -q && exit 0 + exec incusd activateifneeded + ;; + + stop) + systemctl is-active incus -q || exit 0 + exec incusd shutdown + ;; + + *) + echo "unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd new file mode 100644 index 0000000000..7d81d298f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd @@ -0,0 +1,37 @@ +#!/sbin/openrc-run +# Copyright 2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="incus-user socket daemon" +description="incus-user socket daemon" + +DAEMON=/usr/sbin/incus-user +PIDFILE=/run/incus-user.pid + +depend() { + need incus + need net +} + +start() { + ebegin "Starting incus-user socket daemon" + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + --group incus + eend ${?} +} + +stop() { + if [ "${RC_CMD}" = restart ]; then + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + else + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + fi +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service new file mode 100644 index 0000000000..4cb4d44263 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service @@ -0,0 +1,12 @@ +[Unit] +Description=Incus - User daemon +After=incus-user.socket incus.service +Requires=incus-user.socket + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/sbin/incus-user --group incus +Restart=on-failure + +[Install] +Also=incus-user.socket diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket new file mode 100644 index 0000000000..5c14276fc6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Incus - Daemon (user unix socket) + +[Socket] +ListenStream=/var/lib/incus/unix.socket.user +SocketGroup=incus +SocketMode=0660 +Service=incus-user.service + +[Install] +WantedBy=sockets.target diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r1.ebuild new file mode 100644 index 0000000000..e7e99e8bc4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r1.ebuild @@ -0,0 +1,228 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/lts" +KEYWORDS="amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.6 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables + ) + fuidshift? ( !app-containers/lxd ) + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + # Fix hardcoded virtfs-proxy-helper file path, see bug 798924 + sed -i \ + -e "s:/usr/lib/qemu/virtfs-proxy-helper:/usr/libexec/virtfs-proxy-helper:g" \ + internal/server/device/device_utils_disk.go || die "Failed to fix virtfs-proxy-helper path." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild new file mode 100644 index 0000000000..4703fda205 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild @@ -0,0 +1,224 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/lts" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.6 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables + ) + fuidshift? ( !app-containers/lxd ) + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "support for ACME certificate issuance" app-crypt/lego + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild new file mode 100644 index 0000000000..1a9b75f904 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild @@ -0,0 +1,225 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/stable" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.7 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables[json] + ) + fuidshift? ( !app-containers/lxd ) + net-firewall/ebtables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "OCI container images support" app-containers/skopeo app-containers/umoci + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild new file mode 100644 index 0000000000..172578e69b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild @@ -0,0 +1,226 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/stable" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.7 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables[json] + ) + fuidshift? ( !app-containers/lxd ) + net-firewall/ebtables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "OCI container images support" app-containers/skopeo app-containers/umoci + optfeature "support for ACME certificate issuance" app-crypt/lego + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild new file mode 100644 index 0000000000..92da209e83 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild @@ -0,0 +1,227 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/stable" +KEYWORDS="~amd64 ~arm64" +IUSE="apparmor fuidshift nls qemu" + +DEPEND="acct-group/incus + acct-group/incus-admin + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + >=dev-libs/cowsql-1.15.7 + dev-libs/lzo + >=dev-libs/raft-0.22.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + || ( + net-firewall/iptables + net-firewall/nftables[json] + ) + fuidshift? ( !app-containers/lxd ) + net-firewall/ebtables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl + apparmor? ( sec-policy/apparmor-profiles ) + qemu? ( + app-cdr/cdrtools + app-emulation/qemu[spice,usbredir,virtfs] + sys-apps/gptfdisk + )" +BDEPEND=">=dev-lang/go-1.21 + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~AIO + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_AIO="CONFIG_AIO is required." +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/bin/lxc-to-incus + /usr/sbin/fuidshift + /usr/sbin/incusd + /usr/sbin/lxd-to-incus" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_unpack() { + verify-sig_src_unpack + go-module_src_unpack +} + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths." + + cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do + ego install -v -x "${S}/cmd/${k}" + done + + if use fuidshift ; then + ego install -v -x "${S}/cmd/fuidshift" + fi + + ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + + if tc-is-cross-compiler ; then + local bindir="_dist/bin/linux_${GOARCH}" + else + local bindir="_dist/bin" + fi + + newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup + + # Admin tools + for l in incusd incus-user lxd-to-incus ; do + dosbin ${bindir}/${l} + done + + # User tools + for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do + dobin ${bindir}/${m} + done + + # fuidshift, should be moved under admin tools at some point + if use fuidshift ; then + dosbin ${bindir}/fuidshift + fi + + newconfd "${FILESDIR}"/incus-6.0.confd incus + newinitd "${FILESDIR}"/incus-6.0.initd incus + newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket + systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service + systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket + + if ! tc-is-cross-compiler; then + # Generate and install shell completion files. + mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die + "${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die + "${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die + "${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die + else + ewarn "Shell completion files not installed! Install them manually with incus completion --help" + fi + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo + + # Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184 + newenvd - 90incus <<- _EOF_ + INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf + _EOF_ +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://wiki.gentoo.org/wiki/Incus" + elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD" + elog + optfeature "OCI container images support" app-containers/skopeo app-containers/umoci + optfeature "support for ACME certificate issuance" app-crypt/lego + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "full incus-migrate support" net-misc/rsync + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml b/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml new file mode 100644 index 0000000000..550a6f36da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml @@ -0,0 +1,35 @@ + + + + + juippis@gentoo.org + Joonas Niilola + + + virtualization@gentoo.org + Gentoo Virtualization Project + + + Install the fuidshift binary - currently conflicts with app-containers/lxd + Pull dependencies needed to manage QEMU-based virtual machines with Incus + + + Incus is a modern, secure and powerful system container and virtual machine manager. + Incus is a community fork from Canonical's LXD. + + It provides a unified experience for running and managing full Linux systems inside containers + or virtual machines. Incus supplies images for a wide number of Linux distributions and is built + around a very powerful, yet pretty simple, REST API. Incus scales from one instance on a single + machine to a cluster in a full data center rack, making it suitable for running workloads both + for development and in production. + + Incus allows you to easily set up a system that feels like a small private cloud. You can run any + type of workload in an efficient way while keeping your resources optimized. + + You should consider using Incus if you want to containerize different environments or run virtual + machines, or in general run and manage your infrastructure in a cost-effective way. + + + lxc/incus + +