diff options
-rw-r--r-- | CHANGELOG.txt | 72 | ||||
-rw-r--r-- | LICENSE.txt | 8 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | VERSION.txt | 2 | ||||
-rwxr-xr-x | bin/container | 2 | ||||
-rwxr-xr-x | libexec/container/info | 26 | ||||
-rwxr-xr-x | libexec/container/restart | 37 | ||||
-rwxr-xr-x | share/build-scripts/debconf | 196 | ||||
-rwxr-xr-x | share/build-scripts/debconf.d/0003-debconf | 86 | ||||
-rw-r--r-- | share/build-scripts/debconf.d/0003-debconf.templates | 6 | ||||
-rwxr-xr-x | share/build-scripts/debootstrap | 4 | ||||
-rw-r--r-- | share/doc/bugs.txt | 51 | ||||
-rw-r--r-- | share/doc/examples/bookworm.cfg (renamed from share/doc/examples/bullseye.cfg) | 6 | ||||
-rwxr-xr-x | share/doc/examples/container-images.sh | 2 | ||||
-rw-r--r-- | share/doc/examples/graograman-backports.cfg (renamed from share/doc/examples/fuchur-backports.cfg) | 10 | ||||
-rw-r--r-- | share/doc/todo.txt | 4 | ||||
-rwxr-xr-x | share/get-scripts/curl | 11 | ||||
-rw-r--r-- | share/man/container-build-debootstrap.1.rst | 10 | ||||
-rw-r--r-- | share/man/container-config.5.rst | 116 | ||||
-rw-r--r-- | share/man/container-get-curl.1.rst | 10 | ||||
-rw-r--r-- | share/man/container-restart.1.rst | 6 |
21 files changed, 574 insertions, 95 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 0887fe9..8dd6e3d 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,64 @@ +2022-12-23 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221023. + + [ Daniel Baumann ] + * Tightening version matches for OS detection in container info command. + * Adding release support for Debian 12 (bookworm). + * Updating distribution defaults for bookworm in container build scripts. + * Updating references in manpages for bookworm. + * Updating examples for bookworm. + * Adding support for non-free-firmware archive-area in debconf build script. + * Updating arm64 description in debconf build script. + +2022-10-23 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221023. + + [ Daniel Baumann ] + * Removing curl pre-http2 option handling. + * Renaming internal bootstrap function to be more generic in debconf build-script. + * Adding initial image support in container debconf build-scripts. + +2022-10-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221015. + + [ Daniel Baumann ] + * Removing machine-id from cache to fix re-using it amongst all generated containers, thanks to Sakirnth Nagarasa <sakirnth@debian.org>. + * Correcting a few formating errors in changelog. + +2022-10-02 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221002. + + [ Daniel Baumann ] + * Adding force and interactive options to container restart command. + * Updating license with newer GPL-3 version containing https instead of http links. + * Replacing explicit container command with variable in container main wrapper. + * Correcting distclean target in makefile. + * Also passing explicit directory output-format to mmdebstrap in build scripts. + * Also passing root as sandbox user to mmdebstrap in build scripts. + +2022-07-21 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220721. + + [ Daniel Baumann ] + * Returning all ip addresses in cnt info command. + * Correcting container info command to report IP addresses of stopped container. + * Handling multiple IP addresses in container info command the same way for stopped containers as for started ones. + * Adding lazy detection in container info command for Debian 12 (booworm). + +2022-07-04 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220704. + + [ Daniel Baumann ] + * Adding release related targets in Makefile. + * Updating links about related articles in compute-tools manpage. + * Reverting adding LinkLocalAddressing=no to ipv6 interfaces as its only desirable on container bridges but breaks a few other things in normal containers. + 2022-06-05 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20220605. @@ -234,7 +295,7 @@ 2021-06-29 Daniel Baumann <daniel.baumann@open-infrastructure.net> - * Releasing version 20210628. + * Releasing version 20210629. * Backward incompatible changes: - The networking integration on the container host depended on @@ -812,6 +873,7 @@ 2016-12-10 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161210. + * Backward incompatible changes: - container list shows now only the first IPv4 address. - container rename command has been renamed to move. @@ -859,7 +921,7 @@ 2016-11-25 Daniel Baumann <daniel.baumann@open-infrastructure.net> - * Releasing version 20161122. + * Releasing version 20161125. [ Daniel Baumann ] * Renaming too generic internal getopt variables to avoid possible @@ -870,6 +932,7 @@ 2016-11-22 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161122. + * Backward incompatible changes: - renaming curl cache directory from /var/cache/container-tools/curl to /var/cache/container-tools/images. @@ -891,6 +954,7 @@ 2016-11-12 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161112. + * Backward incompatible changes: - removes support to create Debian 8 (jessie) container in debconf container create script. @@ -914,6 +978,7 @@ 2016-11-05 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161105. + * Backward incompatible changes: - container use systemd-networkd instead of ifupdown. @@ -1102,6 +1167,7 @@ 2016-06-01 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160601. + * Backward incompatible changes: - for consistency reasons, instead of any file only files with .cfg suffix are accepted as preseed files in @@ -1126,6 +1192,7 @@ 2016-05-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160515. + * Backward incompatible changes: - container network configuration in the [start] section for multi-interface support: @@ -1191,6 +1258,7 @@ 2016-04-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160415. + * Backward incompatible changes: - container stop command option -k|--kill renamed to -f|--force for consistency diff --git a/LICENSE.txt b/LICENSE.txt index 94a9ed0..f288702 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. + along with this program. If not, see <https://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. @@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see -<http://www.gnu.org/licenses/>. +<https://www.gnu.org/licenses/>. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read -<http://www.gnu.org/philosophy/why-not-lgpl.html>. +<https://www.gnu.org/licenses/why-not-lgpl.html>. @@ -25,6 +25,8 @@ PROGRAM = container SCRIPTS = bin/* libexec/*/* +VERSION := $(shell cat VERSION.txt) + all: build test: @@ -227,7 +229,7 @@ clean: rm -f README.txt distclean: clean - rm -rf service-tools-$(VERSION) + rm -rf $(SOFTWARE)-$(VERSION) reinstall: uninstall install diff --git a/VERSION.txt b/VERSION.txt index fcf7587..7a58b9c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20220605 +20221223 diff --git a/bin/container b/bin/container index 582fe08..fb52687 100755 --- a/bin/container +++ b/bin/container @@ -49,7 +49,7 @@ for COMMAND in $(echo "${COMMANDS}" | sed -e 's|,| |g') do if [ ! -e "/usr/libexec/${PROGRAM}/${COMMAND}" ] then - echo "'${COMMAND}': no such ${PROGRAM} command, see container(1)." >&2 + echo "'${COMMAND}': no such ${PROGRAM} command, see ${PROGRAM}(1)." >&2 exit 1 fi diff --git a/libexec/container/info b/libexec/container/info index 699a253..b713e7a 100755 --- a/libexec/container/info +++ b/libexec/container/info @@ -143,30 +143,34 @@ esac VERSION_BASH="$(chroot ${MACHINES}/${NAME} apt-cache policy bash | awk '/Installed: / { print $2 }')" case "${VERSION_BASH}" in - 4.1*) + 4.1-*|4.1.[0-9]*) OS="Debian 6 (squeeze)" ;; - 4.2*) + 4.2-*|4.2.[0-9]*) OS="Debian 7 (wheezy)" ;; - 4.3*) + 4.3-*|4.3.[0-9]*) OS="Debian 8 (jessie)" ;; - 4.4*) + 4.4-*|4.4.[0-9]*) OS="Debian 9 (stretch)" ;; - 5.0*) + 5.0-*|5.0.[0-9]*) OS="Debian 10 (buster)" ;; - 5.1*) + 5.1-*|5.1.[0-9]*) OS="Debian 11 (bullseye)" ;; + 5.2-*|5.2.[0-9]*) + OS="Debian 12 (bookworm)" + ;; + *) OS="n/a" ;; @@ -174,16 +178,16 @@ esac case "${STATUS}" in started) - IP="$(cnt run -n ${NAME} -- hostname -I | awk '{ print $1 }')" + IP="$(cnt run -n ${NAME} -- hostname -I)" ;; *) - if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 + if ls "${MACHINES}/${NAME}/etc/systemd/network"/*.network > /dev/null 2>&1 then - IP="$(awk -FAddress= '/^Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network | head -n1)" - elif [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] + IP="$(awk -FAddress= '/^Address/ { printf "%s ", $2 }' ${MACHINES}/${NAME}/etc/systemd/network/*.network)" + elif [ -e "${MACHINES}/${NAME}/etc/network/interfaces" ] then - IP="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces | head -n1)" + IP="$(awk '/address/ { printf "%s ", $2 }' ${MACHINES}/${NAME}/etc/network/interfaces)" fi IP="${IP:-n/a}" diff --git a/libexec/container/restart b/libexec/container/restart index fcb28b8..0eb753c 100755 --- a/libexec/container/restart +++ b/libexec/container/restart @@ -31,8 +31,8 @@ Parameters () { OPTIONS_ALL="" - GETOPT_LONGOPTIONS="name:,verbose," - GETOPT_OPTIONS="n:,v," + GETOPT_LONGOPTIONS="name:,force,interactive,verbose," + GETOPT_OPTIONS="n:,f,i,v," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -52,6 +52,20 @@ Parameters () shift 2 ;; + -f|--force) + FORCE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --force" + ;; + + -i|--interactive) + INTERACTIVE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --interactive" + ;; + -v|--verbose) VERBOSE="true" shift 1 @@ -74,7 +88,7 @@ Parameters () Usage () { - echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-v|--verbose]" >&2 + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--force] [-i|--interactive] [-v|--verbose]" >&2 echo echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." @@ -107,6 +121,23 @@ then exit 1 fi +if [ "${FORCE}" != "true" ] || [ "${INTERACTIVE}" = "true" ] +then + echo -n "'${NAME}': restart container '${NAME}' [y|N]? " + read STOP + + STOP="$(echo ${STOP} | tr '[A-Z]' '[a-z]')" + + case "${STOP}" in + y|yes) + ;; + + *) + exit 1 + ;; + esac +fi + # Pre hooks for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" do diff --git a/share/build-scripts/debconf b/share/build-scripts/debconf index 168f985..900242d 100755 --- a/share/build-scripts/debconf +++ b/share/build-scripts/debconf @@ -22,6 +22,7 @@ set -e PROJECT="open-infrastructure" SOFTWARE="compute-tools" PROGRAM="container" +VERSION="$(container version)" SCRIPT="${0}" export SCRIPT @@ -116,17 +117,6 @@ then exit 1 fi -if [ -x /usr/bin/mmdebstrap ] -then - BOOTSTRAP="mmdebstrap" -elif [ -x /usr/sbin/debootstrap ] -then - BOOTSTRAP="debootstrap" -else - echo "'${NAME}': /usr/bin/mmdebstrap or /usr/sbin/debootstrap - no such file." >&2 - exit 1 -fi - if [ "$(id -u)" -ne 0 ] then echo "'${NAME}': need root privileges" >&2 @@ -373,7 +363,7 @@ EOF export DEBCONF_SYSTEMRC } -Debootstrap () +Bootstrap () { DIRECTORY="${1}" @@ -405,7 +395,8 @@ Debootstrap () mmdebstrap) mmdebstrap --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ - --mode=root --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + --format=directory --mode=root --aptopt='APT::Sandbox::User "root"' \ + --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} ;; *) @@ -415,6 +406,83 @@ Debootstrap () esac } +Image () +{ + DIRECTORY="${1}" + + FILES="${IMAGE}" + + for NUMBER in $(seq 1 ${IMAGE_NUMBER}) + do + eval FILES="${FILES} $`echo IMAGE${NUMBER}`" + done + + for FILE in ${FILES} + do + case "${FILE}" in + *.gz) + TAR_OPTIONS="--gzip" + + if [ ! -e /bin/gzip ] + then + echo -en "\n" + echo "'${NAME}': /bin/lzip - no such file." >&2 + exit 1 + fi + ;; + + *.lz) + TAR_OPTIONS="--lzip" + + if [ ! -e /usr/bin/lzip ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/lzip - no such file." >&2 + exit 1 + fi + ;; + + *.xz) + TAR_OPTIONS="--xz" + + if [ ! -e /usr/bin/xz ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/xz - no such file." >&2 + exit 1 + fi + ;; + + *) + TAR_OPTIONS="" + ;; + esac + + mkdir -p "${DIRECTORY}" + + echo "Using ${FILE}" + + if [ -e /usr/bin/pv ] + then + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ + "${FILE}" -o - | \ + pv --format '%p' --width 77 | \ + tar -C "${DIRECTORY}" --strip 1 ${TAR_OPTIONS} -xf - + #pv --format '%p' --width 77 "${CACHE}/${FILE}" | tar xf - ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + else + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ + "${FILE}" -o - | \ + tar -C "${DIRECTORY}" --strip 1 ${TAR_OPTIONS} -xf - + fi + + echo " ok." + done + + # Writing resolv.conf + rm -f "${DIRECTORY}/etc/resolv.conf" + cp /etc/resolv.conf "${DIRECTORY}/etc" +} + Configure_apt () { DIRECTORY="${1}" @@ -444,7 +512,11 @@ EOF rm -f "${DIRECTORY}/progress-linux.cfg" - Chroot "${DIRECTORY}" "apt update" + case "${INSTALLER}" in + bootstrap) + Chroot "${DIRECTORY}" "apt update" + ;; + esac ;; esac } @@ -470,6 +542,9 @@ EOF rm -f "${DIRECTORY}/etc/mtab" ln -s /proc/self/mounts "${DIRECTORY}/etc/mtab" + # Removing machine-id + rm -f "${DIRECTORY}/etc/machine-id" + # Removing resolv.conf rm -f "${DIRECTORY}/etc/resolv.conf" cp /etc/resolv.conf "${DIRECTORY}/etc" @@ -958,7 +1033,6 @@ EOF cat >> "${DIRECTORY}/etc/systemd/network/eno${NUMBER}.network" << EOF DHCP=no IPv6AcceptRA=no -LinkLocalAddressing=no Address=${IPV6_ADDRESS}/${IPV6_NETMASK} EOF @@ -977,7 +1051,6 @@ EOF cat >> "${DIRECTORY}/etc/systemd/network/eno${NUMBER}.network" << EOF DHCP=no IPv6AcceptRA=no -LinkLocalAddressing=no EOF ;; @@ -1138,22 +1211,89 @@ done SYSTEM="${MACHINES}/${NAME}" -## Generic parts -if [ ! -e "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" ] +if [ -z "${IMAGE}" ] && [ -z "${IMAGE1}" ] then - Debootstrap "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - Configure_apt "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - Deconfigure_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - - mv "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + INSTALLER="bootstrap" +else + INSTALLER="image" fi -Upgrade_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" || echo "W: If upgrading the system failed, try removing the cache for your distribution in /var/cache/${PROGRAM}" -Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" +case "${INSTALLER}" in + bootstrap) + ## Dependencies + if [ -x /usr/bin/mmdebstrap ] + then + BOOTSTRAP="mmdebstrap" + elif [ -x /usr/sbin/debootstrap ] + then + BOOTSTRAP="debootstrap" + else + echo "'${NAME}': /usr/bin/mmdebstrap or /usr/sbin/debootstrap - no such file." >&2 + exit 1 + fi + + ## Generic parts + if [ ! -e "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" ] + then + Bootstrap "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + Configure_apt "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + Deconfigure_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + + mv "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + fi + + Upgrade_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" || echo "W: If upgrading the system failed, try removing the cache for your distribution in /var/cache/${PROGRAM}" + Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + + ## Specific parts + mkdir -p "${MACHINES}" + cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" + ;; + + image) + ## Dependencies + if [ -x /usr/bin/curl ] + then + GET="curl" + elif [ -x /usr/bin/wget ] + then + GET="wget" + else + echo "'${NAME}': /usr/bin/curl or /usr/bin/wget - no such file." >&2 + exit 1 + fi + + COMPRESSIONS="" + + if [ -x /usr/bin/lzip ] + then + COMPRESSIONS="${COMPRESSIONS} lz" + fi + + if [ -x /usr/bin/xz ] + then + COMPRESSIONS="${COMPRESSIONS} xz" + fi + + if [ -x /bin/gzip ] + then + COMPRESSIONS="${COMPRESSIONS} gz" + fi + + if [ -z "${COMPRESSIONS}" ] + then + echo "'${NAME}': no supported compressor available (lz, xz, gz)." + exit 1 + fi + + ## Parts + mkdir -p "${MACHINES}" + Image "${MACHINES}/${NAME}" -## Specific parts -mkdir -p "${MACHINES}" -cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" + Configure_apt "${MACHINES}/${NAME}" + Deconfigure_system "${MACHINES}/${NAME}" + ;; +esac Mount diff --git a/share/build-scripts/debconf.d/0003-debconf b/share/build-scripts/debconf.d/0003-debconf index edd3ea7..e12e25e 100755 --- a/share/build-scripts/debconf.d/0003-debconf +++ b/share/build-scripts/debconf.d/0003-debconf @@ -44,6 +44,39 @@ Mode () export MODE } +Images () +{ + if db_get container/image && [ "${RET}" ] + then + db_get container/image + IMAGE="${RET}" # string (w/o empty) + + echo "IMAGE=\"${IMAGE}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + fi + + NUMBER="1" + + while db_get container/image${NUMBER} && [ "${RET}" ] + do + if db_get container/image${NUMBER} + then + eval IMAGE${NUMBER}="\"${RET}\"" # string (w/o empty) + fi + + NUMBER="$((${NUMBER} + 1))" + done + + IMAGE_NUMBER="$((${NUMBER} - 1))" + + echo "IMAGE_NUMBER=\"${IMAGE_NUMBER}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + + for NUMBER in $(seq 1 ${IMAGE_NUMBER}) + do + eval IMAGE="$`echo IMAGE${NUMBER}`" + echo "IMAGE${NUMBER}=\"${IMAGE}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + done +} + Distribution () { db_get container/distribution @@ -53,18 +86,18 @@ Distribution () then case "${MODE}" in debian) - db_subst container/distribution CHOICES "Debian GNU/Linux 10 \"buster\", Debian GNU/Linux 11 \"bullseye\", Debian GNU/Linux testing/bookworm, Debian GNU/Linux unstable/sid" - db_subst container/distribution CHOICES_C "buster, bullseye, bookworm, sid" + db_subst container/distribution CHOICES "Debian GNU/Linux 10 \"buster\", Debian GNU/Linux 11 \"bullseye\", Debian GNU/Linux 12 \"bookworm\", Debian GNU/Linux testing, Debian GNU/Linux unstable/sid" + db_subst container/distribution CHOICES_C "buster, bullseye, bookworm, testing, sid" - db_set container/distribution bullseye + db_set container/distribution bookworm db_fset container/distribution seen false ;; progress-linux) - db_subst container/distribution CHOICES "Progress Linux 5 (engywuck), Progress Linux 5.99 (engywuck-backports), Progress Linux 6 (fuchur), Progress Linux 6.99 (fuchur-backports)" - db_subst container/distribution CHOICES_C "engywuck, engywuck-backports, fuchur, fuchur-backports" + db_subst container/distribution CHOICES "Progress Linux 5 (engywuck), Progress Linux 5.99 (engywuck-backports), Progress Linux 6 (fuchur), Progress Linux 6.99 (fuchur-backports), Progress Linux 7 (graograman), Progress Linux 7.99 (graograman-backports)" + db_subst container/distribution CHOICES_C "engywuck, engywuck-backports, fuchur, fuchur-backports, graograman, graograman-backports" - db_set container/distribution fuchur-backports + db_set container/distribution graograman-backports db_fset container/distribution seen false ;; esac @@ -98,6 +131,10 @@ Parent_distribution () fuchur*) PARENT_DISTRIBUTION="bullseye" ;; + + graograman*) + PARENT_DISTRIBUTION="bookworm" + ;; esac ;; @@ -122,7 +159,7 @@ Architecture () arm64) DEFAULT="arm64" - CHOICES="Automatic, RaspberryPi 3 (arm64)" + CHOICES="Automatic, RaspberryPi 3 and newer (arm64)" CHOICES_C="auto, arm64" ;; @@ -485,18 +522,28 @@ Archive_areas () db_get container/archive-areas ARCHIVE_AREAS="${RET}" + case "${PARENT_DISTRIBUTION}" in + bookworm|testing|sid) + ARCHIVE_AREAS_ALL="main, contrib, non-free, non-free-firmware" + ;; + + *) + ARCHIVE_AREAS_ALL="main, contrib, non-free" + ;; + esac + if [ -z "${ARCHIVE_AREAS}" ] then case "${MODE}" in progress-linux) - db_subst container/archive-areas CHOICES "main, contrib, non-free" + db_subst container/archive-areas CHOICES "${ARCHIVE_AREAS_ALL}" - db_set container/archive-areas "main, contrib, non-free" + db_set container/archive-areas "${ARCHIVE_AREAS_ALL}" db_fset container/archive-areas seen false ;; *) - db_subst container/archive-areas CHOICES "main, contrib, non-free" + db_subst container/archive-areas CHOICES "${ARCHIVE_AREAS_ALL}" db_set container/archive-areas "main" db_fset container/archive-areas seen false @@ -518,7 +565,7 @@ Archive_areas () ;; progress-linux) - ARCHIVE_AREAS="main, contrib, non-free" + ARCHIVE_AREAS="${ARCHIVE_AREAS_ALL}" ;; esac fi @@ -535,13 +582,23 @@ Parent_archive_areas () db_get container/parent-archive-areas PARENT_ARCHIVE_AREAS="${RET}" # multiselect (w/o empty) + case "${PARENT_DISTRIBUTION}" in + bookworm|testing|sid) + PARENT_ARCHIVE_AREAS_ALL="main, contrib, non-free, non-free-firmware" + ;; + + *) + PARENT_ARCHIVE_AREAS_ALL="main, contrib, non-free" + ;; + esac + if [ -z "${PARENT_ARCHIVE_AREAS}" ] then case "${MODE}" in progress-linux) - db_subst container/parent-archive-areas CHOICES "main, contrib, non-free" + db_subst container/parent-archive-areas CHOICES "${PARENT_ARCHIVE_AREAS_ALL}" - db_set container/parent-archive-areas "main, contrib, non-free" + db_set container/parent-archive-areas "${PARENT_ARCHIVE_AREAS_ALL}" db_fset container/parent-archive-areas seen false db_settitle container/title @@ -564,7 +621,7 @@ Parent_archive_areas () then case "${MODE}" in progress-linux) - PARENT_ARCHIVE_AREAS="main, contrib, non-free" + PARENT_ARCHIVE_AREAS="${PARENT_ARCHIVE_AREAS_ALL}" ;; *) @@ -1284,6 +1341,7 @@ Internal_options () } Mode +Images Distribution Parent_distribution diff --git a/share/build-scripts/debconf.d/0003-debconf.templates b/share/build-scripts/debconf.d/0003-debconf.templates index 098acd1..551033a 100644 --- a/share/build-scripts/debconf.d/0003-debconf.templates +++ b/share/build-scripts/debconf.d/0003-debconf.templates @@ -10,6 +10,12 @@ Choices: ${CHOICES} Description: Mode Mode. +Template: container/image +Type: string +Default: +Description: Image + Image. + Template: container/distribution Type: select Default: diff --git a/share/build-scripts/debootstrap b/share/build-scripts/debootstrap index 2cfa328..5ab5db2 100755 --- a/share/build-scripts/debootstrap +++ b/share/build-scripts/debootstrap @@ -136,7 +136,7 @@ case "${SCRIPT}" in mmdebstrap) BOOTSTRAP="/usr/bin/mmdebstrap" - BOOTSTRAP_OPTIONS="--mode=root" + BOOTSTRAP_OPTIONS="--format=directory --mode=root --aptopt='APT::Sandbox::User \"root\"'" ;; esac @@ -153,7 +153,7 @@ then fi ARCHITECTURE="${ARCHITECTURE:-$(dpkg --print-architecture)}" -DISTRIBUTION="${DISTRIBUTION:-bullseye}" +DISTRIBUTION="${DISTRIBUTION:-bookworm}" MIRROR="${MIRROR:-https://deb.debian.org/debian}" PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}" diff --git a/share/doc/bugs.txt b/share/doc/bugs.txt new file mode 100644 index 0000000..a49f9d8 --- /dev/null +++ b/share/doc/bugs.txt @@ -0,0 +1,51 @@ +container-tools: Bugs +===================== + + +1. veth not removed on container stop +------------------------------------- + +When stopping a container, it irregularly but reproducibly happen that the +corresponding veth device of the container is not shutdown, making it +impossible to start the container again. + +This is caused by a kernel bug not cleaning up veth devices on container +collapsing. The veth device is supposed to be go away automatically after +some time, definitely after a reboot though. + +A manual workaround is to shutdown the veth device manually with: + +# ip link delete ${VETH_DEVICE} + +There is a patch for it, see for more information: +http://lists.linuxfoundation.org/pipermail/containers/2012-October/030533.html + +FIXME: add nspan message about it here + +2. bug with machine.slices etc +------------------------------ + +FIXME + +3. veth length +-------------- + +systemd creates veth devices on the fly and names them vb-$NAME, where NAME is the +container name truncated to the first 10 characters. + +Problem: if you have several containers named with the first 10 characters to be +identical, systemd will not be able to create a new veth device. + +4. root console +--------------- + +# Let's attach a console to the example container. +# +# Note: we did not create a user in the container, +# logging in as root over a pseudo-terminal is +# considered insecure by pam and will fail. +cnt console -n example.net +# Let's disable pam_securetty.so for demonstration purpose only. +vi /var/lib/machines/example.net/etc/pam.d/login +# Now login as root will work. +cnt console -n example.net diff --git a/share/doc/examples/bullseye.cfg b/share/doc/examples/bookworm.cfg index 4582c9f..1f878f4 100644 --- a/share/doc/examples/bullseye.cfg +++ b/share/doc/examples/bookworm.cfg @@ -1,4 +1,4 @@ -# example for automated Debian 11 (bullseye) based container building +# example for automated Debian 12 (bookworm) based container building # using: sudo container build -s debian debconf debconf/priority select critical @@ -9,12 +9,12 @@ compute-tools container/mode select debian #compute-tools container/preseed-files string #compute-tools container/include-preseed-files string -compute-tools container/distribution select bullseye +compute-tools container/distribution select bookworm #compute-tools container/parent-distribution select compute-tools container/architecture select auto -compute-tools container/archives multiselect bullseye-security, bullseye-updates +compute-tools container/archives multiselect bookworm-security, bookworm-updates #compute-tools container/parent-archives multiselect compute-tools container/mirror string https://deb.debian.org/debian diff --git a/share/doc/examples/container-images.sh b/share/doc/examples/container-images.sh index 27c05fc..b711048 100755 --- a/share/doc/examples/container-images.sh +++ b/share/doc/examples/container-images.sh @@ -24,7 +24,7 @@ set -e ARCHITECTURES="amd64 i386" -DISTRIBUTIONS="stretch buster bullseye sid" +DISTRIBUTIONS="buster bullseye bookworm sid" MIRROR="https://deb.debian.org/debian" INCLUDE="dbus" diff --git a/share/doc/examples/fuchur-backports.cfg b/share/doc/examples/graograman-backports.cfg index c02e776..d1d2640 100644 --- a/share/doc/examples/fuchur-backports.cfg +++ b/share/doc/examples/graograman-backports.cfg @@ -1,4 +1,4 @@ -# example for automated Progress Linux 6.99 (fuchur-backports) container building +# example for automated Progress Linux 7.99 (graograman-backports) container building # using: sudo container build -s progress-linux debconf debconf/priority select critical @@ -9,12 +9,12 @@ compute-tools container/mode select progress-linux #compute-tools container/preseed-files string #compute-tools container/include-preseed-files string -compute-tools container/distribution select fuchur-backports +compute-tools container/distribution select graograman-backports #compute-tools container/parent-distribution select compute-tools container/architecture select auto -compute-tools container/archives multiselect fuchur-security, fuchur-updates, fuchur-extras, fuchur-backports, fuchur-backports-extras +compute-tools container/archives multiselect graograman-security, graograman-updates, graograman-extras, graograman-backports, graograman-backports-extras #compute-tools container/parent-archives multiselect compute-tools container/mirror string https://deb.progress-linux.org/packages @@ -23,8 +23,8 @@ compute-tools container/mirror-security string https://deb.progress-linux.org/pa compute-tools container/parent-mirror string https://deb.debian.org/debian compute-tools container/parent-mirror-security string https://security.debian.org -compute-tools container/archive-areas multiselect main, contrib, non-free -compute-tools container/parent-archive-areas multiselect main, contrib, non-free +compute-tools container/archive-areas multiselect main, contrib, non-free, non-free-firmware +compute-tools container/parent-archive-areas multiselect main, contrib, non-free, non-free-firmware compute-tools container/packages string knot-resolver openssh-server diff --git a/share/doc/todo.txt b/share/doc/todo.txt new file mode 100644 index 0000000..61f6309 --- /dev/null +++ b/share/doc/todo.txt @@ -0,0 +1,4 @@ +TODO +==== + + * i18n and l10n for manpages. diff --git a/share/get-scripts/curl b/share/get-scripts/curl index 2dce4cf..00a8d73 100755 --- a/share/get-scripts/curl +++ b/share/get-scripts/curl @@ -231,13 +231,6 @@ done # FIXME: default server via configuration file -CURL_OPTIONS="" - -if curl -V | grep -qs http2 -then - CURL_OPTIONS="${CURL_OPTIONS} --http2" -fi - if [ -z "${SYSTEM}" ] then # Downloading container list @@ -259,7 +252,7 @@ then GREP_PATTERN="${GREP_PATTERN:-${ARCHITECTURE}}" echo "Downloading $(echo ${SERVER} | awk -F/ '{ print $3 }') container list" - curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} \ + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 \ "${SERVER}/container-list.txt" | grep -E "${GREP_PATTERN}" > "${DEBCONF_TMPDIR}/container-list.txt" umask 0022 @@ -320,7 +313,7 @@ do fi echo "Downloading ${FILE}" - curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} ${CURL_TIME_COND} \ + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ "${SERVER}/${FILE}" -o "${CACHE}/${FILE}" fi done diff --git a/share/man/container-build-debootstrap.1.rst b/share/man/container-build-debootstrap.1.rst index 1f0584b..10538c5 100644 --- a/share/man/container-build-debootstrap.1.rst +++ b/share/man/container-build-debootstrap.1.rst @@ -61,7 +61,7 @@ The following script options are available: Specify the Debian architecture, defaults to the host systems architecture. -d, --distribution='DISTRIBUTION': - Specify the Debian distribution, defaults to 'bullseye'. + Specify the Debian distribution, defaults to 'bookworm'. -m, --mirror='MIRROR': Specify the Debian mirror, defaults to 'https://deb.debian.org/debian'. @@ -72,15 +72,15 @@ The following script options are available: Examples ======== -Build a Debian 11 (bullseye) based container with same architecture as the host +Build a Debian 12 (bookworm) based container with same architecture as the host system using debootstrap: - sudo container build -s debootstrap -n bullseye.example.net + sudo container build -s debootstrap -n bookworm.example.net -Build a Debian 11 (bullseye) based container with different architecture as the +Build a Debian 12 (bookworm) based container with different architecture as the host system using mmdebstrap: - sudo container build -s mmdebstrap -n bullseye-i386.example.net -- -a i386 + sudo container build -s mmdebstrap -n bookworm-i386.example.net -- -a i386 See also ======== diff --git a/share/man/container-config.5.rst b/share/man/container-config.5.rst new file mode 100644 index 0000000..504d848 --- /dev/null +++ b/share/man/container-config.5.rst @@ -0,0 +1,116 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================ +container-config +================ + +---------------------------- +Container configuration file +---------------------------- + +:manual section: 5 +:manual group: Open Infrastructure + +Name +==== + +| **$container**.conf + +Description +=========== + +Containers managed by compute-tools have a container configuration file in +/etc/compute-tools/config/\*.conf. + +This manpage descripts all available configuration file options. + +Options +======= + +The following **container** options are available: + +Section 'start' +--------------- + +cnt.auto: + This setting controls wheter the container will be started automatically on boot. + Allowed values are: true (always started), false (never started), + force-true (always started, even after e.g. powerloss), + last-on (previous state, fallback to on), last-off (previous state, fallback to off) + +cnt.container-server: + When using central storage to keep all container shared on e.g. a NFS volume, + this allows binding containers to individual container servers, so that it is + started (and show) only once. See container-list(1) command for further details. + +cnt.network-bridge: + This setting pairs the container network interface to a bridge on the host, + e.g. "veth-123:bridge-456" + +cnt.overlay: +cnt.overlay-options: + This settings configure automatic overlay filesystem usage. + +cnt.start: + Same as cnt.auto, except that it applies to every start, rather than at + startup of the host system. + +bind: +bind-ro: + This settings configure automatic bind mounts from the host into the container. + +boot: +capability: +directory: +drop-capability: +link-journal: +machine: +network-veth-extra: +private-users: +register: + FIXME. + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-get-curl.1.rst b/share/man/container-get-curl.1.rst index e94260b..01ae592 100644 --- a/share/man/container-get-curl.1.rst +++ b/share/man/container-get-curl.1.rst @@ -82,22 +82,22 @@ The following script options are available: --system='SYSTEM': Specify the system image name to download, defaults to - debian-bullseye-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where + debian-bookworm-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where ${ARCHITECTURE} is the host systems architecture and ${COMPRESSION} either lz, xz, or gz depending on compressor availability on the host system). Examples ======== -Download a Debian 11 (bullseye) based container with same architecture as the host +Download a Debian 12 (bookworm) based container with same architecture as the host system: - sudo container get -s curl -n bullseye.example.net + sudo container get -s curl -n bookworm.example.net -Download a Debian 11 (bullseye) based container with different architecture as the +Download a Debian 12 (bookworm) based container with different architecture as the host system: - sudo container get -s curl -n bullseye-i386.example.net -- --system debian-bullseye-current_i386.system.tar.xz + sudo container get -s curl -n bookworm-i386.example.net -- --system debian-bookworm-current_i386.system.tar.xz Files ===== diff --git a/share/man/container-restart.1.rst b/share/man/container-restart.1.rst index bb2d4f1..c52353d 100644 --- a/share/man/container-restart.1.rst +++ b/share/man/container-restart.1.rst @@ -47,6 +47,12 @@ The following **container restart** options are available: -n, --name='NAME': Specify container name. Specifying 'ALL' will restart all started container. +-f, --force: + Do not prompt before every restarting. + +-i, --interactive: + Prompt before every restarting (default). + -v, --verbose: Explain what is being done. |