summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVirgil Dupras <vdupras@gentoo.org>2018-08-12 20:55:29 -0400
committerVirgil Dupras <vdupras@gentoo.org>2018-08-12 20:55:29 -0400
commitf6083e4cfd2b9d5cdcd94c58a40b08f3ad8eb33d (patch)
tree606c587cc0421dba049e25d7baa9befa91acab85
parentprofiles: mask app-emulation/lxc revdeps on ppc64 (diff)
downloadgentoo-f6083e4cfd2b9d5cdcd94c58a40b08f3ad8eb33d.tar.gz
gentoo-f6083e4cfd2b9d5cdcd94c58a40b08f3ad8eb33d.tar.bz2
gentoo-f6083e4cfd2b9d5cdcd94c58a40b08f3ad8eb33d.zip
app-emulation/lxc: remove old and vulnerable
Bug: https://bugs.gentoo.org/662780 Package-Manager: Portage-2.3.45, Repoman-2.3.10
-rw-r--r--app-emulation/lxc/lxc-2.1.1.ebuild214
-rw-r--r--app-emulation/lxc/lxc-3.0.1.ebuild162
2 files changed, 0 insertions, 376 deletions
diff --git a/app-emulation/lxc/lxc-2.1.1.ebuild b/app-emulation/lxc/lxc-2.1.1.ebuild
deleted file mode 100644
index a3c804d0176..00000000000
--- a/app-emulation/lxc/lxc-2.1.1.ebuild
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python3_{4,5,6} )
-DISTUTILS_OPTIONAL=1
-
-inherit autotools bash-completion-r1 distutils-r1 linux-info versionator flag-o-matic systemd readme.gentoo-r1
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
-
-KEYWORDS="amd64 ~arm ~arm64 ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="cgmanager examples lua python seccomp selinux"
-
-RDEPEND="
- net-libs/gnutls
- sys-libs/libcap
- cgmanager? ( app-admin/cgmanager )
- lua? ( >=dev-lang/lua-5.1:= )
- python? ( ${PYTHON_DEPS} )
- seccomp? ( sys-libs/libseccomp )
- selinux? ( sys-libs/libselinux )"
-
-DEPEND="${RDEPEND}
- app-text/docbook-sgml-utils
- >=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
- sys-apps/util-linux
- app-misc/pax-utils
- virtual/awk"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
- ~CPUSETS ~CGROUP_CPUACCT
- ~CGROUP_SCHED
-
- ~NAMESPACES
- ~IPC_NS ~USER_NS ~PID_NS
-
- ~NETLINK_DIAG ~PACKET_DIAG
- ~INET_UDP_DIAG ~INET_TCP_DIAG
- ~UNIX_DIAG ~CHECKPOINT_RESTORE
-
- ~CGROUP_FREEZER
- ~UTS_NS ~NET_NS
- ~VETH ~MACVLAN
-
- ~POSIX_MQUEUE
- ~!NETPRIO_CGROUP
-
- ~!GRKERNSEC_CHROOT_MOUNT
- ~!GRKERNSEC_CHROOT_DOUBLE
- ~!GRKERNSEC_CHROOT_PIVOT
- ~!GRKERNSEC_CHROOT_CHMOD
- ~!GRKERNSEC_CHROOT_CAPS
- ~!GRKERNSEC_PROC
- ~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
-
-ERROR_NETLINK_DIAG="CONFIG_NETLINK_DIAG: needed for lxc-checkpoint"
-ERROR_PACKET_DIAG="CONFIG_PACKET_DIAG: needed for lxc-checkpoint"
-ERROR_INET_UDP_DIAG="CONFIG_INET_UDP_DIAG: needed for lxc-checkpoint"
-ERROR_INET_TCP_DIAG="CONFIG_INET_TCP_DIAG: needed for lxc-checkpoint"
-ERROR_UNIX_DIAG="CONFIG_UNIX_DIAG: needed for lxc-checkpoint"
-ERROR_CHECKPOINT_RESTORE="CONFIG_CHECKPOINT_RESTORE: needed for lxc-checkpoint"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP: as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-pkg_setup() {
- kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
- linux-info_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-2.0.6-bash-completion.patch
- #558854
- eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
- eapply "${FILESDIR}"/${PN}-2.1.1-fix-cgroup2-detection.patch
- eapply "${FILESDIR}"/${PN}-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- append-flags -fno-strict-aliasing
-
- if use python; then
- #541932
- python_setup "python3*"
- export PKG_CONFIG_PATH="${T}/${EPYTHON}/pkgconfig:${PKG_CONFIG_PATH}"
- fi
-
- # I am not sure about the --with-rootfs-path
- # /var/lib/lxc is probably more appropriate than
- # /usr/lib/lxc.
- # Note by holgersson: Why is apparmor disabled?
-
- # --enable-doc is for manpages which is why we don't link it to a "doc"
- # USE flag. We always want man pages.
- econf \
- --localstatedir=/var \
- --bindir=/usr/bin \
- --sbindir=/usr/bin \
- --with-config-path=/var/lib/lxc \
- --with-rootfs-path=/var/lib/lxc/rootfs \
- --with-distro=gentoo \
- --with-runtime-path=/run \
- --disable-apparmor \
- --disable-werror \
- --enable-doc \
- $(use_enable cgmanager) \
- $(use_enable examples) \
- $(use_enable lua) \
- $(use_enable python) \
- $(use_enable seccomp) \
- $(use_enable selinux)
-}
-
-python_compile() {
- distutils-r1_python_compile build_ext -I.. -L../lxc/.libs --no-pkg-config
-}
-
-src_compile() {
- default
-
- if use python; then
- pushd "${S}/src/python-${PN}" > /dev/null
- distutils-r1_src_compile
- popd > /dev/null
- fi
-}
-
-src_install() {
- default
-
- mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
- # start-ephemeral is no longer a command but removing it here
- # generates QA warnings (still in upstream completion script)
- bashcomp_alias ${PN}-start \
- ${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
-
- if use python; then
- pushd "${S}/src/python-lxc" > /dev/null
- # Unset DOCS. This has been handled by the default target
- unset DOCS
- distutils-r1_src_install
- popd > /dev/null
- fi
-
- keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-
- find "${D}" -name '*.la' -delete
-
- # Gentoo-specific additions!
- newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
-
- # Remember to compare our systemd unit file with the upstream one
- # config/init/systemd/lxc.service.in
- systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-
- DOC_CONTENTS="
- Starting from version ${PN}-1.1.0-r3, the default lxc path has been
- moved from /etc/lxc to /var/lib/lxc. If you still want to use /etc/lxc
- please add the following to your /etc/lxc/lxc.conf
-
- lxc.lxcpath = /etc/lxc
-
- For openrc, there is an init script provided with the package.
- You _should_ only need to symlink /etc/init.d/lxc to
- /etc/init.d/lxc.configname to start the container defined in
- /etc/lxc/configname.conf.
-
- Correspondingly, for systemd a service file lxc@.service is installed.
- Enable and start lxc@configname in order to start the container defined
- in /etc/lxc/configname.conf.
-
- If you want checkpoint/restore functionality, please install criu
- (sys-process/criu)."
- DISABLE_AUTOFORMATTING=true
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
diff --git a/app-emulation/lxc/lxc-3.0.1.ebuild b/app-emulation/lxc/lxc-3.0.1.ebuild
deleted file mode 100644
index 8c26d2c163c..00000000000
--- a/app-emulation/lxc/lxc-3.0.1.ebuild
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools bash-completion-r1 linux-info flag-o-matic systemd readme.gentoo-r1 pam
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
-
-KEYWORDS="amd64 ~arm ~arm64 ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="examples pam python seccomp selinux +templates"
-
-RDEPEND="
- net-libs/gnutls
- sys-libs/libcap
- pam? ( virtual/pam )
- seccomp? ( sys-libs/libseccomp )
- selinux? ( sys-libs/libselinux )"
-
-DEPEND="${RDEPEND}
- >=app-text/docbook-sgml-utils-0.6.14-r2
- >=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
- sys-apps/util-linux
- app-misc/pax-utils
- virtual/awk"
-
-PDEPEND="templates? ( app-emulation/lxc-templates )
- python? ( dev-python/python3-lxc )"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
- ~CPUSETS ~CGROUP_CPUACCT
- ~CGROUP_SCHED
-
- ~NAMESPACES
- ~IPC_NS ~USER_NS ~PID_NS
-
- ~CGROUP_FREEZER
- ~UTS_NS ~NET_NS
- ~VETH ~MACVLAN
-
- ~POSIX_MQUEUE
- ~!NETPRIO_CGROUP
-
- ~!GRKERNSEC_CHROOT_MOUNT
- ~!GRKERNSEC_CHROOT_DOUBLE
- ~!GRKERNSEC_CHROOT_PIVOT
- ~!GRKERNSEC_CHROOT_CHMOD
- ~!GRKERNSEC_CHROOT_CAPS
- ~!GRKERNSEC_PROC
- ~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES: needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP: as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS: some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC: this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT: this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-pkg_setup() {
- kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
- linux-info_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
- #558854
- eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- append-flags -fno-strict-aliasing
-
- # I am not sure about the --with-rootfs-path
- # /var/lib/lxc is probably more appropriate than
- # /usr/lib/lxc.
- # Note by holgersson: Why is apparmor disabled?
-
- # --enable-doc is for manpages which is why we don't link it to a "doc"
- # USE flag. We always want man pages.
- econf \
- --localstatedir=/var \
- --bindir=/usr/bin \
- --sbindir=/usr/bin \
- --with-config-path=/var/lib/lxc \
- --with-rootfs-path=/var/lib/lxc/rootfs \
- --with-distro=gentoo \
- --with-runtime-path=/run \
- --disable-apparmor \
- --disable-werror \
- --enable-doc \
- $(use_enable examples) \
- $(use_enable pam) \
- $(use_with pam pamdir $(getpam_mod_dir)) \
- $(use_enable seccomp) \
- $(use_enable selinux)
-}
-
-src_install() {
- default
-
- mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
- bashcomp_alias ${PN}-start \
- ${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
-
- keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
- rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
-
- find "${D}" -name '*.la' -delete
-
- # Gentoo-specific additions!
- newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
-
- # Remember to compare our systemd unit file with the upstream one
- # config/init/systemd/lxc.service.in
- systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-
- DOC_CONTENTS="
- For openrc, there is an init script provided with the package.
- You _should_ only need to symlink /etc/init.d/lxc to
- /etc/init.d/lxc.configname to start the container defined in
- /etc/lxc/configname.conf.
-
- Correspondingly, for systemd a service file lxc@.service is installed.
- Enable and start lxc@configname in order to start the container defined
- in /etc/lxc/configname.conf.
-
- If you want checkpoint/restore functionality, please install criu
- (sys-process/criu)."
- DISABLE_AUTOFORMATTING=true
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}