mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-07 04:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1655 from flatcar/tormath1/exp-incus

Browse Source 
sysext: add built-in Incus sysext image
This commit is contained in:
Mathieu Tortuyaux 2025-05-19 17:24:01 +02:00 committed by GitHub
commit 886b997dad
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
72 changed files with 3396 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/portage-stable-packages-list vendored
View File

@ -8,10 +8,13 @@ acct-group/disk
acct-group/dnsmasq
acct-group/docker
acct-group/floppy
acct-group/incus
acct-group/incus-admin
acct-group/input
acct-group/kmem
acct-group/kvm
acct-group/lp
acct-group/lxc
acct-group/man
acct-group/messagebus
acct-group/named
@ -45,6 +48,7 @@ acct-group/video
acct-group/wheel
acct-user/dnsmasq
acct-user/lxc
acct-user/man
acct-user/messagebus
acct-user/named
@ -116,6 +120,8 @@ app-containers/crun
app-containers/docker
app-containers/docker-buildx
app-containers/docker-cli
app-containers/incus
app-containers/lxc
app-containers/netavark
app-containers/podman
app-containers/runc
@ -226,6 +232,7 @@ dev-lang/tcl
dev-lang/yasm
dev-libs/cJSON
dev-libs/cowsql
dev-libs/cyrus-sasl
dev-libs/dbus-glib
dev-libs/ding-libs
@ -278,6 +285,7 @@ dev-libs/opensc
dev-libs/openssl
dev-libs/popt
dev-libs/protobuf
dev-libs/raft
dev-libs/tree-sitter
dev-libs/tree-sitter-bash
dev-libs/userspace-rcu
@ -371,6 +379,7 @@ dev-util/perf
dev-util/pkgcheck
dev-util/pkgconf
dev-util/re2c
dev-util/xdelta
dev-vcs/git
@ -658,6 +667,7 @@ sys-fs/fuse-common
sys-fs/fuse-overlayfs
sys-fs/lsscsi
sys-fs/lvm2
sys-fs/lxcfs
sys-fs/mdadm
sys-fs/mtools
sys-fs/multipath-tools

7
build_library/extra_sysexts.sh
View File

@ -1,13 +1,14 @@
EXTRA_SYSEXTS=(
"zfs|sys-fs/zfs"
"podman|app-containers/podman,net-misc/passt"
"python|dev-lang/python,dev-python/pip"
"incus|app-containers/incus"
"nvidia-drivers-535|x11-drivers/nvidia-drivers:0/535|-kernel-open persistenced|amd64"
"nvidia-drivers-535-open|x11-drivers/nvidia-drivers:0/535|kernel-open persistenced|amd64"
"nvidia-drivers-550|x11-drivers/nvidia-drivers:0/550|-kernel-open persistenced|amd64"
"nvidia-drivers-550-open|x11-drivers/nvidia-drivers:0/550|kernel-open persistenced|amd64"
"nvidia-drivers-570|x11-drivers/nvidia-drivers:0/570|-kernel-open persistenced|amd64"
"nvidia-drivers-570-open|x11-drivers/nvidia-drivers:0/570|kernel-open persistenced|amd64"
"podman|app-containers/podman,net-misc/passt"
"python|dev-lang/python,dev-python/pip"
"zfs|sys-fs/zfs"
)
_get_unversioned_sysext_packages_unsorted() {

28
build_library/sysext_mangle_flatcar-incus Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
set -euo pipefail
rootfs="${1}"
pushd "${rootfs}"
pushd ./usr/lib/systemd/system
mkdir -p "multi-user.target.d"
{ echo "[Unit]"; echo "Upholds=incus.service"; } > "multi-user.target.d/10-incus.conf"
popd
mkdir -p ./usr/lib/tmpfiles.d
pushd ./usr/lib/tmpfiles.d
cat <<EOF >./10-incus.conf
d /var/lib/lxc/rootfs 0755 root root - -
w+ /etc/subuid - - - - root:1065536:65536
w+ /etc/subgid - - - - root:1065536:65536
EOF
popd
# Add 'core' user to 'incus-admin' group to avoid prefixing
# all commands with sudo.
mkdir -p ./usr/lib/userdb/
echo " " > ./usr/lib/userdb/core:incus-admin.membership
popd

1
changelog/changes/2025-05-14-incus.md Normal file
View File

@ -0,0 +1 @@
- Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to `/etc/flatcar/enabled-sysext.conf` through Ignition and the sysext will be installed during provisioning. ([scripts#1655](https://github.com/flatcar/scripts/pull/1655))

0
sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r16.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1-r17.ebuild vendored
View File

3
sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild vendored
View File

@ -30,8 +30,9 @@ RDEPEND="
sys-boot/shim-signed
app-containers/containerd
app-containers/docker
app-containers/docker-cli
app-containers/docker-buildx
app-containers/docker-cli
app-containers/incus
app-emulation/amazon-ssm-agent
app-emulation/hv-daemons
app-emulation/wa-linux-agent

13
sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus vendored Normal file
View File

@ -0,0 +1,13 @@
# This is used to convert regular user / group entries to
# userdb entries (in JSON format) to later be consumed by userdbd
# when loading the sysext image on the instance.
# The user / groups will be created dynamically and if the sysext image is
# removed the entries will be removed as well.
cros_post_src_install_add_userdb_record(){
insinto /usr/lib/userdb
newins - ${ACCT_GROUP_NAME}.group < <(
printf '{"groupName":"%q","gid":%q}\n' \
"${ACCT_GROUP_NAME}" \
"${_ACCT_GROUP_ID/#-*/-}"
)
}

13
sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/incus-admin vendored Normal file
View File

@ -0,0 +1,13 @@
# This is used to convert regular user / group entries to
# userdb entries (in JSON format) to later be consumed by userdbd
# when loading the sysext image on the instance.
# The user / groups will be created dynamically and if the sysext image is
# removed the entries will be removed as well.
cros_post_src_install_add_userdb_record(){
insinto /usr/lib/userdb
newins - ${ACCT_GROUP_NAME}.group < <(
printf '{"groupName":"%q","gid":%q}\n' \
"${ACCT_GROUP_NAME}" \
"${_ACCT_GROUP_ID/#-*/-}"
)
}

13
sdk_container/src/third_party/coreos-overlay/coreos/config/env/acct-group/lxc vendored Normal file
View File

@ -0,0 +1,13 @@
# This is used to convert regular user / group entries to
# userdb entries (in JSON format) to later be consumed by userdbd
# when loading the sysext image on the instance.
# The user / groups will be created dynamically and if the sysext image is
# removed the entries will be removed as well.
cros_post_src_install_add_userdb_record(){
insinto /usr/lib/userdb
newins - ${ACCT_GROUP_NAME}.group < <(
printf '{"groupName":"%q","gid":%q}\n' \
"${ACCT_GROUP_NAME}" \
"${_ACCT_GROUP_ID/#-*/-}"
)
}

3
sdk_container/src/third_party/coreos-overlay/coreos/config/env/app-containers/incus vendored Normal file
View File

@ -0,0 +1,3 @@
cros_pre_src_compile_pkgconfig() {
export PKG_CONFIG="$(tc-getPKG_CONFIG)"
}

12
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -16,6 +16,10 @@
# Needed to address CVE-2025-24965.
=app-containers/crun-1.20 ~amd64 ~arm64
# Keep versions on both arches in sync.
=app-containers/lxc-6.0.3 ~arm64
=app-containers/incus-6.0.3-r2 ~arm64
# No stable keywords.
=app-containers/syft-1.18.1 ~amd64 ~arm64
@ -41,17 +45,24 @@
# Keep versions on both arches in sync.
=dev-lang/yasm-1.3.0-r1 ~arm64
=dev-libs/ding-libs-0.6.2-r1 ~arm64
=dev-libs/cowsql-1.15.7 ~arm64
# The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet.
=dev-libs/jose-12 **
=dev-libs/luksmeta-9-r1 **
# Keep versions on both arches in sync.
=dev-libs/raft-0.22.1 ~arm64
# No arm64 keyword in package.
=dev-util/bsdiff-4.3-r4 **
# Catalyst 4 is not stable yet, but earlier versions are masked now.
=dev-util/catalyst-4.0.0 ~amd64 ~arm64
# Keep versions on both arches in sync.
=dev-util/xdelta-3.0.11-r1 ~arm64
# Needed to address CVE-2025-31498.
=net-dns/c-ares-1.34.5 ~amd64 ~arm64
@ -99,5 +110,6 @@ sys-apps/azure-vm-utils
# Keep versions on both arches in sync.
=sys-fs/fuse-3.17.2 ~arm64
=sys-fs/lxcfs-6.0.3-r1 ~arm64
=sys-libs/libsemanage-3.7 ~arm64
=sys-process/audit-4.0.2-r1 ~arm64

16
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use vendored
View File

@ -176,3 +176,19 @@ sys-apps/systemd -gcrypt
# Make dracut module available for initrd build.
sys-apps/azure-vm-utils dracut
# Enable SELinux for lxc
app-containers/lxc selinux
# required by app-containers/incus-6.0.3-r1::portage-stable
# required by incus (argument)
dev-libs/raft lz4
# required by app-containers/incus-6.0.3-r1::portage-stable
# required by incus (argument)
dev-util/xdelta lzma
# required by app-containers/lxc-6.0.3::portage-stable[tools,caps]
# required by app-containers/incus-6.0.3-r1::portage-stable
# required by incus (argument)
sys-libs/libcap static-libs

9
sdk_container/src/third_party/portage-stable/acct-group/incus-admin/incus-admin-0.ebuild vendored Normal file
View File

@ -0,0 +1,9 @@
# Copyright 2020-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit acct-group
ACCT_GROUP_ID=533
DESCRIPTION="Group for app-containers/incus"

8
sdk_container/src/third_party/portage-stable/acct-group/incus-admin/metadata.xml vendored Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
</pkgmetadata>

9
sdk_container/src/third_party/portage-stable/acct-group/incus/incus-0.ebuild vendored Normal file
View File

@ -0,0 +1,9 @@
# Copyright 2020-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit acct-group
ACCT_GROUP_ID=532
DESCRIPTION="Group for app-containers/incus"

8
sdk_container/src/third_party/portage-stable/acct-group/incus/metadata.xml vendored Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
</pkgmetadata>

9
sdk_container/src/third_party/portage-stable/acct-group/lxc/lxc-0-r2.ebuild vendored Normal file
View File

@ -0,0 +1,9 @@
# Copyright 2021-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit acct-group
ACCT_GROUP_ID=358
DESCRIPTION="Group for app-containers/lxc"

8
sdk_container/src/third_party/portage-stable/acct-group/lxc/metadata.xml vendored Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
</pkgmetadata>

12
sdk_container/src/third_party/portage-stable/acct-user/lxc/lxc-0-r2.ebuild vendored Normal file
View File

@ -0,0 +1,12 @@
# Copyright 2021-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit acct-user
DESCRIPTION="User for app-containers/lxc"
ACCT_USER_ID=358
ACCT_USER_GROUPS=( lxc )
acct-user_add_deps

8
sdk_container/src/third_party/portage-stable/acct-user/lxc/metadata.xml vendored Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
</pkgmetadata>

10
sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest vendored Normal file
View File

@ -0,0 +1,10 @@
DIST incus-6.0.3.tar.xz 11916020 BLAKE2B d3d998bd50124604c52ff007eefed586c216ce1a0a77d45724fd489db1d93f2fa304f5d6e1c368ff2dd4d1170b24605fd24bbf2a6e4506207686ca392936c200 SHA512 6a879e6634cf545b4c427800d923a32e5fe58a6eaf220ad8d0cb08e0ced5e6c4be09274ae095bb9dae25a55445462ea83d3d9235f67bbb9896944f596bf17e1a
DIST incus-6.0.3.tar.xz.asc 833 BLAKE2B 38835ab036709161150992cb40df4ff1ae1887d4f3e0b037d0415f75d2bb711cb3c5945bffe1b91d289acfb7e19e726964278e5c2ab31731ba9f7534f139dec7 SHA512 7d5360ab91aafe1d047a60e38a07e24c3c7b158e753087a943ec5e59d6a27c19a872080c9007b6cf592040d3408845bc188d76f6e732408d0680a3782cebce47
DIST incus-6.0.4.tar.xz 12000208 BLAKE2B 99a4ba40d2eea48515b88f4534c282adc925fe1b5487dc98901f000894b3781aec89f617d2246314cf9a95a7d65531e486c4092f8939722e1b3c2bf7d33063c8 SHA512 14a5cdad3f9365d58e526c8f451d9e7a57729010073caff31256e0b94d28206adc82ead4820278e7eac17b74d22a76d9f3b9f5f8424ddbfa6b74a5cea13e019f
DIST incus-6.0.4.tar.xz.asc 833 BLAKE2B 96c94cde55cd2e9f7f28db7adb098adf4895437d300dfd42aeac540cdab6677fb604831c28f40f8581e60b89b228557d81696cd64950a1c2147b445a5ec58b30 SHA512 1ef2063eab424467c805f8c86b5b0caca848f46d2ef7ebf602049fe32ee15a7e1006d5a2710b355604aef73802b4333cd0428c772e1c5fc4da588c2cd7ee1694
DIST incus-6.10.1.tar.xz 18023076 BLAKE2B c35c7a81448b17db6db8959458c23a58392d9e3dcfedaf6d1094964c0c35d46d551a4d6cbaab93cde4b9006bdeb064dcc50148fc2cded6c9ca122f635dab58cd SHA512 12566fef798b34e3d1f3abe4bebada50a99f0e30fd33e1c5ffab458a2ebdac484650e6bf35a48bc4680669d24c9fd912b549e43ed01318bdac52d1b1767cb275
DIST incus-6.10.1.tar.xz.asc 833 BLAKE2B 2e2de67bae59502fdad66a7ac5b7771d4e305f87e4b3e35bc829a73bd053a7ca8256f9bfa8e4c2fc6ee2268cdc8bd9b9bac7ed319e5cda14829daeaa39108b51 SHA512 4f00405913b0d04a0eec407756928e59e477ecf4dfc07b063a13fc5683fcc6e18efe1d2947a6b9c12e5fb1b64d39dc076f4a41da129fe132d30e7cfc23af80a4
DIST incus-6.11.tar.xz 11997736 BLAKE2B 8764c1189fceeb65caedc0b9cf562f8f78a4e905101022c4efe98693ed70ef069b580d10f74e1830e0225a5332b5b37a9068c636aec738a6496a01430d6074c3 SHA512 0d52e71ce55aa59bb2b3a4c9f7926d43a6dfae1809d42c2c0c591019eaef648a4e15159a826de382e06149aa3488d60c283f69055335124d85597199d231367f
DIST incus-6.11.tar.xz.asc 833 BLAKE2B b399138638c2c503600b29899b81a4ce691af2ad16ab2d8f8994c92e317e0b48dc2021095346e9784f58a631b724c134186be026acb06fb9a63a01cc0d1cb970 SHA512 f2b108129fe3111e184544b4fce8d5503b59764b202582c901699602d3a7434e3876684ad0f625b7beeb8ca92e6cd9468ced804bcbb8e00336d48d4bce4de1fe
DIST incus-6.12.tar.xz 12041616 BLAKE2B 25bb157839a6d86f45614f71cb8f61ec2d92ca96322e90dc9d4f47603aee8b246621b941cd223a3c9007bbb4dbb65ffe432a72d2e7af5fefae40bc398406424b SHA512 1234f54965f2b50fa04c286405dd3b7dcbf86f88f91dd38476695a57961dd13fbc8da3c698ce1c254da71239b4af64fda25b9de7c6db017e7728b5bc4db52bf4
DIST incus-6.12.tar.xz.asc 833 BLAKE2B e74dbefea68db25458da3956e6b5fc99b2cc861d9a20c5d10a9fa2d1803068b2b36a350d35960bfb289e9e1e747baa8bc5d2fdb0a93fcfb8ee7b0ffcd65befe7 SHA512 11f63160366a17d7d2679eb52f318d3c0e2a6d91a76c968d6483db9fb45892006d831f85e30bedfa9237a55d9b517458b01c3d1311e7e5f9ea1c3b3bbc18975a

22
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.service vendored Normal file
View File

@ -0,0 +1,22 @@
[Unit]
Description=Incus - main daemon
After=network-online.target lxcfs.service incus.socket
Requires=network-online.target lxcfs.service incus.socket
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/sbin/incusd --group incus-admin --syslog
ExecStartPost=/usr/sbin/incusd waitready --timeout=600
ExecStartPre=/bin/mkdir -p /var/log/incus
ExecStartPre=/bin/chown -R root:incus-admin /var/log/incus
KillMode=process
PermissionsStartOnly=true
TimeoutStartSec=600s
TimeoutStopSec=30s
Restart=on-failure
LimitNOFILE=1048576
LimitNPROC=infinity
TasksMax=infinity
[Install]
Also=incus-startup.service incus.socket

11
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-0.4.socket vendored Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Incus - Daemon (unix socket)
[Socket]
ListenStream=/var/lib/incus/unix.socket
SocketGroup=incus-admin
SocketMode=0660
Service=incus.service
[Install]
WantedBy=sockets.target

27
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.confd vendored Normal file
View File

@ -0,0 +1,27 @@
## "INCUS_OPTIONS+=" is not POSIX-compliant, so we use
## "INCUS_OPTIONS="${INCUS_OPTIONS}"" to not rely on bashmisms.
## bgo#929138
# Group which owns the shared socket
INCUS_OPTIONS="${INCUS_OPTIONS} --group incus-admin"
# Enable cpu profiling into the specified file
#INCUS_OPTIONS="${INCUS_OPTIONS} --cpuprofile /tmp/lxc_cpu_profile"
# Enable memory profiling into the specified file
#INCUS_OPTIONS="${INCUS_OPTIONS} --memprofile /tmp/lxc_mem_profile"
# Enable debug mode
#INCUS_OPTIONS="${INCUS_OPTIONS} --debug"
# For debugging, print a complete stack trace every n seconds
#INCUS_OPTIONS="${INCUS_OPTIONS} --print-goroutines-every 5"
# Enable verbose mode
#INCUS_OPTIONS="${INCUS_OPTIONS} -v"
# Logfile to log to
#INCUS_OPTIONS="${INCUS_OPTIONS} --logfile /var/log/incus/incus.log"
# Enable syslog logging
#INCUS_OPTIONS="${INCUS_OPTIONS} --syslog"

63
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-6.0.initd vendored Normal file
View File

@ -0,0 +1,63 @@
#!/sbin/openrc-run
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
DAEMON=/usr/sbin/incusd
PIDFILE=/run/incus.pid
depend() {
need net
need lxcfs
}
start() {
ebegin "Starting incus daemon service"
modprobe -f loop > /dev/null 2>&1
# Call prlimit from the init.d file instead of ulimit through rc_ulimit,
# bgo#929138
prlimit --nofile=1048576 --memlock=unlimited --pid=$$
# Fix permissions on /var/lib/incus and make sure it exists.
# Create a log directory for incus with correct permissions.
install -d /var/lib/incus --group incus-admin --owner root --mode 0775
install -d /var/log/incus --group incus-admin --owner root
start-stop-daemon --start \
--pidfile ${PIDFILE} \
--exec ${DAEMON} \
--background \
--make-pidfile \
-- \
${INCUS_OPTIONS}
eend ${?}
# Create necessary systemd paths in order for systemd containers to work on openrc host.
# /etc/rc.conf should have following values:
# rc_cgroup_mode="hybrid"
if [ -d /sys/fs/cgroup/unified ] &&
[ ! -d /sys/fs/cgroup/systemd ]; then
install -d /sys/fs/cgroup/systemd --group incus-admin --owner root
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
fi
}
stop() {
if [ "${RC_CMD}" = restart ]; then
ebegin "Stopping incus daemon service (but not containers)"
# start-stop-daemon sends SIGTERM with a timeout of 5s by default.
# SIGTERM indicates to INCUS that it will be stopped temporarily.
# Instances will keep running.
start-stop-daemon --stop --quiet -p "${PIDFILE}"
eend ${?}
else
ebegin "Stopping incus daemon service and containers, waiting 40s"
# SIGPWR indicates to INCUS that the host is going down.
# LXD will do a clean shutdown of all instances.
# After 30s all remaining instances will be killed.
# We wait up to 40s for INCUS.
start-stop-daemon --stop --quiet -R SIGPWR/40 -p "${PIDFILE}"
eend ${?}
fi
}

15
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.service vendored Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Incus - Startup check
After=incus.socket incus.service
Requires=incus.socket
[Service]
Type=oneshot
ExecStart=/usr/sbin/incus-startup start
ExecStop=/usr/sbin/incus-startup stop
TimeoutStartSec=600s
TimeoutStopSec=600s
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

21
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-startup-0.4.sh vendored Normal file
View File

@ -0,0 +1,21 @@
#!/bin/sh
set -e
case "$1" in
start)
systemctl is-active incus -q && exit 0
exec incusd activateifneeded
;;
stop)
systemctl is-active incus -q || exit 0
exec incusd shutdown
;;
*)
echo "unknown argument \`$1'" >&2
exit 1
;;
esac
exit 0

37
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.initd vendored Normal file
View File

@ -0,0 +1,37 @@
#!/sbin/openrc-run
# Copyright 2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
name="incus-user socket daemon"
description="incus-user socket daemon"
DAEMON=/usr/sbin/incus-user
PIDFILE=/run/incus-user.pid
depend() {
need incus
need net
}
start() {
ebegin "Starting incus-user socket daemon"
start-stop-daemon --start \
--pidfile ${PIDFILE} \
--exec ${DAEMON} \
--background \
--make-pidfile \
-- \
--group incus
eend ${?}
}
stop() {
if [ "${RC_CMD}" = restart ]; then
start-stop-daemon --stop --quiet -p "${PIDFILE}"
eend ${?}
else
start-stop-daemon --stop --quiet -p "${PIDFILE}"
eend ${?}
fi
}

12
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.service vendored Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Incus - User daemon
After=incus-user.socket incus.service
Requires=incus-user.socket
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/sbin/incus-user --group incus
Restart=on-failure
[Install]
Also=incus-user.socket

11
sdk_container/src/third_party/portage-stable/app-containers/incus/files/incus-user-0.4.socket vendored Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Incus - Daemon (user unix socket)
[Socket]
ListenStream=/var/lib/incus/unix.socket.user
SocketGroup=incus
SocketMode=0660
Service=incus-user.service
[Install]
WantedBy=sockets.target

229
sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.3-r2.ebuild vendored Normal file
View File

@ -0,0 +1,229 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig
DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
LICENSE="Apache-2.0 BSD LGPL-3 MIT"
SLOT="0/lts"
KEYWORDS="amd64 ~arm64"
IUSE="apparmor fuidshift nls qemu"
DEPEND="acct-group/incus
acct-group/incus-admin
app-arch/xz-utils
>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
dev-db/sqlite:3
>=dev-libs/cowsql-1.15.6
dev-libs/lzo
>=dev-libs/raft-0.22.1:=[lz4]
>=dev-util/xdelta-3.0[lzma(+)]
net-dns/dnsmasq[dhcp]
sys-libs/libcap
virtual/udev"
RDEPEND="${DEPEND}
|| (
net-firewall/iptables
net-firewall/nftables
)
fuidshift? ( !app-containers/lxd )
sys-apps/iproute2
sys-fs/fuse:*
>=sys-fs/lxcfs-5.0.0
sys-fs/squashfs-tools[lzma]
virtual/acl
qemu? (
app-cdr/cdrtools
app-emulation/qemu[spice,usbredir,virtfs]
sys-apps/gptfdisk
)"
BDEPEND=">=dev-lang/go-1.21
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
CONFIG_CHECK="
~AIO
~CGROUPS
~IPC_NS
~NET_NS
~PID_NS
~SECCOMP
~USER_NS
~UTS_NS
~KVM
~MACVTAP
~VHOST_VSOCK
"
ERROR_AIO="CONFIG_AIO is required."
ERROR_IPC_NS="CONFIG_IPC_NS is required."
ERROR_NET_NS="CONFIG_NET_NS is required."
ERROR_PID_NS="CONFIG_PID_NS is required."
ERROR_SECCOMP="CONFIG_SECCOMP is required."
ERROR_UTS_NS="CONFIG_UTS_NS is required."
WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
# Go magic.
QA_PREBUILT="/usr/bin/incus
/usr/bin/incus-agent
/usr/bin/incus-benchmark
/usr/bin/incus-migrate
/usr/bin/lxc-to-incus
/usr/sbin/fuidshift
/usr/sbin/incusd
/usr/sbin/lxd-to-incus"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
# The testsuite must be run as root.
# make: *** [Makefile:156: check] Error 1
RESTRICT="test"
GOPATH="${S}/_dist"
src_unpack() {
verify-sig_src_unpack
go-module_src_unpack
}
src_prepare() {
export GOPATH="${S}/_dist"
default
sed -i \
-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
-e "s:make:make ${MAKEOPTS}:g" \
Makefile || die
sed -i \
-e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \
-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths."
# Fix hardcoded virtfs-proxy-helper file path, see bug 798924
sed -i \
-e "s:/usr/lib/qemu/virtfs-proxy-helper:/usr/libexec/virtfs-proxy-helper:g" \
internal/server/device/device_utils_disk.go || die "Failed to fix virtfs-proxy-helper path."
cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die
if use apparmor; then
sed -i \
'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
"${T}"/incus.service || die
fi
# Disable -Werror's from go modules.
find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
}
src_configure() { :; }
src_compile() {
export GOPATH="${S}/_dist"
export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do
ego install -v -x "${S}/cmd/${k}"
done
if use fuidshift ; then
ego install -v -x "${S}/cmd/fuidshift"
fi
ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
# Needs to be built statically
CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate
CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent
use nls && emake build-mo
}
src_test() {
emake check
}
src_install() {
export GOPATH="${S}/_dist"
export GOHOSTARCH=$(go-env_goarch "${CBUILD}")
if [ "${GOARCH}" != "${GOHOSTARCH}" ]; then
local bindir="_dist/bin/linux_${GOARCH}"
else
local bindir="_dist/bin"
fi
newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
# Admin tools
for l in incusd incus-user lxd-to-incus ; do
dosbin ${bindir}/${l}
done
# User tools
for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do
dobin ${bindir}/${m}
done
# fuidshift, should be moved under admin tools at some point
if use fuidshift ; then
dosbin ${bindir}/fuidshift
fi
newconfd "${FILESDIR}"/incus-6.0.confd incus
newinitd "${FILESDIR}"/incus-6.0.initd incus
newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
systemd_dounit "${T}"/incus.service
systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
if ! tc-is-cross-compiler; then
# Generate and install shell completion files.
mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die
"${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die
"${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die
"${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die
else
ewarn "Shell completion files not installed! Install them manually with incus completion --help"
fi
dodoc AUTHORS
dodoc -r doc/*
use nls && domo po/*.mo
# Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184
newenvd - 90incus <<- _EOF_
INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf
_EOF_
}
pkg_postinst() {
elog
elog "Please see"
elog " https://wiki.gentoo.org/wiki/Incus"
elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD"
elog
optfeature "btrfs storage backend" sys-fs/btrfs-progs
optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
optfeature "full incus-migrate support" net-misc/rsync
optfeature "lvm2 storage backend" sys-fs/lvm2
optfeature "zfs storage backend" sys-fs/zfs
elog
elog "Be sure to add your local user to the incus group."
elog
}

224
sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.0.4.ebuild vendored Normal file
View File

@ -0,0 +1,224 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig
DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
LICENSE="Apache-2.0 BSD LGPL-3 MIT"
SLOT="0/lts"
KEYWORDS="~amd64 ~arm64"
IUSE="apparmor fuidshift nls qemu"
DEPEND="acct-group/incus
acct-group/incus-admin
app-arch/xz-utils
>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
dev-db/sqlite:3
>=dev-libs/cowsql-1.15.6
dev-libs/lzo
>=dev-libs/raft-0.22.1:=[lz4]
>=dev-util/xdelta-3.0[lzma(+)]
net-dns/dnsmasq[dhcp]
sys-libs/libcap
virtual/udev"
RDEPEND="${DEPEND}
|| (
net-firewall/iptables
net-firewall/nftables
)
fuidshift? ( !app-containers/lxd )
sys-apps/iproute2
sys-fs/fuse:*
>=sys-fs/lxcfs-5.0.0
sys-fs/squashfs-tools[lzma]
virtual/acl
qemu? (
app-cdr/cdrtools
app-emulation/qemu[spice,usbredir,virtfs]
sys-apps/gptfdisk
)"
BDEPEND=">=dev-lang/go-1.21
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
CONFIG_CHECK="
~AIO
~CGROUPS
~IPC_NS
~NET_NS
~PID_NS
~SECCOMP
~USER_NS
~UTS_NS
~KVM
~MACVTAP
~VHOST_VSOCK
"
ERROR_AIO="CONFIG_AIO is required."
ERROR_IPC_NS="CONFIG_IPC_NS is required."
ERROR_NET_NS="CONFIG_NET_NS is required."
ERROR_PID_NS="CONFIG_PID_NS is required."
ERROR_SECCOMP="CONFIG_SECCOMP is required."
ERROR_UTS_NS="CONFIG_UTS_NS is required."
WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
# Go magic.
QA_PREBUILT="/usr/bin/incus
/usr/bin/incus-agent
/usr/bin/incus-benchmark
/usr/bin/incus-migrate
/usr/bin/lxc-to-incus
/usr/sbin/fuidshift
/usr/sbin/incusd
/usr/sbin/lxd-to-incus"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
# The testsuite must be run as root.
# make: *** [Makefile:156: check] Error 1
RESTRICT="test"
GOPATH="${S}/_dist"
src_unpack() {
verify-sig_src_unpack
go-module_src_unpack
}
src_prepare() {
export GOPATH="${S}/_dist"
default
sed -i \
-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
-e "s:make:make ${MAKEOPTS}:g" \
Makefile || die
sed -i \
-e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \
-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths."
cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die
if use apparmor; then
sed -i \
'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
"${T}"/incus.service || die
fi
# Disable -Werror's from go modules.
find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
}
src_configure() { :; }
src_compile() {
export GOPATH="${S}/_dist"
export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do
ego install -v -x "${S}/cmd/${k}"
done
if use fuidshift ; then
ego install -v -x "${S}/cmd/fuidshift"
fi
ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
# Needs to be built statically
CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate
CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent
use nls && emake build-mo
}
src_test() {
emake check
}
src_install() {
export GOPATH="${S}/_dist"
if tc-is-cross-compiler ; then
local bindir="_dist/bin/linux_${GOARCH}"
else
local bindir="_dist/bin"
fi
newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
# Admin tools
for l in incusd incus-user lxd-to-incus ; do
dosbin ${bindir}/${l}
done
# User tools
for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do
dobin ${bindir}/${m}
done
# fuidshift, should be moved under admin tools at some point
if use fuidshift ; then
dosbin ${bindir}/fuidshift
fi
newconfd "${FILESDIR}"/incus-6.0.confd incus
newinitd "${FILESDIR}"/incus-6.0.initd incus
newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
systemd_dounit "${T}"/incus.service
systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
if ! tc-is-cross-compiler; then
# Generate and install shell completion files.
mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die
"${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die
"${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die
"${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die
else
ewarn "Shell completion files not installed! Install them manually with incus completion --help"
fi
dodoc AUTHORS
dodoc -r doc/*
use nls && domo po/*.mo
# Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184
newenvd - 90incus <<- _EOF_
INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf
_EOF_
}
pkg_postinst() {
elog
elog "Please see"
elog " https://wiki.gentoo.org/wiki/Incus"
elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD"
elog
optfeature "btrfs storage backend" sys-fs/btrfs-progs
optfeature "support for ACME certificate issuance" app-crypt/lego
optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
optfeature "full incus-migrate support" net-misc/rsync
optfeature "lvm2 storage backend" sys-fs/lvm2
optfeature "zfs storage backend" sys-fs/zfs
elog
elog "Be sure to add your local user to the incus group."
elog
}

225
sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.10.1-r1.ebuild vendored Normal file
View File

@ -0,0 +1,225 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig
DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
LICENSE="Apache-2.0 BSD LGPL-3 MIT"
SLOT="0/stable"
KEYWORDS="~amd64 ~arm64"
IUSE="apparmor fuidshift nls qemu"
DEPEND="acct-group/incus
acct-group/incus-admin
app-arch/xz-utils
>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
dev-db/sqlite:3
>=dev-libs/cowsql-1.15.7
dev-libs/lzo
>=dev-libs/raft-0.22.1:=[lz4]
>=dev-util/xdelta-3.0[lzma(+)]
net-dns/dnsmasq[dhcp]
sys-libs/libcap
virtual/udev"
RDEPEND="${DEPEND}
|| (
net-firewall/iptables
net-firewall/nftables[json]
)
fuidshift? ( !app-containers/lxd )
net-firewall/ebtables
sys-apps/iproute2
sys-fs/fuse:*
>=sys-fs/lxcfs-5.0.0
sys-fs/squashfs-tools[lzma]
virtual/acl
qemu? (
app-cdr/cdrtools
app-emulation/qemu[spice,usbredir,virtfs]
sys-apps/gptfdisk
)"
BDEPEND=">=dev-lang/go-1.21
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
CONFIG_CHECK="
~AIO
~CGROUPS
~IPC_NS
~NET_NS
~PID_NS
~SECCOMP
~USER_NS
~UTS_NS
~KVM
~MACVTAP
~VHOST_VSOCK
"
ERROR_AIO="CONFIG_AIO is required."
ERROR_IPC_NS="CONFIG_IPC_NS is required."
ERROR_NET_NS="CONFIG_NET_NS is required."
ERROR_PID_NS="CONFIG_PID_NS is required."
ERROR_SECCOMP="CONFIG_SECCOMP is required."
ERROR_UTS_NS="CONFIG_UTS_NS is required."
WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
# Go magic.
QA_PREBUILT="/usr/bin/incus
/usr/bin/incus-agent
/usr/bin/incus-benchmark
/usr/bin/incus-migrate
/usr/bin/lxc-to-incus
/usr/sbin/fuidshift
/usr/sbin/incusd
/usr/sbin/lxd-to-incus"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
# The testsuite must be run as root.
# make: *** [Makefile:156: check] Error 1
RESTRICT="test"
GOPATH="${S}/_dist"
src_unpack() {
verify-sig_src_unpack
go-module_src_unpack
}
src_prepare() {
export GOPATH="${S}/_dist"
default
sed -i \
-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
-e "s:make:make ${MAKEOPTS}:g" \
Makefile || die
sed -i \
-e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \
-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths."
cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die
if use apparmor; then
sed -i \
'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
"${T}"/incus.service || die
fi
# Disable -Werror's from go modules.
find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
}
src_configure() { :; }
src_compile() {
export GOPATH="${S}/_dist"
export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do
ego install -v -x "${S}/cmd/${k}"
done
if use fuidshift ; then
ego install -v -x "${S}/cmd/fuidshift"
fi
ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
# Needs to be built statically
CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate
CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent
use nls && emake build-mo
}
src_test() {
emake check
}
src_install() {
export GOPATH="${S}/_dist"
if tc-is-cross-compiler ; then
local bindir="_dist/bin/linux_${GOARCH}"
else
local bindir="_dist/bin"
fi
newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
# Admin tools
for l in incusd incus-user lxd-to-incus ; do
dosbin ${bindir}/${l}
done
# User tools
for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do
dobin ${bindir}/${m}
done
# fuidshift, should be moved under admin tools at some point
if use fuidshift ; then
dosbin ${bindir}/fuidshift
fi
newconfd "${FILESDIR}"/incus-6.0.confd incus
newinitd "${FILESDIR}"/incus-6.0.initd incus
newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
systemd_dounit "${T}"/incus.service
systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
if ! tc-is-cross-compiler; then
# Generate and install shell completion files.
mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die
"${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die
"${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die
"${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die
else
ewarn "Shell completion files not installed! Install them manually with incus completion --help"
fi
dodoc AUTHORS
dodoc -r doc/*
use nls && domo po/*.mo
# Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184
newenvd - 90incus <<- _EOF_
INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf
_EOF_
}
pkg_postinst() {
elog
elog "Please see"
elog " https://wiki.gentoo.org/wiki/Incus"
elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD"
elog
optfeature "OCI container images support" app-containers/skopeo app-containers/umoci
optfeature "btrfs storage backend" sys-fs/btrfs-progs
optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
optfeature "full incus-migrate support" net-misc/rsync
optfeature "lvm2 storage backend" sys-fs/lvm2
optfeature "zfs storage backend" sys-fs/zfs
elog
elog "Be sure to add your local user to the incus group."
elog
}

226
sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.11.ebuild vendored Normal file
View File

@ -0,0 +1,226 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig
DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
LICENSE="Apache-2.0 BSD LGPL-3 MIT"
SLOT="0/stable"
KEYWORDS="~amd64 ~arm64"
IUSE="apparmor fuidshift nls qemu"
DEPEND="acct-group/incus
acct-group/incus-admin
app-arch/xz-utils
>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
dev-db/sqlite:3
>=dev-libs/cowsql-1.15.7
dev-libs/lzo
>=dev-libs/raft-0.22.1:=[lz4]
>=dev-util/xdelta-3.0[lzma(+)]
net-dns/dnsmasq[dhcp]
sys-libs/libcap
virtual/udev"
RDEPEND="${DEPEND}
|| (
net-firewall/iptables
net-firewall/nftables[json]
)
fuidshift? ( !app-containers/lxd )
net-firewall/ebtables
sys-apps/iproute2
sys-fs/fuse:*
>=sys-fs/lxcfs-5.0.0
sys-fs/squashfs-tools[lzma]
virtual/acl
qemu? (
app-cdr/cdrtools
app-emulation/qemu[spice,usbredir,virtfs]
sys-apps/gptfdisk
)"
BDEPEND=">=dev-lang/go-1.21
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
CONFIG_CHECK="
~AIO
~CGROUPS
~IPC_NS
~NET_NS
~PID_NS
~SECCOMP
~USER_NS
~UTS_NS
~KVM
~MACVTAP
~VHOST_VSOCK
"
ERROR_AIO="CONFIG_AIO is required."
ERROR_IPC_NS="CONFIG_IPC_NS is required."
ERROR_NET_NS="CONFIG_NET_NS is required."
ERROR_PID_NS="CONFIG_PID_NS is required."
ERROR_SECCOMP="CONFIG_SECCOMP is required."
ERROR_UTS_NS="CONFIG_UTS_NS is required."
WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
# Go magic.
QA_PREBUILT="/usr/bin/incus
/usr/bin/incus-agent
/usr/bin/incus-benchmark
/usr/bin/incus-migrate
/usr/bin/lxc-to-incus
/usr/sbin/fuidshift
/usr/sbin/incusd
/usr/sbin/lxd-to-incus"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
# The testsuite must be run as root.
# make: *** [Makefile:156: check] Error 1
RESTRICT="test"
GOPATH="${S}/_dist"
src_unpack() {
verify-sig_src_unpack
go-module_src_unpack
}
src_prepare() {
export GOPATH="${S}/_dist"
default
sed -i \
-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
-e "s:make:make ${MAKEOPTS}:g" \
Makefile || die
sed -i \
-e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \
-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths."
cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die
if use apparmor; then
sed -i \
'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
"${T}"/incus.service || die
fi
# Disable -Werror's from go modules.
find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
}
src_configure() { :; }
src_compile() {
export GOPATH="${S}/_dist"
export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do
ego install -v -x "${S}/cmd/${k}"
done
if use fuidshift ; then
ego install -v -x "${S}/cmd/fuidshift"
fi
ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
# Needs to be built statically
CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate
CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent
use nls && emake build-mo
}
src_test() {
emake check
}
src_install() {
export GOPATH="${S}/_dist"
if tc-is-cross-compiler ; then
local bindir="_dist/bin/linux_${GOARCH}"
else
local bindir="_dist/bin"
fi
newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
# Admin tools
for l in incusd incus-user lxd-to-incus ; do
dosbin ${bindir}/${l}
done
# User tools
for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do
dobin ${bindir}/${m}
done
# fuidshift, should be moved under admin tools at some point
if use fuidshift ; then
dosbin ${bindir}/fuidshift
fi
newconfd "${FILESDIR}"/incus-6.0.confd incus
newinitd "${FILESDIR}"/incus-6.0.initd incus
newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
systemd_dounit "${T}"/incus.service
systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
if ! tc-is-cross-compiler; then
# Generate and install shell completion files.
mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die
"${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die
"${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die
"${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die
else
ewarn "Shell completion files not installed! Install them manually with incus completion --help"
fi
dodoc AUTHORS
dodoc -r doc/*
use nls && domo po/*.mo
# Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184
newenvd - 90incus <<- _EOF_
INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf
_EOF_
}
pkg_postinst() {
elog
elog "Please see"
elog " https://wiki.gentoo.org/wiki/Incus"
elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD"
elog
optfeature "OCI container images support" app-containers/skopeo app-containers/umoci
optfeature "support for ACME certificate issuance" app-crypt/lego
optfeature "btrfs storage backend" sys-fs/btrfs-progs
optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
optfeature "full incus-migrate support" net-misc/rsync
optfeature "lvm2 storage backend" sys-fs/lvm2
optfeature "zfs storage backend" sys-fs/zfs
elog
elog "Be sure to add your local user to the incus group."
elog
}

227
sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.12.ebuild vendored Normal file
View File

@ -0,0 +1,227 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit go-module linux-info optfeature systemd toolchain-funcs verify-sig
DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
LICENSE="Apache-2.0 BSD LGPL-3 MIT"
SLOT="0/stable"
KEYWORDS="~amd64 ~arm64"
IUSE="apparmor fuidshift nls qemu"
DEPEND="acct-group/incus
acct-group/incus-admin
app-arch/xz-utils
>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
dev-db/sqlite:3
>=dev-libs/cowsql-1.15.7
dev-libs/lzo
>=dev-libs/raft-0.22.1:=[lz4]
>=dev-util/xdelta-3.0[lzma(+)]
net-dns/dnsmasq[dhcp]
sys-libs/libcap
virtual/udev"
RDEPEND="${DEPEND}
|| (
net-firewall/iptables
net-firewall/nftables[json]
)
fuidshift? ( !app-containers/lxd )
net-firewall/ebtables
sys-apps/iproute2
sys-fs/fuse:*
>=sys-fs/lxcfs-5.0.0
sys-fs/squashfs-tools[lzma]
virtual/acl
apparmor? ( sec-policy/apparmor-profiles )
qemu? (
app-cdr/cdrtools
app-emulation/qemu[spice,usbredir,virtfs]
sys-apps/gptfdisk
)"
BDEPEND=">=dev-lang/go-1.21
nls? ( sys-devel/gettext )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
CONFIG_CHECK="
~AIO
~CGROUPS
~IPC_NS
~NET_NS
~PID_NS
~SECCOMP
~USER_NS
~UTS_NS
~KVM
~MACVTAP
~VHOST_VSOCK
"
ERROR_AIO="CONFIG_AIO is required."
ERROR_IPC_NS="CONFIG_IPC_NS is required."
ERROR_NET_NS="CONFIG_NET_NS is required."
ERROR_PID_NS="CONFIG_PID_NS is required."
ERROR_SECCOMP="CONFIG_SECCOMP is required."
ERROR_UTS_NS="CONFIG_UTS_NS is required."
WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
# Go magic.
QA_PREBUILT="/usr/bin/incus
/usr/bin/incus-agent
/usr/bin/incus-benchmark
/usr/bin/incus-migrate
/usr/bin/lxc-to-incus
/usr/sbin/fuidshift
/usr/sbin/incusd
/usr/sbin/lxd-to-incus"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
# The testsuite must be run as root.
# make: *** [Makefile:156: check] Error 1
RESTRICT="test"
GOPATH="${S}/_dist"
src_unpack() {
verify-sig_src_unpack
go-module_src_unpack
}
src_prepare() {
export GOPATH="${S}/_dist"
default
sed -i \
-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
-e "s:make:make ${MAKEOPTS}:g" \
Makefile || die
sed -i \
-e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \
-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths."
cp "${FILESDIR}"/incus-0.4.service "${T}"/incus.service || die
if use apparmor; then
sed -i \
'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
"${T}"/incus.service || die
fi
# Disable -Werror's from go modules.
find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
}
src_configure() { :; }
src_compile() {
export GOPATH="${S}/_dist"
export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do
ego install -v -x "${S}/cmd/${k}"
done
if use fuidshift ; then
ego install -v -x "${S}/cmd/fuidshift"
fi
ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
# Needs to be built statically
CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate
CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent
use nls && emake build-mo
}
src_test() {
emake check
}
src_install() {
export GOPATH="${S}/_dist"
if tc-is-cross-compiler ; then
local bindir="_dist/bin/linux_${GOARCH}"
else
local bindir="_dist/bin"
fi
newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
# Admin tools
for l in incusd incus-user lxd-to-incus ; do
dosbin ${bindir}/${l}
done
# User tools
for m in incus-agent incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do
dobin ${bindir}/${m}
done
# fuidshift, should be moved under admin tools at some point
if use fuidshift ; then
dosbin ${bindir}/fuidshift
fi
newconfd "${FILESDIR}"/incus-6.0.confd incus
newinitd "${FILESDIR}"/incus-6.0.initd incus
newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
systemd_dounit "${T}"/incus.service
systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
if ! tc-is-cross-compiler; then
# Generate and install shell completion files.
mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die
"${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die
"${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die
"${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die
else
ewarn "Shell completion files not installed! Install them manually with incus completion --help"
fi
dodoc AUTHORS
dodoc -r doc/*
use nls && domo po/*.mo
# Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184
newenvd - 90incus <<- _EOF_
INCUS_EDK2_PATH=${EPREFIX}/usr/share/edk2-ovmf
_EOF_
}
pkg_postinst() {
elog
elog "Please see"
elog " https://wiki.gentoo.org/wiki/Incus"
elog " https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD"
elog
optfeature "OCI container images support" app-containers/skopeo app-containers/umoci
optfeature "support for ACME certificate issuance" app-crypt/lego
optfeature "btrfs storage backend" sys-fs/btrfs-progs
optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
optfeature "full incus-migrate support" net-misc/rsync
optfeature "lvm2 storage backend" sys-fs/lvm2
optfeature "zfs storage backend" sys-fs/zfs
elog
elog "Be sure to add your local user to the incus group."
elog
}

35
sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml vendored Normal file
View File

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>juippis@gentoo.org</email>
<name>Joonas Niilola</name>
</maintainer>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
<use>
<flag name="fuidshift">Install the fuidshift binary - currently conflicts with app-containers/lxd</flag>
<flag name="qemu">Pull dependencies needed to manage QEMU-based virtual machines with Incus</flag>
</use>
<longdescription>
Incus is a modern, secure and powerful system container and virtual machine manager.
Incus is a community fork from Canonical's LXD.
It provides a unified experience for running and managing full Linux systems inside containers
or virtual machines. Incus supplies images for a wide number of Linux distributions and is built
around a very powerful, yet pretty simple, REST API. Incus scales from one instance on a single
machine to a cluster in a full data center rack, making it suitable for running workloads both
for development and in production.
Incus allows you to easily set up a system that feels like a small private cloud. You can run any
type of workload in an efficient way while keeping your resources optimized.
You should consider using Incus if you want to containerize different environments or run virtual
machines, or in general run and manage your infrastructure in a cost-effective way.
</longdescription>
<upstream>
<remote-id type="github">lxc/incus</remote-id>
</upstream>
</pkgmetadata>

6
sdk_container/src/third_party/portage-stable/app-containers/lxc/Manifest vendored Normal file
View File

@ -0,0 +1,6 @@
DIST lxc-5.0.3.tar.gz 975269 BLAKE2B 533d97fe4d986acbf5d562bb2c295a63df2a9a8bfc27aeff5056e4235f667102500debc586c5698482ec048c1b222a0fdc234db6fd6648c4b649f87a85de18f8 SHA512 0553be317431ab7ec0c450c0f85724a53de1f251c39c9716168e17cda6a8daec70b8221228c4be64027df28a327e0f1fd508e6bb48348ab540bbfeaf2b9ac974
DIST lxc-5.0.3.tar.gz.asc 833 BLAKE2B c35278ed17cad76d2ea94b3985e0110731efea751fb5f1c2d1c9db71486e4844285f372a94c8611dcfe91fdb16459694843b9e0a8273cfc68a56f549c7162cfb SHA512 a5ce5769d49abdf35d94de8273fd3e9c2a8ba4fafea71cf33ee6bce1d83531c8b550d972f7080409a4cc5a92e9d04ece50ed108f92c6aec4868d150e58d7d11a
DIST lxc-6.0.3.tar.gz 964210 BLAKE2B 8d5dec7f088111a2ca82aadd6cd90eb30a3a1b61900aa47123caba2ff95d10e68cfcd6a94ec6b3e36657777578c8b113c95aad9112b48b9dc964e4ed73783b48 SHA512 4ed41155b74afa135ae8e01f55a8cbbc7284a80e9789aaa2e69264d6b90a6527baf51f9c68dd3364aa83e7939d070f5c7dad924c751927783e883adce539fbdf
DIST lxc-6.0.3.tar.gz.asc 833 BLAKE2B 3a23eacfdd248a95c9fa41a6edcb55abb07abc81314fa227649663ac264a9e5fdcf81cb38b79f1bd51b9172a70a0aee5bf65ecfdaf438c944c25f11c882ab562 SHA512 5de32e772bd2864e3b688a90fd9f08d98829d61ba3e1cc76a9b403fc005256149f55ad034e186c3329f3abe52a8815f60c5027b16de46be0bc81b14d0134babd
DIST lxc-6.0.4.tar.gz 964064 BLAKE2B f8911993ce333300e68fe3d817cceb49d6c18f83e5fec1ab2da8ba6f0820808883cf73ce1f7dea2725c6279d87e6fcc0a3feeaeadad76112a47ef69265dbef50 SHA512 8ccdd9cf37b8b75e1e58021bc9bd7841faf3a2790d07f0214b6c8bde7a23e579345f576079a541dba5e71361bf5672af9d482a9e82323068ca0f7291f6063aaf
DIST lxc-6.0.4.tar.gz.asc 833 BLAKE2B 4600373e9534515fe3ec0c41ebe5b17ee8c4e7ab125e3a211ed300f0fdd79a04a9c183b903e1b6600d7b7ce4d9f2e66451326c473beb02b4a83a7200764e56e7 SHA512 2efe6e06b33a34fdf7ba1393b5e07aa1a18f189b2e43673b4f9bbdc7cf0fcb9ad47b99ebbd08e910e139047d54b1104f098cbbef586796767b9dd1a4a99ca748

34
sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-6.0.4-start-Re-introduce-first-SET_DUMPABLE-call.patch vendored Normal file
View File

@ -0,0 +1,34 @@
From 2663712e8fa8f37e0bb873185e2d4526dc644764 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Sat, 5 Apr 2025 01:11:18 -0400
Subject: [PATCH] start: Re-introduce first SET_DUMPABLE call
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Without it, we're running into issues with complex hooks like nvidia.
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
src/lxc/start.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index f28bceaba..ee4bf4003 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1125,6 +1125,11 @@ static int do_start(void *data)
if (!lxc_switch_uid_gid(nsuid, nsgid))
goto out_warn_father;
+ ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
+ if (ret < 0)
+ goto out_warn_father;
+
/* set{g,u}id() clears deathsignal */
ret = lxc_set_death_signal(SIGKILL, handler->monitor_pid, status_fd);
if (ret < 0) {
--
2.48.1

11
sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-monitord.service.5.0.0 vendored Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=LXC Container Monitoring Daemon
After=syslog.service network.target
Documentation=man:lxc
[Service]
Type=simple
ExecStart=/usr/libexec/lxc/lxc-monitord --daemon
[Install]
WantedBy=multi-user.target

15
sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-net.service.5.0.0 vendored Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=LXC network bridge setup
After=network-online.target
Before=lxc.service
Documentation=man:lxc
ConditionVirtualization=!lxc
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/libexec/lxc/lxc-net start
ExecStop=/usr/libexec/lxc/lxc-net stop
[Install]
WantedBy=multi-user.target

132
sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.initd.9 vendored Normal file
View File

@ -0,0 +1,132 @@
#!/sbin/openrc-run
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
CONTAINER=${SVCNAME#*.}
LXC_PATH=`lxc-config lxc.lxcpath`
lxc_get_configfile() {
if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
echo "${LXC_PATH}/${CONTAINER}.conf"
elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
echo "${LXC_PATH}/${CONTAINER}/config"
else
eerror "Unable to find a suitable configuration file."
eerror "If you set up the container in a non-standard"
eerror "location, please set the CONFIGFILE variable."
return 1
fi
}
[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
lxc_get_var() {
awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
}
lxc_get_net_link_type() {
# gentoo bugfix 909640, drop commented lines before awk
grep -v '^#' ${CONFIGFILE} | awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
$1 == "lxc.network.type" {_type=$2;}
$1 == "lxc.network.link" {_link=$2;}
match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;}
match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;}
{if(_link != "" && _type != ""){
printf("%s:%s\n", _link, _type );
_link=""; _type="";
}; }'
}
checkconfig() {
if [ ${CONTAINER} = ${SVCNAME} ]; then
eerror "You have to create an init script for each container:"
eerror " ln -s lxc /etc/init.d/lxc.container"
return 1
fi
# no need to output anything, the function takes care of that.
[ -z "${CONFIGFILE}" ] && return 1
utsname=$(lxc_get_var lxc.uts.name)
if [ -z "$utsname" ] ; then
utsname=$(lxc_get_var lxc.utsname)
fi
if [ "${CONTAINER}" != "${utsname}" ]; then
eerror "You should use the same name for the service and the"
eerror "container. Right now the container is called ${utsname}"
return 1
fi
}
depend() {
# be quiet, since we have to run depend() also for the
# non-muxed init script, unfortunately.
checkconfig 2>/dev/null || return 0
config ${CONFIGFILE}
need localmount
use lxcfs
local _x _if
for _x in $(lxc_get_net_link_type); do
_if=${_x%:*}
case "${_x##*:}" in
# when the network type is set to phys, we can make use of a
# network service (for instance to set it up before we disable
# the net_admin capability), but we might also not set it up
# at all on the host and leave the net_admin capable service
# to take care of it.
phys) use net.${_if} ;;
*) need net.${_if} ;;
esac
done
}
start() {
checkconfig || return 1
rm -f /var/log/lxc/${CONTAINER}.log
rootpath=$(lxc_get_var lxc.rootfs)
# Check the format of our init and the chroot's init, to see
# if we have to use linux32 or linux64; always use setarch
# when required, as that makes it easier to deal with
# x32-based containers.
case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
EM_X86_64) setarch=linux64;;
EM_386) setarch=linux32;;
esac
ebegin "Starting LXC container ${CONTAINER}"
env -i ${setarch} $(which lxc-start) -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
sleep 1
# lxc-start -d will _always_ report a correct startup, even if it
# failed, so rather than trust that, check that the cgroup exists.
# fix for LXC 3.1
STATE="$(lxc-info -s -H ${CONTAINER})"
[ "$STATE" = "RUNNING" ]
eend $?
}
stop() {
checkconfig || return 1
STATE="$(lxc-info -s -H ${CONTAINER})"
if ! [ "$STATE" = "RUNNING" ]; then
ewarn "${CONTAINER} doesn't seem to be started."
return 0
fi
# 30s should be enough to shut everything down
# lxc-stop will return back anyway as soon as successful shutdown
# after 30s, lxc-stop sends SIGKILL (dirty shotdown)
ebegin "Stopping LXC container ${CONTAINER}"
lxc-stop -t 30 -n ${CONTAINER}
eend $?
}

19
sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc.service-5.0.0 vendored Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=LXC Container Initialization and Autoboot Code
After=network.target lxc-net.service remote-fs.target
Wants=lxc-net.service
Documentation=man:lxc-autostart man:lxc
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load
ExecStart=/usr/libexec//lxc/lxc-containers start
ExecStop=/usr/libexec/lxc/lxc-containers stop
ExecReload=/usr/libexec/lxc/lxc-apparmor-load
# Environment=BOOTUP=serial
# Environment=CONSOLETYPE=serial
Delegate=yes
[Install]
WantedBy=multi-user.target

19
sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc_at.service.5.0.0 vendored Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=LXC Container: %i
# This pulls in apparmor, dev-setup, lxc-net
After=lxc.service
Wants=lxc.service
Documentation=man:lxc-start man:lxc
[Service]
Type=simple
KillMode=mixed
TimeoutStopSec=120s
ExecStart=/usr/bin/lxc-start -F -n %i
ExecStop=/usr/bin/lxc-stop -n %i
# Environment=BOOTUP=serial
# Environment=CONSOLETYPE=serial
Delegate=yes
[Install]
WantedBy=multi-user.target

169
sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-5.0.3.ebuild vendored Normal file
View File

@ -0,0 +1,169 @@
# Copyright 2022-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit bash-completion-r1 linux-info meson optfeature systemd toolchain-funcs verify-sig
DESCRIPTION="A userspace interface for the Linux kernel containment features"
HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
LICENSE="GPL-2 LGPL-2.1 LGPL-3"
SLOT="0/1.502" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping.
KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86"
IUSE="apparmor +caps examples io-uring lto man pam seccomp selinux ssl systemd test +tools"
RDEPEND="acct-group/lxc
acct-user/lxc
apparmor? ( sys-libs/libapparmor )
caps? ( sys-libs/libcap[static-libs] )
io-uring? ( >=sys-libs/liburing-2:= )
pam? ( sys-libs/pam )
seccomp? ( sys-libs/libseccomp )
selinux? ( sys-libs/libselinux )
ssl? ( dev-libs/openssl:0= )
systemd? ( sys-apps/systemd:= )
tools? ( sys-libs/libcap[static-libs] )"
DEPEND="${RDEPEND}
sys-kernel/linux-headers"
BDEPEND="virtual/pkgconfig
man? ( app-text/docbook2X )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
RESTRICT="!test? ( test )"
CONFIG_CHECK="~!NETPRIO_CGROUP
~CGROUPS
~CGROUP_CPUACCT
~CGROUP_DEVICE
~CGROUP_FREEZER
~CGROUP_SCHED
~CPUSETS
~IPC_NS
~MACVLAN
~MEMCG
~NAMESPACES
~NET_NS
~PID_NS
~POSIX_MQUEUE
~USER_NS
~UTS_NS
~VETH"
ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt )
pkg_setup() {
linux-info_pkg_setup
}
src_configure() {
local emesonargs=(
--localstatedir "${EPREFIX}/var"
-Dcoverity-build=false
-Doss-fuzz=false
-Dcommands=true
-Dmemfd-rexec=true
-Dthread-safety=true
$(meson_use apparmor)
$(meson_use caps capabilities)
$(meson_use examples)
$(meson_use io-uring io-uring-event-loop)
$(meson_use lto b_lto)
$(meson_use man)
$(meson_use pam pam-cgroup)
$(meson_use seccomp)
$(meson_use selinux)
$(meson_use ssl openssl)
$(meson_use test tests)
$(meson_use tools)
-Ddata-path=/var/lib/lxc
-Ddoc-path=/usr/share/doc/${PF}
-Dlog-path=/var/log/lxc
-Drootfs-mount-path=/var/lib/lxc/rootfs
-Druntime-path=/run
)
if use systemd; then
local emesonargs+=( -Dinit-script="systemd" )
local emesonargs+=( -Dsd-bus=enabled )
else
local emesonargs+=( -Dinit-script="sysvinit" )
local emesonargs+=( -Dsd-bus=disabled )
fi
use tools && local emesonargs+=( -Dcapabilities=true )
if $(tc-ld-is-gold) || $(tc-ld-is-lld); then
local emesonargs+=( -Db_lto_mode=thin )
else
local emesonargs+=( -Db_lto_mode=default )
fi
meson_src_configure
}
src_install() {
meson_src_install
# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir."
if use tools; then
bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,usernsexec,wait}
else
bashcomp_alias lxc-start lxc-usernsexec
fi
keepdir /var/lib/cache/lxc /var/lib/lib/lxc
find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die
# Replace upstream sysvinit/systemd files.
if use systemd; then
rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir"
else
rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts"
fi
newinitd "${FILESDIR}/${PN}.initd.9" ${PN}
systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service
systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service
systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service
systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service"
if ! use apparmor; then
sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" ||
die "Failed to remove apparmor references from lxc.service systemd unit."
fi
}
pkg_postinst() {
elog "Please refer to "
elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide."
elog
elog "Run 'lxc-checkconfig' to see optional kernel features."
elog
optfeature "automatic template scripts" app-containers/lxc-templates
optfeature "Debian-based distribution container image support" dev-util/debootstrap
optfeature "snapshot & restore functionality" sys-process/criu
}

168
sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.3.ebuild vendored Normal file
View File

@ -0,0 +1,168 @@
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig
DESCRIPTION="A userspace interface for the Linux kernel containment features"
HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
LICENSE="GPL-2 LGPL-2.1 LGPL-3"
SLOT="0/1.8" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping.
KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86"
IUSE="apparmor +caps examples io-uring man pam seccomp selinux ssl systemd test +tools"
RDEPEND="acct-group/lxc
acct-user/lxc
apparmor? ( sys-libs/libapparmor )
caps? ( sys-libs/libcap )
io-uring? ( >=sys-libs/liburing-2:= )
pam? ( sys-libs/pam )
seccomp? ( sys-libs/libseccomp )
selinux? ( sys-libs/libselinux )
ssl? ( dev-libs/openssl:0= )
systemd? (
sys-apps/dbus
sys-apps/systemd:=
)
tools? ( sys-libs/libcap )"
DEPEND="${RDEPEND}
caps? ( sys-libs/libcap[static-libs] )
tools? ( sys-libs/libcap[static-libs] )
sys-kernel/linux-headers"
BDEPEND="virtual/pkgconfig
man? ( app-text/docbook2X )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
RESTRICT="!test? ( test )"
CONFIG_CHECK="~!NETPRIO_CGROUP
~CGROUPS
~CGROUP_CPUACCT
~CGROUP_DEVICE
~CGROUP_FREEZER
~CGROUP_SCHED
~CPUSETS
~IPC_NS
~MACVLAN
~MEMCG
~NAMESPACES
~NET_NS
~PID_NS
~POSIX_MQUEUE
~USER_NS
~UTS_NS
~VETH"
ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt )
pkg_setup() {
linux-info_pkg_setup
}
src_configure() {
# -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD.
local emesonargs=(
--localstatedir "${EPREFIX}/var"
-Dcoverity-build=false
-Dinstall-state-dirs=false
-Doss-fuzz=false
-Dspecfile=false
-Dtools-multicall=false
-Dcommands=true
-Dinstall-init-files=true
-Dmemfd-rexec=true
-Dthread-safety=true
$(meson_use apparmor)
$(meson_use caps capabilities)
$(meson_use examples)
$(meson_use io-uring io-uring-event-loop)
$(meson_use man)
$(meson_use pam pam-cgroup)
$(meson_use seccomp)
$(meson_use selinux)
$(meson_use ssl openssl)
$(meson_use test tests)
$(meson_use tools)
$(usex systemd -Ddbus=true -Ddbus=false)
$(usex systemd -Dinit-script="systemd" -Dinit-script="sysvinit")
-Ddata-path=/var/lib/lxc
-Ddoc-path=/usr/share/doc/${PF}
-Dlog-path=/var/log/lxc
-Drootfs-mount-path=/var/lib/lxc/rootfs
-Druntime-path=/run
)
use tools && local emesonargs+=( -Dcapabilities=true )
meson_src_configure
}
src_install() {
meson_src_install
# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
local lxcbashcompdir="${D}/$(get_bashcompdir)"
mkdir -p "${lxcbashcompdir}" || die "Failed to create bashcompdir."
mv "${lxcbashcompdir}"/_lxc "${lxcbashcompdir}"/lxc-start || die "Failed to move _lxc bash completion file."
# Build system will install all bash completion files regardless of our 'tools' use flag.
# Though installing them all will add bash completions for commands that don't exist, it's
# cleaner than dealing with individual files based on the use flag status.
bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,update-config,usernsexec,wait}
find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die
# Replace upstream sysvinit/systemd files.
if use systemd ; then
rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir"
else
rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts"
fi
newinitd "${FILESDIR}/${PN}.initd.9" ${PN}
systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service
systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service
systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service
systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service"
if ! use apparmor; then
sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" ||
die "Failed to remove apparmor references from lxc.service systemd unit."
fi
}
pkg_postinst() {
elog "Please refer to "
elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide."
elog
elog "Run 'lxc-checkconfig' to see optional kernel features."
elog
optfeature "creating your own LXC containers" app-containers/distrobuilder
optfeature "automatic template scripts" app-containers/lxc-templates
optfeature "Debian-based distribution container image support" dev-util/debootstrap
optfeature "snapshot & restore functionality" sys-process/criu
}

172
sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.4-r1.ebuild vendored Normal file
View File

@ -0,0 +1,172 @@
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig
DESCRIPTION="A userspace interface for the Linux kernel containment features"
HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
LICENSE="GPL-2 LGPL-2.1 LGPL-3"
SLOT="0/1.8" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping.
KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
IUSE="apparmor +caps examples io-uring man pam seccomp selinux ssl systemd test +tools"
RDEPEND="acct-group/lxc
acct-user/lxc
apparmor? ( sys-libs/libapparmor )
caps? ( sys-libs/libcap )
io-uring? ( >=sys-libs/liburing-2:= )
pam? ( sys-libs/pam )
seccomp? ( sys-libs/libseccomp )
selinux? ( sys-libs/libselinux )
ssl? ( dev-libs/openssl:0= )
systemd? (
sys-apps/dbus
sys-apps/systemd:=
)
tools? ( sys-libs/libcap )"
DEPEND="${RDEPEND}
caps? ( sys-libs/libcap[static-libs] )
tools? ( sys-libs/libcap[static-libs] )
sys-kernel/linux-headers"
BDEPEND="virtual/pkgconfig
man? ( app-text/docbook2X )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
RESTRICT="!test? ( test )"
CONFIG_CHECK="~!NETPRIO_CGROUP
~CGROUPS
~CGROUP_CPUACCT
~CGROUP_DEVICE
~CGROUP_FREEZER
~CGROUP_SCHED
~CPUSETS
~IPC_NS
~MACVLAN
~MEMCG
~NAMESPACES
~NET_NS
~PID_NS
~POSIX_MQUEUE
~USER_NS
~UTS_NS
~VETH"
ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt )
PATCHES=(
"${FILESDIR}"/${P}-start-Re-introduce-first-SET_DUMPABLE-call.patch
)
pkg_setup() {
linux-info_pkg_setup
}
src_configure() {
# -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD.
local emesonargs=(
--localstatedir "${EPREFIX}/var"
-Dcoverity-build=false
-Dinstall-state-dirs=false
-Doss-fuzz=false
-Dspecfile=false
-Dtools-multicall=false
-Dcommands=true
-Dinstall-init-files=true
-Dmemfd-rexec=true
-Dthread-safety=true
$(meson_use apparmor)
$(meson_use caps capabilities)
$(meson_use examples)
$(meson_use io-uring io-uring-event-loop)
$(meson_use man)
$(meson_use pam pam-cgroup)
$(meson_use seccomp)
$(meson_use selinux)
$(meson_use ssl openssl)
$(meson_use test tests)
$(meson_use tools)
$(usex systemd -Ddbus=true -Ddbus=false)
$(usex systemd -Dinit-script="systemd" -Dinit-script="sysvinit")
-Ddata-path=/var/lib/lxc
-Ddoc-path=/usr/share/doc/${PF}
-Dlog-path=/var/log/lxc
-Drootfs-mount-path=/var/lib/lxc/rootfs
-Druntime-path=/run
)
use tools && local emesonargs+=( -Dcapabilities=true )
meson_src_configure
}
src_install() {
meson_src_install
# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
local lxcbashcompdir="${D}/$(get_bashcompdir)"
mkdir -p "${lxcbashcompdir}" || die "Failed to create bashcompdir."
mv "${lxcbashcompdir}"/_lxc "${lxcbashcompdir}"/lxc-start || die "Failed to move _lxc bash completion file."
# Build system will install all bash completion files regardless of our 'tools' use flag.
# Though installing them all will add bash completions for commands that don't exist, it's
# cleaner than dealing with individual files based on the use flag status.
bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,update-config,usernsexec,wait}
find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die
# Replace upstream sysvinit/systemd files.
if use systemd ; then
rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir"
else
rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts"
fi
newinitd "${FILESDIR}/${PN}.initd.9" ${PN}
systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service
systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service
systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service
systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service"
if ! use apparmor; then
sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" ||
die "Failed to remove apparmor references from lxc.service systemd unit."
fi
}
pkg_postinst() {
elog "Please refer to "
elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide."
elog
elog "Run 'lxc-checkconfig' to see optional kernel features."
elog
optfeature "creating your own LXC containers" app-containers/distrobuilder
optfeature "automatic template scripts" app-containers/lxc-templates
optfeature "Debian-based distribution container image support" dev-util/debootstrap
optfeature "snapshot & restore functionality" sys-process/criu
}

19
sdk_container/src/third_party/portage-stable/app-containers/lxc/metadata.xml vendored Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>juippis@gentoo.org</email>
<name>Joonas Niilola</name>
</maintainer>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
<use>
<flag name="tools">Build and install additional command line tools</flag>
</use>
<upstream>
<remote-id type="github">lxc/lxc</remote-id>
<remote-id type="cpe">cpe:/a:linuxcontainers:lxc</remote-id>
</upstream>
</pkgmetadata>

1
sdk_container/src/third_party/portage-stable/dev-libs/cowsql/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST cowsql-1.15.7.tar.gz 364592 BLAKE2B d3cd4e399d029c63743cee081cd32c19fe364f4dd093c40f62162a2387a9a0da956b19f2f75dc9e556e18c8d957edcbee5c9fe449e3ba9961eb556cdc981a6e5 SHA512 d01fe084d911f13be4d21997f3ec4ba1b11d15198dbad404d55962abd4924dcc95d48eb7d8d94d3f65c512194d25acf761954994c5ffece78a27eff438441fda

53
sdk_container/src/third_party/portage-stable/dev-libs/cowsql/cowsql-1.15.7.ebuild vendored Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2020-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit autotools
DESCRIPTION="Embeddable, replicated and fault tolerant SQL engine (fork of dqlite)"
HOMEPAGE="https://cowsql.dev/ https://github.com/cowsql/cowsql"
SRC_URI="https://github.com/cowsql/cowsql/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="LGPL-3-with-linking-exception"
SLOT="0"
KEYWORDS="amd64 ~arm64 ~x86"
IUSE="test"
RESTRICT="!test? ( test )"
RDEPEND="dev-db/sqlite:3
dev-libs/libuv:=
>=dev-libs/raft-0.18.1:="
DEPEND="${RDEPEND}
test? ( dev-libs/raft[lz4,test] )"
BDEPEND="virtual/pkgconfig"
PATCHES=( "${FILESDIR}"/dqlite-1.12.0-disable-werror.patch )
src_prepare() {
default
eautoreconf
}
src_configure() {
local myeconfargs=(
--disable-backtrace
--disable-debug
--disable-sanitize
--disable-static
# Will build a bundled libsqlite3.so.
--enable-build-sqlite=no
)
econf "${myeconfargs[@]}"
}
src_test() {
default
}
src_install() {
default
find "${ED}" -name '*.la' -delete || die
}

20
sdk_container/src/third_party/portage-stable/dev-libs/cowsql/files/dqlite-1.12.0-disable-werror.patch vendored Normal file
View File

@ -0,0 +1,20 @@
diff -Naur a/configure.ac b/configure.ac
--- a/configure.ac 2022-11-18 16:44:34.000000000 +0200
+++ b/configure.ac 2022-11-19 09:21:24.157589426 +0200
@@ -3,7 +3,7 @@
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_AUX_DIR([ac])
-AM_INIT_AUTOMAKE([subdir-objects -Wall -Werror -Wno-portability foreign])
+AM_INIT_AUTOMAKE([subdir-objects -Wall -Wno-portability foreign])
AM_SILENT_RULES([yes])
AC_PROG_CC_STDC
@@ -82,7 +82,6 @@
-Wdate-time \
-Wnested-externs \
-Wconversion \
- -Werror \
])
# To enable:
#

25
sdk_container/src/third_party/portage-stable/dev-libs/cowsql/metadata.xml vendored Normal file
View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>juippis@gentoo.org</email>
<name>Joonas Niilola</name>
</maintainer>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
<longdescription>
cowsql is a C library that implements an embeddable and replicated SQL
database engine with high-availability and automatic failover.
Cowsql is a fork from dqlite.
The acronym "dqlite" stands for "distributed SQLite", meaning that dqlite
extends SQLite with a network protocol that can connect together various
instances of your application and have them act as a highly-available
cluster, with no dependency on external databases.
</longdescription>
<upstream>
<remote-id type="github">cowsql/cowsql</remote-id>
</upstream>
</pkgmetadata>

1
sdk_container/src/third_party/portage-stable/dev-libs/raft/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST raft-0.22.1.tar.gz 362393 BLAKE2B b6fc8f8e9dc6801ac8ad1b9d94f984b249b83def00a08776292500b079bb777330e8a83cf40153bfb1baae921105788d758c9f61a021d5519d5c27048b6be8b9 SHA512 fb4ea98321336daaa605e1c3cd55f672860fc8894d479fdff4e1862a4eb5622dbaf7a943e030dd2bcdaa14cc639e7e11ac43d71f00bdbd27f12c6b67653b70e4

21
sdk_container/src/third_party/portage-stable/dev-libs/raft/files/raft-0.10.0-toggle-zfs.patch vendored Normal file
View File

@ -0,0 +1,21 @@
diff -Naur a/configure.ac b/configure.ac
--- a/configure.ac 2021-03-16 14:45:58.000000000 +0200
+++ b/configure.ac 2021-03-23 07:45:06.875557286 +0200
@@ -47,13 +47,10 @@
# Checks for header files.
AC_CHECK_HEADERS([stdlib.h string.h stdio.h assert.h unistd.h linux/io_uring.h linux/aio_abi.h])
-# Check if zfs >= 0.8.0 is available (for direct I/O support).
-AC_CHECK_PROG(have_zfs, zfs, yes)
-AS_IF([test x"$have_zfs" = x"yes"],
- [AX_COMPARE_VERSION($(cat /sys/module/zfs/version | cut -f 1 -d -), [ge], [0.8.0],
- [AC_DEFINE(RAFT_HAVE_ZFS_WITH_DIRECT_IO)], [])
- ],
- [])
+# zfs support. We have 0.8.6 as stable in Gentoo, which is plenty above the required minimum.
+AC_ARG_WITH([zfs], AS_HELP_STRING([--with-zfs], [Build with zfs support (default: disabled)]))
+AS_IF([test "x$with_zfs" = "xyes"],
+ [AC_DEFINE(RAFT_HAVE_ZFS_WITH_DIRECT_IO)], [])
# Checks for typedefs, structures, and compiler characteristics.
AC_TYPE_SIZE_T

25
sdk_container/src/third_party/portage-stable/dev-libs/raft/metadata.xml vendored Normal file
View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>juippis@gentoo.org</email>
<name>Joonas Niilola</name>
</maintainer>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
<use>
<flag name="zfs">ZFS support</flag>
</use>
<longdescription>
The library has modular design: its core part implements only the core
Raft algorithm logic, in a fully platform independent way. On top of that,
a pluggable interface defines the I/O implementation for networking
(send/receive RPC messages) and disk persistence (store log entries and
snapshots).
</longdescription>
<upstream>
<remote-id type="github">cowsql/raft</remote-id>
</upstream>
</pkgmetadata>

60
sdk_container/src/third_party/portage-stable/dev-libs/raft/raft-0.22.1.ebuild vendored Normal file
View File

@ -0,0 +1,60 @@
# Copyright 2020-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit autotools
DESCRIPTION="C implementation of the Raft consensus protocol"
HOMEPAGE="https://github.com/cowsql/raft"
SRC_URI="https://github.com/cowsql/raft/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="LGPL-3-with-linking-exception"
# Upstream change from canonical to cowsql resetted SONAME, 3 -> 0. bgo#915960
SLOT="0/0"
KEYWORDS="amd64 ~arm64 ~x86"
IUSE="lz4 test zfs"
RESTRICT="!test? ( test )"
DEPEND="dev-libs/libuv:=
lz4? ( app-arch/lz4:= )"
RDEPEND="${DEPEND}"
BDEPEND="virtual/pkgconfig"
PATCHES=(
"${FILESDIR}"/raft-0.10.0-toggle-zfs.patch
)
src_prepare() {
default
eautoreconf
}
src_configure() {
# --disable-hardening: most of these are covered on non-hardened Gentoo already.
local myeconfargs=(
--enable-uv
--enable-v0
--disable-backtrace
--disable-benchmark
--disable-debug
--disable-example
--disable-hardening
--disable-sanitize
--disable-static
$(use_enable test fixture)
$(use_with lz4)
$(use_with zfs)
)
econf "${myeconfargs[@]}"
}
src_install() {
default
find "${ED}" -name '*.la' -delete || die
}

2
sdk_container/src/third_party/portage-stable/dev-util/xdelta/Manifest vendored Normal file
View File

@ -0,0 +1,2 @@
DIST xdelta-1.1.4.tar.gz 423529 BLAKE2B b565f82ba0504118b74127096939e5699ea312be5c6c8a345abfcf0fb01b45e759abe595b33619b2714671e2f0307d603366a1f7a6b1fb5a786378716a51df6b SHA512 eef45f7977e9a7f490b881f33ab8a948cc5eff9300ea850cc30062905c8e883c104961f075f56f7ce8e385142c35de168aef1e0b8169bda66786ea4bee33168b
DIST xdelta3-3.0.11.tar.gz 683605 BLAKE2B bc33c9d6a3bb21bc52d72bba54f5e2b1058ea8d7cd7474aaf6dbdc27e165e0fbea644c584402f5bbc8ace7cd6a3aefae18588a659418f93eb041168545363bf4 SHA512 41c48e28f92ad50a737cf0acac150fe17d1132e9a652c482d751c8c4e745c6922d576a183eeabae343a1a238ed8c53353e537977628c86eb599ab3d1c01e7c52

221
sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-glib2.patch vendored Normal file
View File

@ -0,0 +1,221 @@
Nicked from http://cvs.fedoraproject.org/viewvc/devel/xdelta/xdelta-1.1.4-glib2.patch
--- xdelta-1.1.4pre1/libedsio/edsio.c.glib2 2007-01-29 14:55:10.000000000 +0100
+++ xdelta-1.1.4pre1/libedsio/edsio.c 2007-01-29 14:56:52.000000000 +0100
@@ -179,9 +179,9 @@
}
}
- while (g_queue_get_size (queued) > 0)
+ while (g_queue_get_length (queued) > 0)
{
- DelayedEvent* de = g_queue_pop (queued);
+ DelayedEvent* de = g_queue_pop_head (queued);
for (i = 0; i < all_event_watchers->len; i += 1)
{
@@ -211,7 +211,7 @@
de->def = def;
de->msg = out->str;
- g_queue_push (queued, de);
+ g_queue_push_tail (queued, de);
g_ptr_array_add (free_strings, out);
}
@@ -1482,129 +1482,3 @@
g_free (source);
}
-/* Missing glib stuff
- */
-
-GQueue *
-g_queue_new (void)
-{
- GQueue *q = g_new (GQueue, 1);
-
- q->list = q->list_end = NULL;
- q->list_size = 0;
-
- return q;
-}
-
-
-void
-g_queue_free (GQueue *q)
-{
- if (q)
- {
- if (q->list)
- g_list_free (q->list);
- g_free (q);
- }
-}
-
-
-guint
-g_queue_get_size (GQueue *q)
-{
- return (q == NULL) ? 0 : q->list_size;
-}
-
-
-void
-g_queue_push_front (GQueue *q, gpointer data)
-{
- if (q)
- {
- q->list = g_list_prepend (q->list, data);
-
- if (q->list_end == NULL)
- q->list_end = q->list;
-
- q->list_size++;
- }
-}
-
-
-void
-g_queue_push_back (GQueue *q, gpointer data)
-{
- if (q)
- {
- q->list_end = g_list_append (q->list_end, data);
-
- if (! q->list)
- q->list = q->list_end;
- else
- q->list_end = q->list_end->next;
-
- q->list_size++;
- }
-}
-
-
-gpointer
-g_queue_pop_front (GQueue *q)
-{
- gpointer data = NULL;
-
- if ((q) && (q->list))
- {
- GList *node;
-
- node = q->list;
- data = node->data;
-
- if (! node->next)
- {
- q->list = q->list_end = NULL;
- q->list_size = 0;
- }
- else
- {
- q->list = node->next;
- q->list->prev = NULL;
- q->list_size--;
- }
-
- g_list_free_1 (node);
- }
-
- return data;
-}
-
-
-gpointer
-g_queue_pop_back (GQueue *q)
-{
- gpointer data = NULL;
-
- if ((q) && (q->list))
- {
- GList *node;
-
- node = q->list_end;
- data = node->data;
-
- if (! node->prev)
- {
- q->list = q->list_end = NULL;
- q->list_size = 0;
- }
- else
- {
- q->list_end = node->prev;
- q->list_end->next = NULL;
- q->list_size--;
- }
-
- g_list_free_1 (node);
- }
-
- return data;
-}
--- xdelta-1.1.4pre1/libedsio/edsio.h.glib2 2007-01-29 14:54:38.000000000 +0100
+++ xdelta-1.1.4pre1/libedsio/edsio.h 2007-01-29 14:55:00.000000000 +0100
@@ -481,49 +481,6 @@
#endif
-/* Missing glib stuff
- */
-
-typedef struct _GQueue GQueue;
-
-struct _GQueue
-{
- GList *list;
- GList *list_end;
- guint list_size;
-};
-
-/* Queues
- */
-
-GQueue * g_queue_new (void);
-void g_queue_free (GQueue *q);
-guint g_queue_get_size (GQueue *q);
-void g_queue_push_front (GQueue *q, gpointer data);
-void g_queue_push_back (GQueue *q, gpointer data);
-gpointer g_queue_pop_front (GQueue *q);
-gpointer g_queue_pop_back (GQueue *q);
-
-#define g_queue_empty(queue) \
- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list) ? FALSE : TRUE)
-
-#define g_queue_peek_front(queue) \
- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list) ? \
- ((GQueue *)(queue))->list->data : NULL)
-
-#define g_queue_peek_back(queue) \
- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list_end) ? \
- ((GQueue *)(queue))->list_end->data : NULL)
-
-#define g_queue_index(queue,ptr) \
- ((((GQueue *)(queue)) && ((GQueue *)(queue))->list) ? \
- g_list_index (((GQueue *)(queue))->list, (ptr)) : -1)
-
-#define g_queue_push g_queue_push_back
-#define g_queue_pop g_queue_pop_front
-#define g_queue_peek g_queue_peek_front
-
-
#ifdef __cplusplus
}
#endif
--- xdelta-1.1.4pre1/configure.in.glib2 2007-01-29 14:58:06.000000000 +0100
+++ xdelta-1.1.4pre1/configure.in 2007-01-29 14:59:18.000000000 +0100
@@ -71,8 +71,8 @@
top_srcdir_absolute=`cd $srcdir; pwd`
AC_SUBST(top_srcdir_absolute)
-AM_PATH_GLIB(1.2.8,,
- AC_MSG_ERROR(Test for GLIB failed. Download it from ftp://ftp.gtk.org/pub/gtk/v1.2/))
+AM_PATH_GLIB_2_0(2.10.0,,
+ AC_MSG_ERROR(Test for GLIB2.0 failed. Download it from ftp://ftp.gtk.org/pub/gtk/v2.10/))
dnl AC_CHECK_LIB(z, gzsetparams, */
dnl AC_CHECK_HEADER(zlib.h,, */

59
sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-gzip.patch vendored Normal file
View File

@ -0,0 +1,59 @@
https://bugs.gentoo.org/919228
--- a/test/xdeltatest.c
+++ b/test/xdeltatest.c
@@ -512,7 +512,7 @@ run_command (TestProfile *tp, int zlevel, int slevel, File* from, File* to, File
if (zlevel > 0 && starts_with (tp->name, "diff"))
{
Patch *patch = read_patch (out, & sbuf);
- gzFile *rewrite = gzopen (out->name, diff_gzargs);
+ gzFile rewrite = gzopen (out->name, diff_gzargs);
if (! rewrite) fail ();
diff --git a/xdelta-1.1.4/xdmain.c b/../../xdelta-1.1.4.new/xdmain.c
index b1abc74..9c27195 100755
--- a/xdmain.c
+++ b/xdmain.c
@@ -179,6 +179,7 @@ struct _XdFileHandle
guint narrow_high;
guint current_pos;
FILE* in;
+ gzFile zin;
gboolean (* in_read) (XdFileHandle* handle, void* buf, gint nbyte);
gboolean (* in_close) (XdFileHandle* handle);
gboolean in_compressed;
@@ -520,7 +521,7 @@ xd_gzwrite (XdFileHandle* fh, const void* buf, gint nbyte)
static gboolean
xd_gzread (XdFileHandle* fh, void* buf, gint nbyte)
{
- return gzread (fh->in, buf, nbyte) == nbyte;
+ return gzread (fh->zin, buf, nbyte) == nbyte;
}
static gboolean
@@ -532,7 +533,7 @@ xd_gzclose (XdFileHandle* fh)
static gboolean
xd_gzrclose (XdFileHandle* fh)
{
- return gzclose (fh->in) == Z_OK;
+ return gzclose (fh->zin) == Z_OK;
}
static void
@@ -1022,13 +1023,13 @@ xd_handle_narrow (XdFileHandle* fh, guint low, guint high, gboolean compressed)
}
g_assert (fh->fd >= 0);
- fh->in = gzdopen (dup (fh->fd), "rb");
+ fh->zin = gzdopen (dup (fh->fd), "rb");
fh->in_read = &xd_gzread;
fh->in_close = &xd_gzrclose;
fh->in_compressed = TRUE;
fh->current_pos = 0;
- if (! fh->in)
+ if (! fh->zin)
{
xd_error ("gzdopen failed: %s\n", g_strerror (errno));
return -1;

11
sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-m4.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- xdelta-1.1.3/xdelta.m4.aclocal 2004-10-20 00:20:47.875648144 +0200
+++ xdelta-1.1.3/xdelta.m4 2004-10-20 00:21:47.205628616 +0200
@@ -4,7 +4,7 @@
dnl AM_PATH_XDELTA([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND [, MODULES]]]])
dnl Test for XDELTA, and define XDELTA_CFLAGS and XDELTA_LIBS, if "gmodule" or
dnl
-AC_DEFUN(AM_PATH_XDELTA,
+AC_DEFUN([AM_PATH_XDELTA],
[dnl
dnl Get the cflags and libraries from the xdelta-config script
dnl

113
sdk_container/src/third_party/portage-stable/dev-util/xdelta/files/xdelta-1.1.4-pkgconfig.patch vendored Normal file
View File

@ -0,0 +1,113 @@
Nicked from http://cvs.fedoraproject.org/viewvc/devel/xdelta/xdelta-1.1.3-pkgconfig.patch
--- /dev/null 2006-05-17 14:47:01.398050000 +0200
+++ xdelta-1.1.3/xdelta.pc.in 2006-05-30 16:00:55.000000000 +0200
@@ -0,0 +1,13 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+pkgdatadir=@pkgdatadir@
+
+Name: xdelta
+Description: A binary file delta generator and an RCS replacement library.
+Version: @VERSION@
+Requires: glib-2.0
+Libs: -L${libdir} -lxdelta -ledsio
+Cflags: -I${includedir}
+
--- /dev/null 2006-05-17 14:47:01.398050000 +0200
+++ xdelta-1.1.3/xdelta-config 2006-05-30 16:04:22.000000000 +0200
@@ -0,0 +1,60 @@
+#!/bin/bash
+#
+# Simple wrapper around pkg-config to replace /usr/bin/<foo>-config scripts
+#
+# Copyright 2006 Red Hat, Inc.
+# Jeremy Katz <katzj@redhat.com>
+
+CFGPATH=$(basename $0)
+MODULE=${CFGPATH%-config}
+
+usage() {
+ pkg-config --help
+ exit 1
+}
+
+if [ $# -lt 1 ]; then
+ usage 1>&2
+fi
+
+ARGS=""
+
+while test $# -gt 0; do
+ case $1 in
+ --version)
+ ARGS="$ARGS --modversion"
+ ;;
+ --cflags)
+ ARGS="$ARGS --cflags"
+ ;;
+ --libs)
+ ARGS="$ARGS --libs"
+ ;;
+ --libdir*)
+ ARGS="$ARGS --libs-only-L"
+ ;;
+ --includedir*)
+ ARGS="$ARGS --cflags-only-I"
+ ;;
+ --prefix*)
+ ARGS="$ARGS --variable=prefix"
+ ;;
+ --exec-prefix*)
+ ARGS="$ARGS --variable=exec_prefix"
+ ;;
+ --module*)
+ if echo $1 | grep -q '=' ; then
+ MODULE=`echo $1 | sed 's/^--module=//'`
+ else
+ MODULE=$2
+ shift
+ fi
+ ;;
+ *)
+ usage 1>&2
+ ;;
+ esac
+ shift
+done
+
+pkg-config $ARGS $MODULE
--- xdelta-1.1.3/Makefile.am.pkgconfig 2006-05-30 16:00:55.000000000 +0200
+++ xdelta-1.1.3/Makefile.am 2006-05-30 16:00:55.000000000 +0200
@@ -27,6 +27,9 @@
m4datadir = $(datadir)/aclocal
m4data_DATA = xdelta.m4
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = xdelta.pc
+
## $Format: "libxdelta_la_LDFLAGS = -version-info $LibCurrent$:$LibRevision$:$LibAge$" $
libxdelta_la_LDFLAGS = -version-info 2:0:0
--- xdelta-1.1.3/configure.in.pkgconfig 2006-05-30 16:00:55.000000000 +0200
+++ xdelta-1.1.3/configure.in 2006-05-30 16:00:55.000000000 +0200
@@ -63,6 +63,8 @@
AC_HEADER_STDC
AC_PROG_MAKE_SET
+PKG_PROG_PKG_CONFIG
+
AC_CHECK_FUNCS(gettimeofday)
AC_HEADER_TIME
@@ -83,7 +85,7 @@
doc/Makefile
test/Makefile
djgpp/Makefile
- xdelta-config
+ xdelta.pc
libedsio/Makefile
libedsio/edsio-comp,

12
sdk_container/src/third_party/portage-stable/dev-util/xdelta/metadata.xml vendored Normal file
View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>mgorny@gentoo.org</email>
<name>Michał Górny</name>
</maintainer>
<upstream>
<remote-id type="google-code">xdelta</remote-id>
<remote-id type="github">jmacd/xdelta-devel</remote-id>
</upstream>
</pkgmetadata>

43
sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-1.1.4-r4.ebuild vendored Normal file
View File

@ -0,0 +1,43 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit autotools toolchain-funcs
DESCRIPTION="Computes changes between binary or text files and creates deltas"
HOMEPAGE="https://xdelta.googlecode.com/"
SRC_URI="https://${PN}.googlecode.com/files/${P}.tar.gz"
LICENSE="GPL-2+"
SLOT="0"
KEYWORDS="~alpha amd64 ~arm64 ~hppa ppc ppc64 sparc x86"
RDEPEND=">=dev-libs/glib-2
>=sys-libs/zlib-1.1.4:="
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig"
PATCHES=(
"${FILESDIR}/${P}-m4.patch"
"${FILESDIR}/${P}-glib2.patch"
"${FILESDIR}/${P}-pkgconfig.patch"
"${FILESDIR}/${P}-gzip.patch"
)
src_prepare() {
default
eautoreconf
}
src_configure() {
tc-export CC
econf --disable-static
}
src_install() {
default
# no static archives
find "${ED}" -name '*.la' -delete || die
}

39
sdk_container/src/third_party/portage-stable/dev-util/xdelta/xdelta-3.0.11-r1.ebuild vendored Normal file
View File

@ -0,0 +1,39 @@
# Copyright 2002-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
MY_P=xdelta3-${PV}
DESCRIPTION="Computes changes between binary or text files and creates deltas"
HOMEPAGE="http://xdelta.org/"
SRC_URI="https://github.com/jmacd/xdelta-gpl/releases/download/v${PV}/${MY_P}.tar.gz"
S="${WORKDIR}/${MY_P}"
LICENSE="GPL-2"
SLOT="3"
KEYWORDS="~alpha amd64 ~arm64 ~hppa ~loong ppc ppc64 ~riscv sparc x86"
IUSE="examples lzma"
RDEPEND="lzma? ( app-arch/xz-utils:= )"
DEPEND="${RDEPEND}"
src_configure() {
econf $(use_with lzma liblzma)
}
src_compile() {
# avoid building tests
emake xdelta3
}
src_test() {
emake xdelta3regtest
./xdelta3regtest || die
}
src_install() {
emake DESTDIR="${D}" install-binPROGRAMS install-man1
dodoc draft-korn-vcdiff.txt README.md
use examples && dodoc -r examples
}

6
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/Manifest vendored Normal file
View File

@ -0,0 +1,6 @@
DIST lxcfs-5.0.4.tar.gz 104249 BLAKE2B 83a7b861136c34da8a24dd525fd0767193f2bbd92b40e3b9fd5e42d7645465411792e65e95797ab13b33330299d12b19bdd5786352875ed88ac0097b72b711a9 SHA512 b404045dbabe23e1d1f1d74c1648d2596bb70aaa9f9e46f9f5635b0a02d0c451f68b2559920bbefc5b889e908cf1da0a33c148b26bdce3e45c3d0cbdff710604
DIST lxcfs-5.0.4.tar.gz.asc 833 BLAKE2B aff883d24b374b296ea3678670e5e82c723fd0e35cfd7fed555aabbd811a104becc0b741331b4aa4a5129c9fff4dc88c6a86e7d64a89fe86aea81718f5d432dd SHA512 56b639597dbaf3008fe030147ea37192bd465c467a79e11ce139bcaa6bca1625b4bb9c4eda6ea1877446769f0fad9b4c5a3513d4f4415b841db96d5da8325ddc
DIST lxcfs-6.0.3.tar.gz 106684 BLAKE2B 358033df95b52c6b04f5f622eb89e1f62f4f86098d9478b2643c83c3b62c5a6d1429c34b37b7d6241b522ec1d0ec8f8922c01a990cfb75b0b022b00720ded1d3 SHA512 c32941ccdba5906f5542b393077ea6cad9d5cd83eab38692c22614c19fec4f0fe95d3428ae7a49f6e9e9e1879db3479a2a09f37755d2c45c8230b099986eec2d
DIST lxcfs-6.0.3.tar.gz.asc 833 BLAKE2B 202b5539f5d4621e0d2071aaa861976af801a6c5c49bf921acd9015923bf8201178273aa79d7b69b51d7fa1abb0112a4960452e86d7d340b752b2f8d4bb2c559 SHA512 dd27747d56cddb6e0057232a9a451f5d08d812aa73fe70633d31ce38d650dcbdda3e6f195aad3d591dd4ba3ad7cdf658b0bb1ce55b660d26d315ad598d44a74e
DIST lxcfs-6.0.4.tar.gz 106751 BLAKE2B 4f05cb5e31ed1f313eeb42ac7cc9e68031011af363992e9d15266d7c831fb83078821a42181142cb58418dc87b6ae71ccd79559e0c77c19b5810cb2f5dde98ab SHA512 27e27dd14e3ab6d6f33b78f3316d1d15ccdb5af76fd3631770fe8ff4e1d1a3cc6d7a8009a604660fccc63e4fa5f1601c6505f66ab76c11dcfcddd3baf7ff173b
DIST lxcfs-6.0.4.tar.gz.asc 833 BLAKE2B 71d552694273e6b3fbeaa4fd2a07ad783ca66824fa7fef69ba79a343b65e57295a702efe580c17e77c6fdb3f79364e98206a099ef3ac99b1d1238178cd343e20 SHA512 fecc002f39f841f3ffbfd7c543cdfed61b9276e962a75230b2962a36bbef04f5444481bb1409ba38ed8f619d0887313f1cc84389f64755d6168c017f68bbaeb2

8
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.confd vendored Normal file
View File

@ -0,0 +1,8 @@
# /etc/conf.d/lxcfs: config file for /etc/init.d/lxcfs
# lxcfs options:
# -l == calculate container load average instead of displaying host load average
# -u == don't display swap usage to containers
LXCFS_OPTS="-l -u"
LXCFS_PATH="/var/lib/lxcfs"

27
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.initd vendored Normal file
View File

@ -0,0 +1,27 @@
#!/sbin/openrc-run
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
DAEMON=/usr/bin/lxcfs
PIDFILE=/run/lxcfs.pid
start() {
ebegin "Starting lxcfs."
/sbin/modprobe -q fuse
install -d "${LXCFS_PATH}"
start-stop-daemon --start \
--pidfile ${PIDFILE} \
--exec ${DAEMON} \
--background \
--make-pidfile \
-- ${LXCFS_OPTS} \
"${LXCFS_PATH}"
eend ${?}
}
stop() {
ebegin "Stopping lxcfs."
/usr/bin/fusermount3 -u "${LXCFS_PATH}"
start-stop-daemon --stop --quiet -R TERM/45 -p ${PIDFILE}
eend ${?}
}

18
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.2.service vendored Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=FUSE filesystem for LXC
ConditionVirtualization=!container
Before=lxc.service
Documentation=man:lxcfs(1)
[Service]
ExecStartPre=/sbin/modprobe -q fuse
ExecStartPre=install -d /var/lib/lxcfs
ExecStart=/usr/bin/lxcfs /var/lib/lxcfs
KillMode=process
Restart=on-failure
ExecStopPost=-/usr/bin/fusermount3 -u /var/lib/lxcfs
Delegate=yes
ExecReload=/bin/kill -USR1 ${MAINPID}
[Install]
WantedBy=multi-user.target

19
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/files/lxcfs-5.0.4-fix-incompatible-pointer-conversion.patch vendored Normal file
View File

@ -0,0 +1,19 @@
Bug: https://bugs.gentoo.org/894348
Upstream PR: https://github.com/lxc/lxcfs/pull/610
--- a/src/proc_loadavg.c
+++ b/src/proc_loadavg.c
@@ -603,12 +603,12 @@ pthread_t load_daemon(int load_use)
ret = init_load();
if (ret == -1)
- return log_error(0, "Initialize hash_table fails in load_daemon!");
+ return (pthread_t) log_error(0, "Initialize hash_table fails in load_daemon!");
ret = pthread_create(&pid, NULL, load_begin, NULL);
if (ret != 0) {
load_free();
- return log_error(0, "Create pthread fails in load_daemon!");
+ return (pthread_t) log_error(0, "Create pthread fails in load_daemon!");
}
/* use loadavg, here loadavg = 1*/

84
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-5.0.4-r2.ebuild vendored Normal file
View File

@ -0,0 +1,84 @@
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..12} )
inherit cmake meson python-any-r1 systemd verify-sig
DESCRIPTION="FUSE filesystem for LXC"
HOMEPAGE="https://linuxcontainers.org/lxcfs/introduction/ https://github.com/lxc/lxcfs/"
SRC_URI="https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz
verify-sig? ( https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz.asc )"
LICENSE="Apache-2.0 LGPL-2+"
SLOT="0"
KEYWORDS="amd64 ~arm64 ~riscv ~x86"
IUSE="doc test"
DEPEND="sys-fs/fuse:3="
RDEPEND="${DEPEND}"
BDEPEND="${PYTHON_DEPS}
virtual/pkgconfig
$(python_gen_any_dep '
dev-python/jinja2[${PYTHON_USEDEP}]
')
doc? ( sys-apps/help2man )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
# Needs some black magic to work inside container/chroot.
RESTRICT="test"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
PATCHES=(
"${FILESDIR}"/${PN}-5.0.4-fix-incompatible-pointer-conversion.patch
)
python_check_deps() {
python_has_version -b "dev-python/jinja2[${PYTHON_USEDEP}]"
}
pkg_setup() {
python-any-r1_pkg_setup
}
src_prepare() {
default
# Fix python shebangs for python-exec[-native-symlinks], #851480
local shebangs=($(grep -rl "#!/usr/bin/env python3" || die))
python_fix_shebang -q ${shebangs[*]}
}
src_configure() {
local emesonargs=(
--localstatedir "${EPREFIX}/var"
$(meson_use doc docs)
$(meson_use test tests)
-Dfuse-version=3
-Dinit-script=""
-Dwith-init-script=""
)
meson_src_configure
}
src_test() {
cd "${BUILD_DIR}"/tests || die "failed to change into tests/ directory."
./main.sh || die
}
src_install() {
meson_src_install
newconfd "${FILESDIR}"/lxcfs-5.0.2.confd lxcfs
newinitd "${FILESDIR}"/lxcfs-5.0.2.initd lxcfs
# Provide our own service file (copy of upstream) due to paths being different from upstream,
# #728470
systemd_newunit "${FILESDIR}"/lxcfs-5.0.2.service lxcfs.service
}

80
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.3-r1.ebuild vendored Normal file
View File

@ -0,0 +1,80 @@
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
inherit cmake meson python-any-r1 systemd verify-sig
DESCRIPTION="FUSE filesystem for LXC"
HOMEPAGE="https://linuxcontainers.org/lxcfs/introduction/ https://github.com/lxc/lxcfs/"
SRC_URI="https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz
verify-sig? ( https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz.asc )"
LICENSE="Apache-2.0 LGPL-2+"
SLOT="0"
KEYWORDS="amd64 ~arm64 ~riscv ~x86"
IUSE="doc test"
DEPEND="sys-fs/fuse:3="
RDEPEND="${DEPEND}"
BDEPEND="${PYTHON_DEPS}
virtual/pkgconfig
$(python_gen_any_dep '
dev-python/jinja2[${PYTHON_USEDEP}]
')
doc? ( sys-apps/help2man )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
# Needs some black magic to work inside container/chroot.
RESTRICT="test"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
python_check_deps() {
python_has_version -b "dev-python/jinja2[${PYTHON_USEDEP}]"
}
pkg_setup() {
python-any-r1_pkg_setup
}
src_prepare() {
default
# Fix python shebangs for python-exec[-native-symlinks], #851480
local shebangs=($(grep -rl "#!/usr/bin/env python3" || die))
python_fix_shebang -q ${shebangs[*]}
}
src_configure() {
local emesonargs=(
--localstatedir "${EPREFIX}/var"
$(meson_use doc docs)
$(meson_use test tests)
-Dfuse-version=3
-Dinit-script=""
-Dwith-init-script=""
)
meson_src_configure
}
src_test() {
cd "${BUILD_DIR}"/tests || die "failed to change into tests/ directory."
./main.sh || die
}
src_install() {
meson_src_install
newconfd "${FILESDIR}"/lxcfs-5.0.2.confd lxcfs
newinitd "${FILESDIR}"/lxcfs-5.0.2.initd lxcfs
# Provide our own service file (copy of upstream) due to paths being different from upstream,
# #728470
systemd_newunit "${FILESDIR}"/lxcfs-5.0.2.service lxcfs.service
}

81
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/lxcfs-6.0.4.ebuild vendored Normal file
View File

@ -0,0 +1,81 @@
# Copyright 2022-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{10..13} )
inherit cmake meson python-any-r1 systemd verify-sig
DESCRIPTION="FUSE filesystem for LXC"
HOMEPAGE="https://linuxcontainers.org/lxcfs/introduction/ https://github.com/lxc/lxcfs/"
SRC_URI="https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz
verify-sig? ( https://linuxcontainers.org/downloads/lxcfs/${P}.tar.gz.asc )"
LICENSE="Apache-2.0 LGPL-2+"
SLOT="0"
KEYWORDS="~amd64 ~arm64 ~riscv ~x86"
IUSE="doc test"
DEPEND="sys-fs/fuse:3="
RDEPEND="${DEPEND}"
BDEPEND="${PYTHON_DEPS}
virtual/pkgconfig
$(python_gen_any_dep '
dev-python/jinja2[${PYTHON_USEDEP}]
')
doc? ( sys-apps/help2man )
verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
# Needs some black magic to work inside container/chroot.
RESTRICT="test"
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
python_check_deps() {
python_has_version -b "dev-python/jinja2[${PYTHON_USEDEP}]"
}
pkg_setup() {
python-any-r1_pkg_setup
}
src_prepare() {
default
# Fix python shebangs for python-exec[-native-symlinks], #851480
local shebangs=($(grep -rl "#!/usr/bin/env python3" || die))
python_fix_shebang -q ${shebangs[*]}
}
src_configure() {
local emesonargs=(
--localstatedir "${EPREFIX}/var"
$(meson_use doc docs)
$(meson_use test tests)
-Dfuse-version=3
-Dinit-script=""
-Dwith-init-script=""
)
meson_src_configure
}
src_test() {
cd "${BUILD_DIR}"/tests || die "failed to change into tests/ directory."
./main.sh || die
}
src_install() {
meson_src_install
newconfd "${FILESDIR}"/lxcfs-5.0.2.confd lxcfs
newinitd "${FILESDIR}"/lxcfs-5.0.2.initd lxcfs
# Provide our own service file (copy of upstream) due to paths being different from upstream,
# #728470
# https://github.com/lxc/lxcfs/tree/main/config/init
systemd_newunit "${FILESDIR}"/lxcfs-5.0.2.service lxcfs.service
}

22
sdk_container/src/third_party/portage-stable/sys-fs/lxcfs/metadata.xml vendored Normal file
View File

@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>juippis@gentoo.org</email>
<name>Joonas Niilola</name>
</maintainer>
<maintainer type="project">
<email>virtualization@gentoo.org</email>
<name>Gentoo Virtualization Project</name>
</maintainer>
<longdescription>
LXCFS is a simple userspace filesystem designed to
provide a cgroupfs-like tree which is container aware
and a set of files which can be bind-mounted over
their /proc originals to provide cgroup-aware values.
</longdescription>
<upstream>
<remote-id type="github">lxc/lxfs</remote-id>
<remote-id type="cpe">cpe:/a:canonical:lxcfs</remote-id>
</upstream>
</pkgmetadata>