app-containers/lxc: Sync with Gentoo

It's from Gentoo commit 4626e45f0c88b064e96086b8233fce620a9a2da9. Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-05-05 04:06:33 +02:00 · 2026-03-02 07:23:28 +00:00 · 2026-03-02 07:23:28 +00:00 · af72a2e36f
commit af72a2e36f
parent 7f34a5a425
4 changed files with 204 additions and 1 deletions
--- a/sdk_container/src/third_party/portage-stable/app-containers/lxc/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/Manifest
@ -6,3 +6,5 @@ DIST lxc-6.0.4.tar.gz 964064 BLAKE2B f8911993ce333300e68fe3d817cceb49d6c18f83e5f
 DIST lxc-6.0.4.tar.gz.asc 833 BLAKE2B 4600373e9534515fe3ec0c41ebe5b17ee8c4e7ab125e3a211ed300f0fdd79a04a9c183b903e1b6600d7b7ce4d9f2e66451326c473beb02b4a83a7200764e56e7 SHA512 2efe6e06b33a34fdf7ba1393b5e07aa1a18f189b2e43673b4f9bbdc7cf0fcb9ad47b99ebbd08e910e139047d54b1104f098cbbef586796767b9dd1a4a99ca748
 DIST lxc-6.0.5.tar.gz 958966 BLAKE2B 74ee775f8a23467049f38f0973a24eb12b34b7c758549294342470b7b6b8e95eaef118c493f62b6394c435a5c86389fde4454199107e90743dd40d3a5bf373fd SHA512 3674397e789ed9eda7e37d4e22c42ab02687c0ab6a12f6c234a3393bdfb3f048aa0ded419c5c2f435d653d3dd70f47ae19d28b7a46838f12004d00b05c54a26d
 DIST lxc-6.0.5.tar.gz.asc 833 BLAKE2B ac1480c0b5588b290ab1ec81bf7bf85990df98a650832363529e9ede8afb7594bd21b58a4a79e7fe9519c381d4860d7a33f4090582612ffff7c448c77e641929 SHA512 8c28da0ebc280ae491bab815105f3c58f2c9cd742586ce86f9b1d2032724db4893811d689f7278bfc8c5570dc45ca6071e4c25b77647d762c77eca59249a15b5
+DIST lxc-6.0.6.tar.gz 963412 BLAKE2B 3bd9575f4c1a4b96ce5bea767e6a6b3c15a3021c62ebaf7421065ca55d2093ca467a8e9e86ce5d8316dab4fc9cde0c96dc1acedb73ccf167bd5c3e5484e5ceff SHA512 1d28aa749711be8a439de5e76019960d78e21bf576724bce7e8973ba4f6a3995c040cdc184e3c3a30814eb4cd2daec6851d26422c7d6d9d64ccd95add6c2eb30
+DIST lxc-6.0.6.tar.gz.asc 833 BLAKE2B 622a7c53629b3e5117bad956923824662073955ca8c6b3c6fba61b9d37c3b76fa48d55ecfd460fad4a5fe88c074264ad4c97b4193342d9c3a5fa322814a212fd SHA512 3ddaf0796e6888c15a5124141439ffa09c2d611f185cf3c8b2106eea530485a013846548bf9bd5ea9d0b69ee52aad2de9281b293a323ba2510db925c38cce98f
--- a/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-6.0.5-fix-openat2-include-typo.patch
+++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/files/lxc-6.0.5-fix-openat2-include-typo.patch
@ -0,0 +1,25 @@
+From 511e4db8f2a5b47cdd41eef482647492ce5b0f77 Mon Sep 17 00:00:00 2001
+From: Joonas Niilola <juippis@gentoo.org>
+Date: Sun, 15 Feb 2026 17:42:39 +0200
+Subject: [PATCH] meson.build: fix openat2 include typo, fix with glibc-2.43
+ +FORTIFY
+
+Closes: https://github.com/lxc/lxc/issues/4641
+Signed-off-by: Joonas Niilola <juippis@gentoo.org>
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index eef4e6900c..df40d7516a 100644
+--- a/meson.build
+++ b/meson.build
+@@ -571,7 +571,7 @@ foreach ident: [
+     ['move_mount',        '''#include <sys/mount.h>'''],
+     ['openat2',           '''#include <sys/types.h>
+                              #include <sys/stat.h>
+-                             #include <fctnl.h>'''],
+                             #include <fcntl.h>'''],
+     ['open_tree',         '''#include <sys/mount.h>'''],
+     ['personality',       '''#include <sys/personality.h>'''],
+     ['pidfd_open',        '''#include <stdlib.h>
--- a/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.5.ebuild
@ -1,4 +1,4 @@
-# Copyright 2022-2025 Gentoo Authors
+# Copyright 2022-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=8
@ -72,6 +72,8 @@ VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc

 DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt )

+PATCHES=( "${FILESDIR}"/lxc-6.0.5-fix-openat2-include-typo.patch )
+
 pkg_setup() {
 	linux-info_pkg_setup
 }
--- a/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.6.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/lxc/lxc-6.0.6.ebuild
@ -0,0 +1,174 @@
+# Copyright 2022-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig
+
+DESCRIPTION="A userspace interface for the Linux kernel containment features"
+HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
+	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
+
+LICENSE="GPL-2 LGPL-2.1 LGPL-3" # LGPL-2.1+ is listed, but it's covered by "LGPL-3"
+SLOT="0/1.606" # SONAME liblxc.so.1 + ${PV//./} _if_ breaking ABI change while bumping.
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+IUSE="apparmor +caps doc examples io-uring man pam seccomp selinux ssl systemd test +tools"
+
+RDEPEND="acct-group/lxc
+	acct-user/lxc
+	apparmor? ( sys-libs/libapparmor )
+	caps? ( sys-libs/libcap )
+	io-uring? ( >=sys-libs/liburing-2:= )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	ssl? ( dev-libs/openssl:0= )
+	systemd? (
+		sys-apps/dbus
+		sys-apps/systemd:=
+	)
+	tools? ( sys-libs/libcap )"
+DEPEND="${RDEPEND}
+	caps? ( sys-libs/libcap[static-libs] )
+	tools? ( sys-libs/libcap[static-libs] )
+	sys-kernel/linux-headers"
+BDEPEND="virtual/pkgconfig
+	doc? ( app-text/doxygen )
+	man? ( app-text/docbook2X )
+	verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
+
+RESTRICT="!test? ( test )"
+
+CONFIG_CHECK="~!NETPRIO_CGROUP
+	~CGROUPS
+	~CGROUP_CPUACCT
+	~CGROUP_DEVICE
+	~CGROUP_FREEZER
+
+	~CGROUP_SCHED
+	~CPUSETS
+	~IPC_NS
+	~MACVLAN
+
+	~MEMCG
+	~NAMESPACES
+	~NET_NS
+	~PID_NS
+
+	~POSIX_MQUEUE
+	~USER_NS
+	~UTS_NS
+	~VETH"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
+ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
+
+DOCS=( AUTHORS MAINTAINERS README.md doc/FAQ.txt )
+
+pkg_setup() {
+	linux-info_pkg_setup
+}
+
+src_configure() {
+
+	# -Dtools-multicall=false: will create a single binary called 'lxc' that conflicts with LXD.
+	local emesonargs=(
+		--localstatedir "${EPREFIX}/var"
+
+		-Dcoverity-build=false
+		-Dinstall-state-dirs=false
+		-Doss-fuzz=false
+		-Dspecfile=false
+		-Dtools-multicall=false
+
+		-Dcommands=true
+		-Dinstall-init-files=true
+		-Dmemfd-rexec=true
+		-Dthread-safety=true
+
+		$(meson_use apparmor)
+		$(meson_use caps capabilities)
+		$(meson_use doc api-docs)
+		$(meson_use examples)
+		$(meson_use io-uring io-uring-event-loop)
+		$(meson_use man)
+		$(meson_use pam pam-cgroup)
+		$(meson_use seccomp)
+		$(meson_use selinux)
+		$(meson_use ssl openssl)
+		$(meson_use test tests)
+		$(meson_use tools)
+
+		$(usex systemd -Ddbus=true -Ddbus=false)
+		$(usex systemd -Dinit-script="systemd" -Dinit-script="openrc")
+
+		-Ddata-path=/var/lib/lxc
+		-Ddoc-path=/usr/share/doc/${PF}
+		-Dlog-path=/var/log/lxc
+		-Drootfs-mount-path=/var/lib/lxc/rootfs
+		-Druntime-path=/run
+	)
+
+	use tools && local emesonargs+=( -Dcapabilities=true )
+
+	meson_src_configure
+}
+
+src_install() {
+	if use doc ; then
+		local HTML_DOCS=( "${BUILD_DIR}/html/"* )
+	fi
+	meson_src_install
+
+	# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
+	local lxcbashcompdir="${D}/$(get_bashcompdir)"
+	mkdir -p "${lxcbashcompdir}" || die "Failed to create bashcompdir."
+	mv "${lxcbashcompdir}"/_lxc "${lxcbashcompdir}"/lxc-start || die "Failed to move _lxc bash completion file."
+
+	# Build system will install all bash completion files regardless of our 'tools' use flag.
+	# Though installing them all will add bash completions for commands that don't exist, it's
+	# cleaner than dealing with individual files based on the use flag status.
+	bashcomp_alias lxc-start lxc-{attach,autostart,cgroup,checkpoint,config,console,copy,create,destroy,device,execute,freeze,info,ls,monitor,snapshot,stop,top,unfreeze,unshare,update-config,usernsexec,wait}
+
+	find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die
+
+	# Replace upstream systemd files.
+	if use systemd ; then
+		rm -r "${D}$(systemd_get_systemunitdir)" || die "Failed to remove systemd lib dir"
+	else
+		# The openrc files aren't installed with correct permissions.
+		fperms 0755 /etc/init.d/lxc-{containers,net}
+	fi
+
+	newinitd "${FILESDIR}/${PN}.initd.9" ${PN}
+	systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service
+	systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service
+	systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service
+	systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service"
+
+	if ! use apparmor; then
+		sed -i '/lxc-apparmor-load/d' "${D}$(systemd_get_systemunitdir)/lxc.service" ||
+			die "Failed to remove apparmor references from lxc.service systemd unit."
+	fi
+}
+
+pkg_postinst() {
+	elog "Please refer to "
+	elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide."
+	elog
+	elog "Run 'lxc-checkconfig' to see optional kernel features."
+	elog
+
+	optfeature "creating your own LXC containers" app-containers/distrobuilder
+	optfeature "automatic template scripts" app-containers/lxc-templates
+	optfeature "Debian-based distribution container image support" dev-util/debootstrap
+	optfeature "snapshot & restore functionality" sys-process/criu
+}