Skip to content


Subversion checkout URL

You can clone with
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
Commits on Jan 01, 2001
Walter Stanish Move network configuration notes external to script; discourage DHCP/…
…VLAN configs
Commits on Nov 18, 2012
@PoPoutdoor PoPoutdoor Update: Suppress error message for device creation
2>&1 is the standard way for bash
Commits on Nov 19, 2012
@PoPoutdoor PoPoutdoor Merge remote-tracking branch 'upstream/master' 5ec3a47
@PoPoutdoor PoPoutdoor Update Suppress error message code 1ec2d0e
Commits on Nov 22, 2012
@globalcitizen globalcitizen Merge pull request #35 from PoPoutdoor/master
Update suppress error message code
@globalcitizen globalcitizen Comment fix 08af8a1
Commits on Nov 25, 2012
@globalcitizen globalcitizen Add information on recent KERNEXEC / CAP_NET_ADMIN vulnerability ac2c79f
@globalcitizen globalcitizen Add information on recent KERNEXEC / CAP_NET_ADMIN vulnerability 54c6ef2
@globalcitizen globalcitizen Fix typo ff750f0
Commits on Dec 02, 2012
Guillaume ZITTA Don't think i686 is a subarch of amd64 :) 3103a2b
Guillaume ZITTA separate fetch process 9070106
Guillaume ZITTA fix typo 3232ffe
Guillaume ZITTA fix another misplaced space df131e5
@globalcitizen globalcitizen Merge pull request #37 from gza/master
subarch fix, segregate fetch()
Commits on Jan 08, 2013
@globalcitizen globalcitizen Remove redundant old SSH config 326ccc5
Commits on Jan 22, 2013
@globalcitizen globalcitizen Moving to main LXC repo 6d2aee4
Commits on Jan 23, 2013
@globalcitizen globalcitizen Add environment variable for ARCH_VARIANT 9840774
@globalcitizen globalcitizen Rename ARCH_VARIANT to ARCHVARIANT to mirror SUBARCH naming style 488b352
@globalcitizen globalcitizen Change default variant to hardened+nomultilib (pain to type, easier t…
…o backspace or CTRL+U!)
@globalcitizen globalcitizen Revert "Change default variant to hardened+nomultilib (pain to type, …
…easier to backspace or CTRL+U!)"

This reverts commit 79b647e.
@globalcitizen globalcitizen Improve interface name documentation. 9eae86d
@globalcitizen globalcitizen Greatly improve error-handling, better output, indentation, syntax 0409b37
@globalcitizen globalcitizen Handle download errors, normalize output. be11c86
@globalcitizen globalcitizen Remove old commented code c7b9ae4
@globalcitizen globalcitizen Improve documentation. a7572da
@globalcitizen globalcitizen Allow environment to override cache location a17f3ec
@globalcitizen globalcitizen Style review finished; license mismatch! c618d59
@globalcitizen globalcitizen Explicit addition of GPLv3 4597e07
@globalcitizen globalcitizen Add results of latest timing experiment 1f0c1ad
@globalcitizen globalcitizen Additional error-checking, normalize existing code to the more concis…
…e form.
@globalcitizen globalcitizen Beginnings of decent usage documentation. e409309
@globalcitizen globalcitizen Typo 31ce2eb
@globalcitizen globalcitizen Summary of changes af92b97
Commits on Jan 24, 2013
@globalcitizen globalcitizen Add --noclear option to agetty (easier debugging) f12144d
@globalcitizen globalcitizen Remove TODO messages (belong in github issues list) d3a235a
@globalcitizen globalcitizen Up to date init fixes 9f9e43b
@globalcitizen globalcitizen Fix usage documentation 5a2db63
@globalcitizen globalcitizen Correctly use OpenRC 'provides' to solve net dependency issue. b9028ef
@globalcitizen globalcitizen Resolve issues around DHCP vs. non-DHCP configuration of containers (…
…non DHCP tested, DHCP not yet tested)
@globalcitizen globalcitizen Document new OpenRC-related fixes. f27320e
@globalcitizen globalcitizen Fix missing ROOTFS in path f3fa671
@globalcitizen globalcitizen Screenshot! 0767cbe
@globalcitizen globalcitizen Add screenshot! 0005836
@globalcitizen globalcitizen Honest assessment b785b6f
@globalcitizen globalcitizen Test HTML table of environment variables d5e7a52
@globalcitizen globalcitizen Table fixes c16abf1
@globalcitizen globalcitizen Test stylistic niceties 45f43af
@globalcitizen globalcitizen Resolve class war 3bf3057
@globalcitizen globalcitizen Dollars prefix ENV a9a5703
@globalcitizen globalcitizen Add $CACHE to environment variables table dccc379
@globalcitizen globalcitizen Improve CACHE description 92e13a2
@globalcitizen globalcitizen Move requirements to top and expand b1ccf2e
@globalcitizen globalcitizen Updates to section bc1e83f
@globalcitizen globalcitizen Final markup tweaks b09ea83
Commits on May 21, 2013
@xen0n xen0n Allow overriding of mirror e296cc8
@globalcitizen globalcitizen Merge pull request #46 from xen0n/override-mirror
Allow overriding of mirror
@globalcitizen globalcitizen Document new MIRROR variable 7abef29
Commits on May 22, 2013
@globalcitizen globalcitizen Update size estimate (130->180MB) 33ac68a
Commits on May 26, 2013
@specing specing Override root's umask with an "always correct" one 1c74df4
Commits on May 27, 2013
@globalcitizen globalcitizen Merge pull request #47 from specing/specing
Override root's umask with an "always correct" one
@specing specing Remove checks for mknod errors (fails if /dev/net/tun already exists) 2e66a05
@specing specing This comment was stating the obvious b2cfbb0
Commits on May 28, 2013
@globalcitizen globalcitizen Merge pull request #48 from specing/specing
Fix a possible populate_dev error
@specing specing Prepare to add support for specifying a custom stage3 archive (variab…
…le, option)
@specing specing Refactor the copying (sigh) phase 545f361
@specing specing /var cache will not be used when we have a tarball cbf148c
@specing specing Will not try fetching when we have a tarball 869dbeb
@specing specing Update README ec589e4
Commits on May 29, 2013
@specing specing Move all blocks asking for download related information together 81670c1
@specing specing Only ask download related questions when a tarball is not present 53b235f
@specing specing Match other code with regard to quoting conditional expressions dad8c2d
Commits on Jun 01, 2013
@globalcitizen globalcitizen Merge pull request #49 from specing/custom_rootfs
Custom rootfs support
@specing specing - use BASH read's prompt capability + use $REPLY rather than polluting
  variable space + use -n var-is-not-empty test flag instead of negating the -z
  var-is-empty flag
@specing specing Use read -s (noecho) and -p message to ask for passphrase 3cadc30
Commits on Jun 02, 2013
@specing specing Replace destroy() with instructions on how to remove a container as i…
…t wasn't working anyway.
@specing specing Make /tmp actually be temporary (tmpfs). 9e99bee
@globalcitizen globalcitizen Merge pull request #53 from specing/misc_fixes
Misc fixes (readline, destroy, tmpfs mount, etc.)
Commits on Jun 06, 2013
@specing specing Rewrite ugly return-value checking code 1dcde1e
@specing specing Refactor fetch_template into stage3 and ptree fetching functions ce59189
@specing specing Use bashisms instead of ifs and make ARCHVARIANT lowercase and local
rationale: ARCHVARIANT is modified for local purpuses only and only
environment variables should ever be uppercase.
@specing specing do the same to STAGE3URL + don't use {} in parameter expansion unless it
is not obvious what is expanded.
@specing specing print a newline because the one after the password gets eaten by noecho d1cbfc4
@specing specing same for STAGE3LATESTSUBPATHURL 4a39c72
@specing specing same for LATEST_STAGE3_SUBPATH
be more informative about what we are downloading
exit immediately on error
@specing specing same for OUTPUT_FILE
make tar autodetect archive compression
@specing specing same for OUTPUT_DIR
+ use Bash internals to determine the directory name instead of calling
external programs.
+ mkdir shouldn't print anything when invoked with -p.
@specing specing same for INPUT_URL 9a8f384
@specing specing Make stage3 downloading more informative 0e69fa2
@specing specing alias wget rather than keeping it in a variable (good coding practices) b23013a
Commits on Jun 08, 2013
@specing specing Remove bz2 -j flag and add -p preserve permissions.
Additionally, tar shouldn't print anything unless something goes wrong,
which the user may be interested it.
@specing specing Useless variable is useless. b0b9950
@specing specing Add execute_exclusively() helper function 3ef0933
@specing specing Not sure whose idea it was to put (), hurts highlighting and variables
set in there are not visible on the outside.
@specing specing mkdir -p doesen't output anything 9b49f0c
@specing specing Sometimes I wonder whose idea it was to supress wget's output... a5d0977
@specing specing It is not really secure to provide an easy to guess/bruteforce root
@specing specing Don't try setting an empty password. be9dfcf
@specing specing Add PORTAGE_SOURCE var. 806f1ba
@specing specing Accept changes to PORTAGE_SOURCE on the command line. 97ddf44
@specing specing PORTAGE: Don't unpack the entire archive in /var/... Instead, unpack the
archive directly into the target VM.
@specing specing STAGE3: Don't keep stage3 filesystems unpacked in /var/... Instead
unpack them when needed, where needed.
@specing specing Add a special value "none" to not set up the portage tree. ea15ee7
@specing specing Fix password handling: defining a password on command line and then
entering blank set the password to blank.
@specing specing Remove the bind mount lie as that would require a custom portage setup 4774818
@specing specing Update README with PORTAGE_SOURCE 6f7a194
@specing specing Remove backslash (used because vim's highlighting broke on _) eba5bce
@specing specing use fetch_stage3 and fetch_portage directly in fetch(). 67a82c4
@specing specing Remove the now-defunct fetch_template function. d92b514
@specing specing Remove unused $TEMPLATE 2050f71
Commits on Jun 09, 2013
@globalcitizen globalcitizen Merge pull request #55 from specing/fetch_fixes
Fetch fixes
Commits on Jun 10, 2013
@specing specing Add the die() helper function. a1bc059
@specing specing Move portage manipulation into its own function 84873c6
@specing specing Add informational messages and error checking. 035d772
@specing specing Relocate the portage tree into /var/portage/tree and adjust accordingly. 7f1a9e8
@specing specing Add bind mount support for the portage tree (from the host) 7ebdc06
@specing specing Document this shiny new feature. 8392efe
@specing specing Relocate the portage temporary directory. 6c0c099
@specing specing Move builds to tmpfs 5416563
@globalcitizen globalcitizen Merge pull request #56 from specing/portage
Portage rework
Commits on Jun 13, 2013
@specing specing I think this style is better/more readable 75568e5
@specing specing Add recommended return code table 91ee9db
@specing specing Use die() in error checking on return from subroutines c5f681b
@specing specing Remove purging code as per issue #57 8115762
@specing specing This script is distro-specific enough. bb95a6b
@specing specing Make portage build binary packages by default & save logs. 97a742f
@specing specing Write network configuration help even if we are running dhcp. ff3e76b
Commits on Jun 14, 2013
@specing specing cleanup the mess that was populate_dev(). b1d0d23
@specing specing Remove catalyst spam. 9f7f341
@specing specing Move comment to where it belongs f93fef4
@specing specing Don't fetch the stage3 if it is already present in cache. 8a545c5
@specing specing Add a sanity check on $NAME and convert two checks to use die(). e191dff
@specing specing remove (un)help(ful) lies. d05daf6
@specing specing Update help(), destroy() and purge() help messages and mark the latter
two for removal (return error upon invocation)
@specing specing Up the speed 381a1f7
@specing specing both local and tail were masking wget's return code, making error
checking nonfunctional.
@specing specing Always print the last error code. d84281c
@specing specing Update wget error checking. c6c0cb8
@globalcitizen globalcitizen Merge pull request #58 from specing/fixups
Fixups. (Thanks! Will remove buildpkg shortly, merging first for convenience)
@globalcitizen globalcitizen Disable binary packages by default 7dfb306
@globalcitizen globalcitizen simplify authors (remove obfuscated emails); add fedja credit (loads …
…of work, thanks!)
@globalcitizen globalcitizen Remove size estimate (newly verbose download shows real size) 3211943
@globalcitizen globalcitizen Update documentation for recent changes 7372aee
Commits on Jul 08, 2013
@globalcitizen globalcitizen Add SIGPWR fix to /etc/inittab 3a16081
Commits on Jul 25, 2013
@specing specing Clean up the last remnants of CUSTOMURL support that was silently
removed by commit ce2138c.
Commits on Jul 30, 2013
@specing specing Remove SUBARCH option that was introduced in
ab66b6f but never implemented.
@specing specing refactor how lxc.arch settings are figured out 04b7f88
@specing specing Rip out $SUBARCH and merge its functionality into $ARCHVARIANT 74b4c82
@specing specing Add a nice selection menu for ARCH and ARCHVARIANT and update docs e25eaf9
@specing specing Add manual Qemu setup instructions de7ffe6
@specing specing I think this is redundant as LXC will assume native arch.
furthermore, ARCH is set to an appropriate value during configure().
While those using custom tarballs should specify it by themselves
(I mean, we could parse it out of the tarball filename *assuming*
the tarball contains one of the values of the arches array and even
then the only valid ones would be amd64 and x86 due to LXC not
giving a fuck about others).
I guess the final answer will be given when direct Qemu emulation
support is added.
@specing specing Hmmm... why are we giving paths inside the container using absolute
paths on the host?
@specing specing fix proc security ... almost
Mounting proc ro prevents security vulnerabilities such as changing the
default handler for loading modules (this one is really ancient...):

after mounting it ro:
vm proc # echo "/sbin/modprobe" > sys/kernel/modprobe
-bash: sys/kernel/modprobe: Read-only file system

and with sys_admin capability dropped:
vm proc # mount -o remount,rw /proc
mount: permission denied

Note that I managed to totaly freeze my host system by doing
grep -r lxc /proc
inside the container. Unfortunately I don't know how to fix this one.
And I don't know whether this is a problem of Linux itself or it
happened because I'm not on vanilla Linux.
@specing specing Update documentation to match code 86ce1db
@specing specing Base $CONFFILE on $NAME rather than $UTSNAME and beef it up.
I always thought $UTSNAME and $NAME were "seperate" and that this
functionality was there to handle corner cases such as having multiple
virtual machines with the same hostname (perhaps a production and a
staging one? or maybe to seperate it based on the network it was in?).
@specing specing Quoting fix Mk. 1
I tried to create a container with whitespace in its name ...
my root filesystem didn't like it.

broken into two commits to easily see the changes, should anyone ever
have the need to do so in the future.
@specing specing Quoting fix Mk. 2
Actually, passing whitespace for container name doesen't work smoothly
yet, since the veth (host part) interface doesen't accept whitespace.

But the script does create the rootfs and config file without
changing/adding "random" files all over host's filesystem.
Commits on Jul 31, 2013
@globalcitizen globalcitizen Merge pull request #62 from specing/fetch_fixes
Loads of fixes and updates from specing.
Commits on Aug 08, 2013
@specing specing Turns out they aren't redundant after all.
They are a hack (atleast that is how I see it) around portage
removing the directory when the last package owning it is unmerged.
But the directory should still exist (e.g. /var/log).
@globalcitizen globalcitizen Merge pull request #63 from specing/master
Reverse .keep removal logic.
Commits on Jan 02, 2014
Walter Stanish Default hostname = container name 11aca06
Walter Stanish Additional security notes b2ae1d8
Commits on Jan 03, 2014
Walter Stanish Add pre-execution summary; fix typos f9f40f6
Walter Stanish Correctly default architecture to non-variant 9917b54
Walter Stanish Update docs to reflect recent changes 942c81f
Walter Stanish Additional fix for new openrcs 6be31ee
Walter Stanish Minor nod to security edf6ff3
Walter Stanish Update docs 49e1c80
Walter Stanish Briefer output 27850c0
Commits on Jan 04, 2014
Walter Stanish Fallback to existing stage3 if fetch fails d141049
Walter Stanish Silence errors for harmlessly failing old openrc fixes b4b4739
Walter Stanish Doc update 8908b2d
Commits on Jan 05, 2014
Walter Stanish Add locale default 4b8ca65
Walter Stanish Slay the arch-whinger, Mme. Perl 608cee9
Commits on Jan 19, 2014
Walter Stanish Resolve #66 (Failure to download stage3) 33402d0
Walter Stanish Update notes b58dcc6
Commits on Feb 04, 2014
Walter Stanish Updates Feb 2014 notes 6626b84
Walter Stanish Fix openrc network issues b9d679d
Commits on Apr 26, 2014
Walter Stanish Drop lxc-boot so that shutdown/poweroff commands work within the cont…
…ainer (safe and useful these days)
Walter Stanish Describe recent sys_boot capability change 356f0fa
Walter Stanish Improve FS segregation verbiage 5658be6
Commits on May 27, 2014
@globalcitizen globalcitizen Fix kmod-static-nodes errors 26e407c
Commits on Jun 11, 2014
@globalcitizen globalcitizen Fix wget timeout argument handling a60f80a
@globalcitizen globalcitizen Document recent changes (wget arguments) f5d0a46
Commits on Jul 24, 2014
@specing specing Add domain support via UTSNAME / -u (I probably shouldn't have hijacked
UTSNAME like that but meh).
@specing specing No longer needed because /etc/hosts handles the resolving. 71e3e60
Commits on Jul 25, 2014
@globalcitizen globalcitizen Merge pull request #71 from specing/specing
UTSNAME hack-support for FQDNs
@globalcitizen globalcitizen Fix sysctl typo 8b54d01
@globalcitizen globalcitizen Document recent update a71d308
@globalcitizen globalcitizen Improve QEMU notes formatting 375bdea
@globalcitizen globalcitizen Grammarfix fe5bef8
Commits on Sep 02, 2014
@specing specing No longer needed: OpenRC/openrc@b3d47d5 4deec86
@specing specing No longer needed, I guess this was the problem: OpenRC/openrc@e4668a5 1ecd1cb
@specing specing No longer needed: OpenRC/openrc@7d8dca7 e9863b5
@specing specing No longer needed? There was a massive change in how OpenRC deals with
networking a year or so ago and it currently works without this
@specing specing Why was this ever needed? 042b52a
Commits on Sep 03, 2014
@globalcitizen globalcitizen Merge pull request #72 from specing/master
Remove dated workarounds and disable hushlogin.
@globalcitizen globalcitizen Document recent changes 2525899
Commits on Sep 26, 2014
@globalcitizen globalcitizen Note on security; update wiki URL 0ae972d
Commits on Feb 08, 2015
@globalcitizen globalcitizen Mirror format changed 0e0f2da
@globalcitizen globalcitizen Document mirror format change f4b1601
Commits on Feb 09, 2015
@globalcitizen globalcitizen Document loopback setup e9c491d
@globalcitizen globalcitizen Typo fix etc. 7e55632
@globalcitizen globalcitizen Document storage efficiency drawback for losetup 979fd70
@globalcitizen globalcitizen Loopback notes 5f661e6
Commits on Mar 16, 2015
@specing specing Add GPG signature and checksum checking 46d4947
Commits on Mar 21, 2015
@specing specing Add GPG setup instructions and the means to disable signature checking. bc12650
Commits on Mar 28, 2015
@specing specing parse DIGESTS file and add signature checking for portage snapshots 8760b2c
@specing specing Add openssl and busybox support for checksum checking 2224dfd
Commits on Apr 15, 2015
@globalcitizen globalcitizen New security note 86b0331
@globalcitizen globalcitizen Improve bridge description f0a0bce
@globalcitizen globalcitizen Document recent changes 86d934d
@globalcitizen globalcitizen Merge pull request #73 from specing/master
Add GPG signature and checksum checking
@globalcitizen globalcitizen Formatting and URL fix to GPG addition; document change 43ff849
@globalcitizen globalcitizen Formatting 1eea626
@globalcitizen globalcitizen Neater GPG instructions 2d7a529
@globalcitizen globalcitizen Formatting fix 9476dea
@globalcitizen globalcitizen More formatting da9af1b
@globalcitizen globalcitizen Latency note eb3c378
@globalcitizen globalcitizen Use same variable for PGP_DIR; add unset/unalias instructions f1a82a5
Commits on Aug 04, 2015
@globalcitizen globalcitizen kern.core_pattern -> kernel.core_pattern a8bdc18
Commits on Oct 05, 2015
@globalcitizen globalcitizen IPv6 implementation inspired by EvaSDK (needs testing) b639df1
@globalcitizen globalcitizen Document changes to networking to enable IPv6 d6d3d43
@globalcitizen globalcitizen Document changes aa95ffb
Something went wrong with that request. Please try again.