improved LXC support

devrandom · devrandom · commit af56f89a6acf · 2015-05-16T20:48:18.000-07:00
fixes #86
diff --git a/RELEASE_NOTES b/RELEASE_NOTES
@@ -1,3 +1,11 @@
+2015-05-16
+----------
+
+LXC support has been revamped:
+
+* debootstrap is now used directly, so that no kernel or grub packages are installed
+* an attempt has been made to eliminate cases where an update of a package can fail because the container is missing a real init/upstart process
+
 2015-03-23
 ----------
 
diff --git a/bin/make-base-vm b/bin/make-base-vm
@@ -74,7 +74,13 @@ if [ $ARCH = "amd64" -a $SUITE = "hardy" ]; then
   FLAVOUR=server
 fi
 
-addpkg=openssh-server,pciutils,build-essential,git-core,subversion,lxc,linux-image-generic
+addpkg=pciutils,build-essential,git-core,subversion
+
+if [ $LXC = "1" ]; then
+  addpkg=$addpkg,lxc
+else
+  addpkg=$addpkg,linux-image-generic,grub-pc,openssh-server
+fi
 
 # Remove cron to work around vmbuilder issue when umounting /dev on target
 removepkg=cron
@@ -99,26 +105,40 @@ if [ $VBOX = "1" ]; then
   exit 0
 fi
 
-if [ -e $OUT.qcow2 ]; then
-  echo $OUT.qcow2 already exists, please remove it first
-  exit 1
+if [ $LXC = "1" ]; then
+  if [ -e $OUT ]; then
+    echo $OUT already exists, please remove it first
+    #exit 1
+  fi
+else
+  if [ -e $OUT.qcow2 ]; then
+    echo $OUT.qcow2 already exists, please remove it first
+    exit 1
+  fi
 fi
 
-libexec/config-bootstrap-fixup
-rm -rf $OUT
-env -i LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 sudo vmbuilder kvm ubuntu --rootsize 10240 --arch=$ARCH --suite=$SUITE --addpkg=$addpkg --removepkg=$removepkg --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=$MIRROR --security-mirror=$SECURITY_MIRROR --dest=$OUT --flavour=$FLAVOUR --firstboot=`pwd`/target-bin/bootstrap-fixup
-mv $OUT/*.qcow2 $OUT.qcow2
-rm -rf $OUT
-
 if [ $LXC = "1" ]; then
-    #sudo debootstrap --include=$addpkg --arch=$ARCH $SUITE $OUT-root $MIRROR
-    echo Extracting partition for lxc
-    qemu-img convert $OUT.qcow2 $OUT.raw
-    loop=`sudo kpartx -av $OUT.raw|sed -n '/loop.p1/{s/.*loop\(.\)p1.*/\1/;p}'`
-    sudo cp --sparse=always /dev/mapper/loop${loop}p1 $OUT
-    sudo chown $USER $OUT
-    sudo kpartx -d /dev/loop$loop
-    rm -f $OUT.raw
+    sudo rm -rf $OUT-bootstrap
+    # Need universe for lxc in lucid
+    env -i LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 sudo debootstrap --arch=$ARCH --include=$addpkg --exclude=$removepkg --components=main,universe $SUITE $OUT-bootstrap $MIRROR
+    dd if=/dev/zero of=$OUT-lxc bs=1M count=1 seek=10240
+    mkfs.ext4 $OUT-lxc
+    t=`mktemp -d gitian.XXXXXXXX`
+    sudo mount $OUT-lxc $t
+    sudo cp -a $OUT-bootstrap/* $t
+    sudo umount $t
+    rmdir $t
+
+    sudo rm -rf $OUT-bootstrap
+    mv $OUT-lxc $OUT
     # bootstrap-fixup is done in libexec/make-clean-vm
+else
+    libexec/config-bootstrap-fixup
+
+    rm -rf $OUT
+    env -i LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 sudo vmbuilder kvm ubuntu --rootsize 10240 --arch=$ARCH --suite=$SUITE --addpkg=$addpkg --removepkg=$removepkg --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=$MIRROR --security-mirror=$SECURITY_MIRROR --dest=$OUT --flavour=$FLAVOUR --firstboot=`pwd`/target-bin/bootstrap-fixup
+    mv $OUT/*.qcow2 $OUT.qcow2
+    rm -rf $OUT
+    # bootstrap-fixup is done on first boot
 fi
 
diff --git a/etc/lxc.config.in b/etc/lxc.config.in
@@ -32,3 +32,4 @@ lxc.network.type = veth
 lxc.network.flags = up
 lxc.network.link = GUESTLINK
 lxc.network.ipv4 = GUESTIP/24
+lxc.utsname = gitian
diff --git a/libexec/gconfig b/libexec/gconfig
@@ -1,4 +1,9 @@
 VM_SSH_PORT=2223
 if [ -z "$LXC_EXECUTE" ]; then
-  LXC_EXECUTE=lxc-start
+  ver=`lxc-start --version`
+  if dpkg --compare-versions $ver ge 1.1.0 ; then
+    LXC_EXECUTE=lxc-execute
+  else
+    LXC_EXECUTE=lxc-start
+  fi
 fi
diff --git a/target-bin/bootstrap-fixup.in b/target-bin/bootstrap-fixup.in
@@ -5,4 +5,17 @@ set -e
 . /etc/lsb-release
 
 echo "deb http://HOSTIP:3142/archive.ubuntu.com/ubuntu $DISTRIB_CODENAME main universe" > $1/etc/apt/sources.list
+echo "deb http://HOSTIP:3142/security.ubuntu.com/ubuntu $DISTRIB_CODENAME-security main universe" >> $1/etc/apt/sources.list
 echo "deb http://HOSTIP:3142/archive.ubuntu.com/ubuntu $DISTRIB_CODENAME-updates main universe" >> $1/etc/apt/sources.list
+echo '127.0.1.1 gitian' >> /etc/hosts
+
+# If LXC
+if grep /lxc/gitian /proc/1/cgroup > /dev/null; then
+  apt-get remove -y rsyslog
+  dpkg-divert --local --rename --add /sbin/initctl
+  ln -s /bin/true /sbin/initctl
+  dpkg-divert --local --rename --add /usr/bin/ischroot
+  ln -s /bin/true /usr/bin/ischroot
+  echo lxc hold | dpkg --set-selections || true
+  echo cgmanager hold | dpkg --set-selections || true
+fi
diff --git a/target-bin/upgrade-system.sh b/target-bin/upgrade-system.sh
@@ -9,9 +9,6 @@ mkdir -p /var/cache/gitian
 # remove obsolete grub, it causes package dependency issues
 apt-get -q -y purge grub > /dev/null 2>&1 || true
 
-# prevent upgrade of grub-pc, it fails to find a boot drive in lxc containers
-echo grub-pc hold | dpkg --set-selections || true
-
 # upgrade packages
 DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade > /dev/null > /var/cache/gitian/upgrade.log 2>&1
 
