Added upstream patch to fix starting containers with complex hooks.
No existing patches needed to be rebased/simple version bump to 6.0.4.
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
Users running unprivileged containers will need to create
/etc/subgid and /etc/subuid and want to have them preserved
across updates. This commit adds them to the default backup set.
Signed-off-by: John Audia <therealgraysky@proton.me>
Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Modified 025-remove-unsupported-option.patch to both remove
the bsdtar command as it ends in errors, see below, and to
circumvent an error when extracting to overlayfs[1].
Error when extracting rootfs tarball with bsdtar:
tar --absolute-names --numeric-owner '--xattrs-include=*' -xpJf /var/cache/lxc//download/archlinux/current/amd64//default/rootfs.tar.xz -C /mnt/data/lxc/test/rootfs
./usr/bin/newgidmap: Cannot restore extended attributes on this system: Illegal byte sequence
lxc-create: test: ../src/lxc/lxccontainer.c: create_run_template: 1589 Failed to create container from template
lxc-create: test: ../src/lxc/tools/lxc_create.c: lxc_create_main: 318 Failed to create container test
1. https://github.com/openwrt/openwrt/issues/15888
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Add gnu-tar as a dependency for lxc-create which is needed to
properly extract the root file system tarball. Without it,
symlink target of /bin/tar is busybox and it lacks proper
support to extract with xattrs. The default gnu-tar is actually
built without this support as well, but it is able to extract
the rootfs tarballs with a warning not an error which is not the
case with busybox which ends in an error.
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Several deps are missing based the output of lxc-checkconfig shown below
before this commit is applied.
CONFIG_IP_NF_TARGET_MASQUERADE and CONFIG_IP6_NF_TARGET_MASQUERADE are
only needed for lxc-net which we do not package.
% lxc-checkconfig | grep missing
Cgroup device: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
FUSE (for use with lxcfs): missing
checkpoint restore: missing
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
Additionally, two new patches have been added which remove checks for
options that OpenWrt currently does not package and can serve are
false positives for missing items from our kernel config, namely:
lxc-net and lxc-checkpoint
After applying this commit, below is the output showing that the kernel
config[1] should pass all tests for functionality:
% CONFIG=config ./lxc-checkconfig
LXC version 6.0.3
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Namespace limits:
cgroup: 383849
ipc: 383849
mnt: 383849
net: 383849
pid: 383849
time: 383849
user: 383849
uts: 383849
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
- /sys/fs/cgroup
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
1. Generated on 23-Feb-2025 running bcm27xx/bcm2712 on r28869+1
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches needed to be rebased/simple version bump.
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
No patches needed to be rebased, simple version bump.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://discuss.linuxcontainers.org/t/lxc-6-0-lts-has-been-released/19567
Required libdbus as a depends for liblxc. I verified that both
lxc-create and lxc-checkconfig work with the rebases to the
following patches but do please review:
020-lxc-checkconfig.patch
025-remove-unsupported-option.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
The default runtime directory used by LXC is /run which doesn't exist
in OpenWrt. It causes errors like:
Failed to create lock for foo
lxc-create: foo: tools/lxc_create.c: main: 260 Failed to create lxc container
There has been workaround for that in the lxc-auto.init but it requires
installing "lxc-auto" package. Replacing that "ln -s" workaround with
Makefile specifying RUNTIME_PATH define allows using pure "lxc" in
OpenWrt (without the "lxc-auto").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Bump to latest and update Makefile to use meson which is upstream's standard.
Deleted unneeded 010-Remove-distro-check.patch (reference to configure).
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
originally committed in 2cde10b950
reverted in 039912dec5
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
The postinst script is sourced during image build, which causes the
follow failure:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-x86_64_musl/root-x86/etc/init.d/lxc-auto: line 3: /lib/functions.sh: No such file or directory
postinst script ./usr/lib/opkg/info/lxc-auto.postinst has failed with exit code 1
Sourcing /lib/functions.sh is not needed, as /etc/rc.common does so
already. Unfortunately removing that line from the init script is not
enough to fix the problem. The postinst script should also check
IPKG_INSTROOT. As these two changes are unrelated, they should go in
separate commits, and the solution to the image build problem is to
revert the commit that introduced the breakage.
This reverts commit 2cde10b950.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
otherwise, a user would have to either manually run /etc/init.d/lxc-auto
boot or reboot the system to start using lxc.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Bump to latest upstream release and rebase:
010-Remove-distro-check.patch
025-remove-unsupported-option.patch
After updating ran `make package/lxc/refresh` to clean dirty patches
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <graysky@archlinux.us>
Remove getline patch. It seems to be for uClibc, which is no longer in
the tree.
Remove commands patch. Issue was fixed upstream. Same with the tests
patch.
Remove gpg patch. It's an upstream backport.
Refreshed others.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This fixes compiling lxc without seccomp support if libseccomp is
already installed to the staging dir. Patches were applied upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Marijan Svalina <marijan.svalina@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Otherwise one gets a failure if the libraries (e.g. Python
header file) exist in the build system. Worse in some cases
is host headers being found if one doesn't specifically
disable a library search in autotools. It is especially
important that Python is disabled by default.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
LXC requires newuidmap and newguidmap with SUID to run unprivileged
containers. This package should help users make sure they are available.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Previous versions of LXC never compiled in gnutls support due to a bug in the
configure script. As other TLS implementations are not supported and the feature
was disabled in previous builds, disable it during configure.
See https://github.com/lxc/lxc/pull/1360 for details regarding the bug in the
autoconf of the previous versions.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
This is the first bugfix release for LXC 2.1. Full list of changes can
be found here:
https://linuxcontainers.org/lxc/news/
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Bump LXC package from 1.1.5 to 2.1.0. Version 2.x includes many
improvements and optimizations.
https://linuxcontainers.org/lxc/news/
Some tools like lxc-top are rewritten in C and are no longer broken and
dependent on lua.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Normally LXC uses /var/lib, but due to hack OpenWRT employs this is not an
option. But instead of introducing new top-level directory, FSH compatible /srv
can be used.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
seccomp was unconditionally disabled before.
Also a non-escaped newline in a place where it should be escaped
made the build process skip some CONFIGURE_ARGS.
Fix CONFIGURE_ARGS and add an option to allow building with seccomp.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
John Audia