mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-15 17:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #171 from marineam/base

Browse Source 
coreos-base updates, docker socket fixed
This commit is contained in:
Michael Marineau 2013-08-22 18:46:11 -07:00
commit a14d446222
13 changed files with 35 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0-r1.ebuild vendored
View File

@ -1 +0,0 @@
docker-0.5.0.ebuild

43
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0.ebuild vendored
View File

@ -1,43 +0,0 @@
#
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
# $Header:$
#
EAPI=2
EGIT_REPO_URI="https://github.com/dotcloud/docker"
inherit toolchain-funcs systemd git-2
EGIT_COMMIT="51f6c4a7372450d164c61e0054daf0223ddbd909" # 0.5
DESCRIPTION="Docker container management"
HOMEPAGE="http://docker.io"
SRC_URI=""
LICENSE="MIT"
SLOT="0"
KEYWORDS="amd64"
IUSE=""
DEPEND=">=dev-lang/go-1.0.2"
RDEPEND="
app-emulation/lxc
net-misc/bridge-utils
sys-apps/iproute2
app-arch/libarchive
net-misc/curl
sys-fs/aufs-util
"
src_compile() {
emake
}
src_install() {
dobin ${S}/bin/${PN}
keepdir /var/lib/${PN}/graph
keepdir /var/lib/${PN}/containers
systemd_dounit "${FILESDIR}"/${PN}.service
# not enabling by default because it messes up the EC2 169. meta url routing
systemd_enable_service multi-user.target ${PN}.service
}

0
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.3-r1.ebuild → sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.3-r2.ebuild vendored
View File

3
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service vendored
View File

@ -1,9 +1,6 @@
[Service]
Type=simple
ExecStartPre=/bin/mount --make-rprivate /
# Enable forwarding to allow NAT to work
# TODO: Move this to sysctl.conf
ExecStartPre=/sbin/sysctl -w net.ipv4.ip_forward=1
# Try to use this alternate way of starting docker if docker crashes for you:
# ExecStart=/bin/bash -c "/usr/bin/nohup /usr/bin/docker -d -D &"

0
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r65.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r66.ebuild vendored
View File

95
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild vendored
View File

@ -1,6 +1,8 @@
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
EAPI=5
inherit useradd
DESCRIPTION="ChromeOS specific system setup"
@ -15,7 +17,6 @@ IUSE="cros_host"
# We need to make sure timezone-data is merged before us.
# See pkg_setup below as well as http://crosbug.com/27413
# and friends.
# TODO: !app-misc/editor-wrapper
DEPEND="sys-apps/baselayout
!<sys-libs/timezone-data-2011d
!<=app-admin/sudo-1.8.2
@ -31,6 +32,9 @@ RDEPEND="${DEPEND}
sys-apps/systemd
"
# no source directory
S="${WORKDIR}"
# Remove entry from /etc/group
#
# $1 - Group name
@ -95,23 +99,16 @@ pkg_setup() {
}
src_install() {
insinto /etc
#doins "${FILESDIR}"/sysctl.conf || die
dodir /usr/lib/sysctl.d
insinto /usr/lib/sysctl.d
newins "${FILESDIR}"/sysctl.conf ${PN}.conf
insinto /etc/profile.d
doins "${FILESDIR}"/xauthority.sh || die
insinto /lib/udev/rules.d
doins "${FILESDIR}"/udev-rules/*.rules || die
# target-specific fun
if ! use cros_host ; then
# Add a /srv directory for mounting into later
dodir /srv
keepdir /srv
dodir /bin /usr/bin
# target-specific fun
if ! use cros_host ; then
# Make mount work in the way systemd prescribes
dosym /proc/mounts /etc/mtab
@ -132,24 +129,12 @@ src_install() {
insinto /etc/vim
doins "${FILESDIR}"/vimrc
# Symlink /etc/localtime to something on the stateful partition, which we
# can then change around at runtime.
# Symlink /etc/localtime to something on the stateful partition,
# which we can then change around at runtime.
dosym /var/lib/timezone/localtime /etc/localtime || die
# We use mawk in the target boards, not gawk.
dosym mawk /usr/bin/awk || die
# We want dash as our main shell.
#dosym dash /bin/sh
# Avoid the wrapper and just link to the only editor we have.
#dodir /usr/libexec
#dosym /usr/bin/vim /usr/libexec/editor || die
#dosym /bin/more /usr/libexec/pager || die
# Custom login shell snippets.
insinto /etc/profile.d
doins "${FILESDIR}"/cursor.sh
fi
# Add a sudo file for the core use
@ -180,41 +165,41 @@ pkg_postinst() {
# Add a chronos-access group to provide non-chronos users,
# mostly system daemons running as a non-chronos user, group permissions
# to access files/directories owned by chronos.
local system_access_user="core-access"
local system_access_id="1001"
# local system_access_user="core-access"
# local system_access_id="1001"
local crypted_password='*'
[ -r "${SHARED_USER_PASSWD_FILE}" ] &&
crypted_password=$(cat "${SHARED_USER_PASSWD_FILE}")
remove_user "${system_user}"
add_user "${system_user}" "x" "${system_id}" \
"${system_id}" "system_user" "${system_home}" /bin/sh
"${system_id}" "system_user" "${system_home}" /bin/bash
remove_shadow "${system_user}"
add_shadow "${system_user}" "${crypted_password}"
copy_or_add_group "${system_user}" "${system_id}"
copy_or_add_daemon_user "${system_access_user}" "${system_access_id}"
# copy_or_add_daemon_user "${system_access_user}" "${system_access_id}"
copy_or_add_daemon_user "messagebus" 201 # For dbus
copy_or_add_daemon_user "syslog" 202 # For rsyslog
copy_or_add_daemon_user "ntp" 203
copy_or_add_daemon_user "sshd" 204
copy_or_add_daemon_user "polkituser" 206 # For policykit
# copy_or_add_daemon_user "polkituser" 206 # For policykit
# copy_or_add_daemon_user "tss" 207 # For trousers (TSS/TPM)
copy_or_add_daemon_user "pkcs11" 208 # For pkcs11 clients
# copy_or_add_daemon_user "pkcs11" 208 # For pkcs11 clients
# copy_or_add_daemon_user "qdlservice" 209 # for QDLService
# copy_or_add_daemon_user "cromo" 210 # For cromo (modem manager)
# copy_or_add_daemon_user "cashew" 211 # Deprecated, do not reuse
copy_or_add_daemon_user "ipsec" 212 # For strongswan/ipsec VPN
# copy_or_add_daemon_user "ipsec" 212 # For strongswan/ipsec VPN
# copy_or_add_daemon_user "cros-disks" 213 # For cros-disks
copy_or_add_daemon_user "tor" 214 # For tor (anonymity service)
copy_or_add_daemon_user "tcpdump" 215 # For tcpdump --with-user
copy_or_add_daemon_user "debugd" 216 # For debugd
copy_or_add_daemon_user "openvpn" 217 # For openvpn
# copy_or_add_daemon_user "tor" 214 # For tor (anonymity service)
# copy_or_add_daemon_user "tcpdump" 215 # For tcpdump --with-user
# copy_or_add_daemon_user "debugd" 216 # For debugd
# copy_or_add_daemon_user "openvpn" 217 # For openvpn
# copy_or_add_daemon_user "bluetooth" 218 # For bluez
# copy_or_add_daemon_user "wpa" 219 # For wpa_supplicant
# copy_or_add_daemon_user "cras" 220 # For cras (audio)
# copy_or_add_daemon_user "gavd" 221 # For gavd (audio) (deprecated)
copy_or_add_daemon_user "input" 222 # For /dev/input/event access
# copy_or_add_daemon_user "input" 222 # For /dev/input/event access
# copy_or_add_daemon_user "chaps" 223 # For chaps (pkcs11)
copy_or_add_daemon_user "dhcp" 224 # For dhcpcd (DHCP client)
# copy_or_add_daemon_user "tpmd" 225 # For tpmd
@ -225,33 +210,15 @@ pkg_postinst() {
# copy_or_add_daemon_user "devbroker" 230 # For permission_broker
# copy_or_add_daemon_user "xorg" 231 # For Xorg
copy_or_add_daemon_user "etcd" 232 # For etcd
# Reserve some UIDs/GIDs between 300 and 349 for sandboxing FUSE-based
# filesystem daemons.
copy_or_add_daemon_user "docker" 233 # For docker
copy_or_add_group "systemd-journal" 248 # For journalctl access
copy_or_add_group "dialout" 249 # For udev rules
# copy_or_add_daemon_user "ntfs-3g" 300 # For ntfs-3g prcoess
# copy_or_add_daemon_user "avfs" 301 # For avfs process
# copy_or_add_daemon_user "fuse-exfat" 302 # For exfat-fuse prcoess
# copy_or_add_group "serial" 402
# Users which require access to PKCS #11 cryptographic services must be
# in the pkcs11 group.
remove_all_users_from_group pkcs11
add_users_to_group pkcs11 root ipsec "${system_user}"
# All users accessing opencryptoki database files and all users for
# sandboxing FUSE-based filesystem daemons need to be in the
# ${system_access_user} group.
remove_all_users_from_group "${system_access_user}"
add_users_to_group "${system_access_user}" root ipsec "${system_user}" \
# Dedicated group for owning access to serial devices.
copy_or_add_group "serial" 402
add_users_to_group "serial" "${system_user}"
add_users_to_group "serial" "uucp"
# Some default directories. These are created here rather than at
# install because some of them may already exist and have mounts.
for x in /dev /home /media \
/proc /root /sys /var/lock; do
[ -d "${ROOT}/$x" ] && continue
install -d --mode=0755 --owner=root --group=root "${ROOT}/$x"
done
# Give the core user access to some system tools
add_users_to_group "docker" "${system_user}"
add_users_to_group "systemd-journal" "${system_user}"
}

7
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/cursor.sh vendored
View File

@ -1,7 +0,0 @@
# We disable vt cursors by default on the kernel command line
# (so that it doesn't flash when doing boot splash and such).
#
# Re-enable it when launching a login shell. This should only
# happen when logging in via vt or crosh or ssh and those are
# all fine. Login shells shouldn't get launched normally.
setterm -cursor on

1
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/include-coreos-auth vendored
View File

@ -1 +0,0 @@
auth include coreos-auth

83
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/sysctl.conf vendored
View File

@ -1,69 +1,13 @@
# /etc/sysctl.conf
#
# For more information on how this file works, please see
# the manpages sysctl(8) and sysctl.conf(5).
#
# In order for this file to work properly, you must first
# enable 'Sysctl support' in the kernel.
#
# Look in /proc/sys/ for all the things you can setup.
#
# sysctl defaults for CoreOS
#
# Original Gentoo settings:
#
# Enable IPv4 forwarding to support NAT in containers
net.ipv4.ip_forward = 1
# Disables packet forwarding
net.ipv4.ip_forward = 0
# Disables IP dynaddr
#net.ipv4.ip_dynaddr = 0
# Disable ECN
#net.ipv4.tcp_ecn = 0
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Enable reverse path
net.ipv4.conf.all.rp_filter = 1
# Enable SYN cookies (yum!)
# http://cr.yp.to/syncookies.html
#net.ipv4.tcp_syncookies = 1
# Disable source route
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.default.accept_source_route = 0
# Disable redirects
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
# Disable secure redirects
#net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
# Ignore ICMP broadcasts
#net.ipv4.icmp_echo_ignore_broadcasts = 1
# Perform PLPMTUD only after detecting a "blackhole" in old-style PMTUD
net.ipv4.tcp_mtu_probing = 1
# Disables the magic-sysrq key
#kernel.sysrq = 0
# When the kernel panics, automatically reboot in 3 seconds
#kernel.panic = 3
# Allow for more PIDs (cool factor!); may break some programs
#kernel.pid_max = 999999
# You should compile nfsd into the kernel or add it
# to modules.autoload for this to work properly
# TCP Port for lock manager
#fs.nfs.nlm_tcpport = 0
# UDP Port for lock manager
#fs.nfs.nlm_udpport = 0
#
# ChromeOS specific settings:
#
# Set watchdog_thresh
kernel.watchdog_thresh = 5
# When the kernel panics, automatically reboot to preserve dump in ram
@ -71,26 +15,5 @@ kernel.panic = -1
# Reboot on oops as well
kernel.panic_on_oops = 1
# Disable shrinking the cwnd when connection is idle
net.ipv4.tcp_slow_start_after_idle = 0
# Protect working set in order to avoid thrashing.
# See http://crosbug.com/7561 for details.
vm.min_filelist_kbytes = 50000
# Allow full memory overcommit as we rather close or kill tabs than
# refuse memory to arbitrary core processes.
vm.overcommit_memory = 1
# Use laptop mode settings always
vm.dirty_background_ratio = 1
vm.dirty_expire_centisecs = 60000
vm.dirty_ratio = 60
vm.dirty_writeback_centisecs = 60000
vm.laptop_mode = 0
# Disable kernel address visibility to non-root users.
kernel.kptr_restrict = 1
# Increase shared memory segment limit for plugins rendering large areas
kernel.shmmax = 134217728

9
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/55-serial.rules vendored
View File

@ -1,9 +0,0 @@
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
KERNEL=="tty[A-Z]*[0-9]", GROUP="serial"
# Don't allow access to serial interfaces on Gobi modems.
KERNEL=="tty[A-Z]*[0-9]", ID_USB_DRIVER=="qcserial", GROUP="root"
# Don't allow access to serial interfaces on Novatel modems.
KERNEL=="tty[A-Z]*[0-9]", ID_USB_DRIVER=="option", GROUP="root"

5
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-i2c.rules vendored
View File

@ -1,5 +0,0 @@
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
KERNEL=="i2c-[0-9]", GROUP="i2c"

8
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/udev-rules/99-usb-printer.rules vendored
View File

@ -1,8 +0,0 @@
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
ACTION=="add", SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="07", ATTRS{idProduct}=="*", \
PROGRAM="/usr/bin/dbus-send --system --type=method_call --dest=org.chromium.LibCrosService \
/org/chromium/LibCrosService org.chromium.LibCrosServiceInterface.PrinterAdded \
string:$attr{idVendor} string:$attr{idProduct}"

1
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/files/xauthority.sh vendored
View File

@ -1 +0,0 @@
export XAUTHORITY="/home/chronos/.Xauthority"