Update README

and remove ${LOG}. It's a bit of a useless mechanism and, in fact a
hindrance. Why not just let the user redirect stdout?

.gitignore

@@ -1,2 +1,3 @@
 /log
 /output
+*_packages

CHANGELOG.md

@@ -1,4 +1,11 @@
-## YYYY-MM-DD (unreleased)
+## v1.2.0 (Sep 22, 2014)
+
+IMPROVEMENTS:
+
+  - Remove DHCP leases before packaging
+
+
+## v1.1.0 (May 3, 2014)
 
 BASE BOXES:
 
@@ -29,5 +36,5 @@ BASE BOXES:
 
 ## Previous
 
-The changelog began with version YYYY-MM-DD and before that the changes
+The changelog began with version 1.1.0 and before that the changes
 were being tracked from [vagrant-lxc](https://github.com/fgrehm/vagrant-lxc/blob/master/CHANGELOG.md).

Makefile

@@ -1,5 +1,7 @@
-UBUNTU_BOXES= precise quantal raring saucy trusty
-DEBIAN_BOXES= squeeze wheezy sid jessie
+UBUNTU_BOXES= trusty xenial
+DEBIAN_BOXES= jessie stretch sid
+CENTOS_BOXES= 7
+FEDORA_BOXES= 27 
 TODAY=$(shell date -u +"%Y-%m-%d")
 
 # Replace i686 with i386 and x86_64 with amd64
@@ -7,10 +9,12 @@ ARCH=$(shell uname -m | sed -e "s/68/38/" | sed -e "s/x86_64/amd64/")
 
 default:
 
-all: ubuntu debian
+all: ubuntu debian fedora
 
 ubuntu: $(UBUNTU_BOXES)
 debian: $(DEBIAN_BOXES)
+centos: $(CENTOS_BOXES)
+fedora: $(FEDORA_BOXES)
 
 # REFACTOR: Figure out how can we reduce duplicated code
 $(UBUNTU_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
@@ -27,19 +31,43 @@ $(DEBIAN_BOXES):
 	@sudo -E ./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
 	@sudo chmod +rw $(PACKAGE)
 	@sudo chown ${USER}: $(PACKAGE)
+$(CENTOS_BOXES): CONTAINER = "vagrant-base-centos-${@}-$(ARCH)"
+$(CENTOS_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-centos-${@}-$(ARCH).box"
+$(CENTOS_BOXES):
+	@mkdir -p $$(dirname $(PACKAGE))
+	@sudo -E ./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
+$(FEDORA_BOXES): CONTAINER = "vagrant-base-fedora-${@}-$(ARCH)"
+$(FEDORA_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-fedora-${@}-$(ARCH).box"
+$(FEDORA_BOXES):
+	@mkdir -p $$(dirname $(PACKAGE))
+	@sudo -E ./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
+
+.PHONY: gentoo
+gentoo:
+	@sudo -E ./mk-gentoo.sh
 
 acceptance: CONTAINER = "vagrant-base-acceptance-$(ARCH)"
 acceptance: PACKAGE = "output/${TODAY}/vagrant-lxc-acceptance-$(ARCH).box"
 acceptance:
 	@mkdir -p $$(dirname $(PACKAGE))
-	@PUPPET=1 CHEF=1 sudo -E ./mk-debian.sh ubuntu precise $(ARCH) $(CONTAINER) $(PACKAGE)
+	@PUPPET=1 CHEF=1 sudo -E ./mk-debian.sh ubuntu xenial $(ARCH) $(CONTAINER) $(PACKAGE)
 	@sudo chmod +rw $(PACKAGE)
 	@sudo chown ${USER}: $(PACKAGE)
 
-clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} acceptance
+release:
+	@test -z '$(version)' && echo 'version parameter not provided to `make`!' && exit 1 || return 0
+	gh release create -d -a output/${TODAY} $(version)
+	git tag $(version)
+	git push && git push --tags
+
+clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} ${CENTOS_BOXES} ${FEDORA_BOXES} acceptance
 clean:
 	@for r in $(ALL_BOXES); do \
 		sudo -E ./clean.sh $${r}\
-		                   vagrant-base-$${r}-$(ARCH) \
-				               output/${TODAY}/vagrant-lxc-$${r}-$(ARCH).box; \
-		done
+			vagrant-base-$${r}-$(ARCH) \
+			output/${TODAY}/vagrant-lxc-$${r}-$(ARCH).box; \
+	done

README.md

@@ -1,21 +1,28 @@
 # vagrant-lxc base boxes
 
 This repository contains a set of scripts for creating base boxes for usage with
-[vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) 1.0+.
+[vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) 1.4+.
 
 ## What distros / versions can I build with this?
 
 * Ubuntu
-  - Precise 12.04 x86_64
-  - Quantal 12.10 x86_64
-  - Raring 13.04 x86_64
-  - Saucy 13.10 x86_64
-  - Trusty 14.04 x86_64
+  - Xenial 16.04 x86_64
 * Debian
-  - Squeeze x86_64
-  - Wheezy x86_64
-  - Jessie x86_64
+  - Stretch x86_64
   - Sid x86_64
+* Fedora
+  - 23 x86_64
+  - rawhide x86_64
+* CentOS
+  - 7 x86_64
+
+## Status
+
+This is a fork of `obnoxxx/vagrant-lxc-base-boxes` which itself was a fork for
+`fgrehm/vagrant-lxc-base-boxes`. The goal is to make LXC box generation work for LXC 3.0+. The
+repo is not in top shape, but it works `make stretch` (which is what I use myself).
+
+It should be easy enough for you to add support for distros you use (PR welcome).
 
 ## Building the boxes
 
@@ -25,43 +32,43 @@ create one based on [this](https://github.com/lxc/lxc/blob/master/templates/lxc-
 and drop it on your lxc templates path (usually `/usr/share/lxc/templates`)._
 
 ```sh
-git clone https://github.com/fgrehm/vagrant-lxc-base-boxes.git
+git clone https://github.com/hsoft/vagrant-lxc-base-boxes.git
 cd vagrant-lxc-base-boxes
-make precise
+make stretch
 ```
 
 By default no provisioning tools will be included but you can pick the ones
 you want by providing some environmental variables. For example:
 
 ```sh
-PUPPET=1 CHEF=1 SALT=1 BABUSHKA=1 \
-make precise
+ANSIBLE=1 PUPPET=1 CHEF=1 \
+make stretch
 ```
 
-Will build a Ubuntu Precise x86_64 box with latest Puppet, Chef, Salt and
-Babushka pre-installed.
+Will build a Debian Stretch x86_64 box with latest Ansible, Puppet and Chef pre-installed.
 
+When using ANSIBLE=1, an optional ANSIBLE_VERSION parameter may be passed that
+will specify which version of ansible to install. By default it will install
+the latest Ansible.
+
+Additional packages to be installed can be specified with the ADDPACKAGES variable:
+
+```sh
+ADDPACKAGES="aptitude htop" \
+make xenial
+```
+
+Will build a Ubuntu Xenial x86_64 box with aptitude and htop as additional
+packages pre-installed. You can also specify the packages in a file
+xenial_packages.
+
+Note: ADDPACKAGES is currently only implemented for flavors of debian.
 
 ## Pre built base boxes
 
-_**NOTE:** None of the base boxes below have a provisioner pre-installed_
-
-| Distribution | VagrantCloud box |
-| ------------ | ---------------- |
-| Ubuntu Precise 12.04 x86_64 | [fgrehm/precise64-lxc](https://vagrantcloud.com/fgrehm/precise64-lxc) |
-| Ubuntu Raring 13.04 x86_64 | [fgrehm/raring64-lxc](https://vagrantcloud.com/fgrehm/raring64-lxc) |
-| Ubuntu Saucy 13.10 x86_64 | [fgrehm/saucy64-lxc](https://vagrantcloud.com/fgrehm/saucy64-lxc) |
-| Debian Wheezy 7 x86_64 | [fgrehm/wheezy64-lxc](https://vagrantcloud.com/fgrehm/wheezy64-lxc) |
-
+There are no pre-built base boxes for this repo. You have to build them yourself.
 
 ## What makes up for a vagrant-lxc base box?
 
 See [vagrant-lxc/BOXES.md](https://github.com/fgrehm/vagrant-lxc/blob/master/BOXES.md)
 
-
-## Known issues
-
-* We can't get the NFS client to be installed on the containers used for building
-  Ubuntu 13.04 / 13.10 / 14.04 base boxes.
-* Puppet can't be installed on Ubuntu 14.04 / Debian Sid
-* Salt can't be installed on Ubuntu 13.04

centos/clean.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+debug 'Bringing container up'
+utils.lxc.start
+
+info "Cleaning up '${CONTAINER}'..."
+
+log 'Removing temporary files...'
+rm -rf ${ROOTFS}/tmp/*
+
+log 'cleaning up dhcp leases'
+rm -f ${ROOTFS}/var/lib/dhcp/*

centos/install-extras.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+info 'Installing extra packages and upgrading'
+
+debug 'Bringing container up'
+utils.lxc.start
+
+# Sleep for a bit so that the container can get an IP
+SECS=20
+log "Sleeping for $SECS seconds..."
+sleep $SECS
+
+# install the fedora epel repo?
+EPEL=${EPEL:-0}
+
+# TODO: Support for appending to this list from outside
+PACKAGES=(vim curl wget man ca-certificates sudo openssh-server)
+
+if [ $EPEL = 1 ]; then
+  utils.lxc.attach yum update -y
+  utils.lxc.attach yum install epel-release -y
+  PACKAGES+=' bash-completion'
+fi
+
+utils.lxc.attach yum update -y
+utils.lxc.attach yum install ${PACKAGES[*]} -y

common/download.sh

@@ -26,18 +26,28 @@ fi
 
 # If we got to this point, we need to create the container
 log "Creating container..."
-if [ $RELEASE = 'raring' ]; then
-  utils.lxc.create -t ubuntu -- \
-                   --release ${RELEASE} \
-                   --arch ${ARCH}
-elif [ $RELEASE = 'squeeze' ]; then
-  utils.lxc.create -t debian -- \
-                   --release ${RELEASE} \
-                   --arch ${ARCH}
-else
+
   utils.lxc.create -t download -- \
                    --dist ${DISTRIBUTION} \
                    --release ${RELEASE} \
                    --arch ${ARCH}
+
+if [ ${DISTRIBUTION} = 'fedora' ] ||\
+   [ ${DISTRIBUTION} = 'ubuntu' ] ||\
+   [ ${DISTRIBUTION} = 'debian' ]
+then
+  # Improve systemd support:
+  # - The fedora template does it but the fedora images from the download
+  #   template apparently don't.
+  # - The debian template does it but the debian image from the download
+  #   template apparently not.
+  utils.lxc.stop
+  echo  >> /var/lib/lxc/${CONTAINER}/config
+  echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config
+  echo "lxc.autodev = 1" >> /var/lib/lxc/${CONTAINER}/config
+  utils.lxc.start
+  utils.lxc.attach rm -f /dev/kmsg
+  utils.lxc.stop
 fi
+
 log "Container created!"

common/package.sh

@@ -3,6 +3,13 @@ set -e
 
 source common/ui.sh
 
+ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
+WORKING_DIR="/tmp/${CONTAINER}"
+
+debug "Creating ${WORKING_DIR}"
+mkdir -p ${WORKING_DIR}
+mkdir -p $(dirname ${PACKAGE})
+
 # TODO: Create file with build date / time on container
 
 info "Packaging '${CONTAINER}' to '${PACKAGE}'..."
@@ -16,14 +23,18 @@ if [ -f ${WORKING_DIR}/rootfs.tar.gz ]; then
 fi
 
 log "Compressing container's rootfs"
-pushd  $(dirname ${ROOTFS}) &>>${LOG}
+pushd  $(dirname ${ROOTFS})
   tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
       ${WORKING_DIR}/rootfs.tar.gz ./rootfs/*
-popd &>>${LOG}
+popd
 
 # Prepare package contents
 log 'Preparing box package contents'
-cp conf/${DISTRIBUTION} ${WORKING_DIR}/lxc-config
+if [ -f conf/${DISTRIBUTION}-${RELEASE} ]; then
+  cp conf/${DISTRIBUTION}-${RELEASE} ${WORKING_DIR}/lxc-config
+else
+  cp conf/${DISTRIBUTION} ${WORKING_DIR}/lxc-config
+fi
 cp conf/metadata.json ${WORKING_DIR}
 sed -i "s/<TODAY>/${NOW}/" ${WORKING_DIR}/metadata.json
 
@@ -31,3 +42,6 @@ sed -i "s/<TODAY>/${NOW}/" ${WORKING_DIR}/metadata.json
 log 'Packaging box'
 TARBALL=$(readlink -f ${PACKAGE})
 (cd ${WORKING_DIR} && tar -czf $TARBALL ./*)
+
+chmod +rw ${PACKAGE}
+chown ${USER}: ${PACKAGE}

common/prepare-vagrant-user.sh

@@ -3,7 +3,8 @@ set -e
 
 source common/ui.sh
 
-export VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
+ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
+VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
 
 info "Preparing vagrant user..."
 
@@ -13,19 +14,29 @@ if $(grep -q 'vagrant' ${ROOTFS}/etc/shadow); then
 elif $(grep -q 'ubuntu' ${ROOTFS}/etc/shadow); then
   debug 'vagrant user does not exist, renaming ubuntu user...'
   mv ${ROOTFS}/home/{ubuntu,vagrant}
-  chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu &>> ${LOG}
-  chroot ${ROOTFS} groupmod -n vagrant ubuntu &>> ${LOG}
+  chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu
+  chroot ${ROOTFS} groupmod -n vagrant ubuntu
   echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
   log 'Renamed ubuntu user to vagrant and changed password.'
+elif [ ${DISTRIBUTION} = 'centos' -o ${DISTRIBUTION} = 'fedora' ]; then
+  debug 'Creating vagrant user...'
+  chroot ${ROOTFS} useradd --create-home -s /bin/bash -u 1000 vagrant
+  echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
+  sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' $ROOTFS/etc/sudoers
+  if [ ${RELEASE} -eq 6 ]; then
+    info 'Disabling password aging for root...'
+    # disable password aging (required on Centos 6)
+    # pretend that password was changed today (won't fail during provisioning)
+    chroot ${ROOTFS} chage -I -1 -m 0 -M 99999 -E -1 -d `date +%Y-%m-%d` root
+  fi
 else
   debug 'Creating vagrant user...'
-  chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant &>> ${LOG}
-  chroot ${ROOTFS} adduser vagrant sudo &>> ${LOG}
+  chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant
   echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
 fi
 
 # Configure SSH access
-if [ -d ${ROOTFS}/home/vagrant/.ssh ]; then
+if [ -d ${ROOTFS}/home/vagrant/.ssh/authorized_keys ]; then
   log 'Skipping vagrant SSH credentials configuration'
 else
   debug 'SSH key has not been set'

common/ui.sh

@@ -6,21 +6,22 @@ export ERROR_COLOR='\033[31;01m'
 export WARN_COLOR='\033[33;01m'
 
 log() {
-  echo "    [${RELEASE}] ${1}" >>${LOG}
-  echo "    [${RELEASE}] ${1}" >&2
+  LOG_PREFIX="${DISTRIBUTION}-${RELEASE}"
+  echo "    [${LOG_PREFIX}] ${1}"
 }
 
 warn() {
-  echo "==> [${RELEASE}] [WARN] ${1}" >>${LOG}
-  echo -e "${WARN_COLOR}==> [${RELEASE}] ${1}${NO_COLOR}"
+  LOG_PREFIX="${DISTRIBUTION}-${RELEASE}"
+  echo -e "${WARN_COLOR}==> [${LOG_PREFIX}] ${1}${NO_COLOR}"
 }
 
 info() {
-  echo "==> [${RELEASE}] [INFO] ${1}" >>${LOG}
-  echo -e "${OK_COLOR}==> [${RELEASE}] ${1}${NO_COLOR}"
+  LOG_PREFIX="${DISTRIBUTION}-${RELEASE}"
+  echo -e "${OK_COLOR}==> [${LOG_PREFIX}] ${1}${NO_COLOR}"
 }
 
 confirm() {
+  LOG_PREFIX="${DISTRIBUTION}-${RELEASE}"
   question=${1}
   default=${2}
   default_prompt=
@@ -33,7 +34,7 @@ confirm() {
     default='Yes'
   fi
 
-  echo -e -n "${WARN_COLOR}==> [${RELEASE}] ${question} [${default_prompt}] ${NO_COLOR}" >&2
+  echo -e -n "${WARN_COLOR}==> [${LOG_PREFIX}] ${question} [${default_prompt}] ${NO_COLOR}" >&2
   read answer
 
   if [ -z $answer ]; then
@@ -49,5 +50,6 @@ confirm() {
 }
 
 debug() {
-  [ ! $DEBUG ] || echo "    [${RELEASE}] [DEBUG] ${1}" >&2
+  LOG_PREFIX="${DISTRIBUTION}-${RELEASE}"
+  [ ! $DEBUG ] || echo "    [${LOG_PREFIX}] [DEBUG] ${1}" >&2
 }

common/utils.sh

@@ -3,21 +3,31 @@
 utils.lxc.attach() {
   cmd="$@"
   log "Running [${cmd}] inside '${CONTAINER}' container..."
-  (lxc-attach -n ${CONTAINER} -- $cmd) &>> ${LOG}
+  lxc-attach -n ${CONTAINER} -- $cmd
+}
+
+utils.lxc.pipetofile() {
+  lxc-attach -n ${CONTAINER} -- /bin/bash -c "tee $1 > /dev/null"
+}
+
+utils.lxc.runscript() {
+  log "Running $1 inside '${CONTAINER}'..."
+  cat $1 | utils.lxc.pipetofile /script.sh
+  utils.lxc.attach /bin/bash /script.sh
 }
 
 utils.lxc.start() {
-  lxc-start -d -n ${CONTAINER} &>>${LOG} || true
+  lxc-start -d -n ${CONTAINER} || true
 }
 
 utils.lxc.stop() {
-  lxc-stop -n ${CONTAINER} &>>${LOG} || true
+  lxc-stop -n ${CONTAINER} || true
 }
 
 utils.lxc.destroy() {
-  lxc-destroy -n ${CONTAINER} &>>${LOG}
+  lxc-destroy -n ${CONTAINER}
 }
 
 utils.lxc.create() {
-  lxc-create -n ${CONTAINER} "$@" &>>${LOG}
+  lxc-create -n ${CONTAINER} "$@"
 }

conf/centos

@@ -0,0 +1,57 @@
+# Taken from the oracle.common.conf.in
+# Console settings
+
+lxc.tty.dir = lxc
+lxc.tty.max = 4
+lxc.pty.max = 1024
+
+# Mount entries
+lxc.mount.auto = proc:mixed sys:ro
+
+# Ensure hostname is changed on clone
+lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
+
+# Capabilities
+# Uncomment these if you don't run anything that needs the capability, and
+# would like the container to run with less privilege.
+#
+# Dropping sys_admin disables container root from doing a lot of things
+# that could be bad like re-mounting lxc fstab entries rw for example,
+# but also disables some useful things like being able to nfs mount, and
+# things that are already namespaced with ns_capable() kernel checks, like
+# hostname(1).
+# lxc.cap.drop = sys_admin
+# lxc.cap.drop = net_raw          # breaks dhcp/ping
+# lxc.cap.drop = setgid           # breaks login (initgroups/setgroups)
+# lxc.cap.drop = dac_read_search  # breaks login (pam unix_chkpwd)
+# lxc.cap.drop = setuid           # breaks sshd,nfs statd
+# lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
+# lxc.cap.drop = audit_write
+#
+lxc.cap.drop = mac_admin mac_override
+lxc.cap.drop = sys_module sys_nice sys_pacct
+lxc.cap.drop = sys_rawio sys_time
+
+# Control Group devices: all denied except those whitelisted
+lxc.cgroup.devices.deny = a
+# Allow any mknod (but not reading/writing the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+lxc.cgroup.devices.allow = c 1:3 rwm	# /dev/null
+lxc.cgroup.devices.allow = c 1:5 rwm	# /dev/zero
+lxc.cgroup.devices.allow = c 1:7 rwm	# /dev/full
+lxc.cgroup.devices.allow = c 5:0 rwm	# /dev/tty
+lxc.cgroup.devices.allow = c 1:8 rwm	# /dev/random
+lxc.cgroup.devices.allow = c 1:9 rwm	# /dev/urandom
+lxc.cgroup.devices.allow = c 136:* rwm	# /dev/tty[1-4] ptys and lxc console
+lxc.cgroup.devices.allow = c 5:2 rwm	# /dev/ptmx pty master
+
+# Needed by default docker config
+lxc.cgroup.devices.allow = c 5:1 rwm # /dev/console
+lxc.cgroup.devices.allow = c 4:0 rwm # /dev/tty0
+lxc.cgroup.devices.allow = c 4:1 rwm # /dev/tty1
+lxc.cgroup.devices.allow = c 10:200 rwm # /dev/net/tun
+
+# Blacklist some syscalls which are not safe in privileged
+# containers
+lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp

conf/debian

@@ -1,31 +1,34 @@
 # Default pivot location
-lxc.pivotdir = lxc_putold
 
 # Default mount entries
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 lxc.mount.entry = sysfs sys sysfs defaults 0 0
 
 # Default console settings
-lxc.tty = 4
-lxc.pts = 1024
+lxc.tty.max = 4
+lxc.pty.max = 1024
 
 # Default capabilities
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 
+# Prevent systemd-journald from burning 100% of CPU
+# See https://wiki.debian.org/LXC#Incompatibility_with_systemd
+lxc.autodev = 1
+
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 
 # To support container nesting on an Ubuntu host while retaining most of
 # apparmor's added security, use the following two lines instead.
-#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.apparmor.profile = lxc-container-default-with-nesting
 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 
 # Default cgroup limits
 lxc.cgroup.devices.deny = a

conf/debian-jessie

@@ -0,0 +1,63 @@
+# support systemd as PID 1
+lxc.autodev = 1
+
+# Default pivot location
+
+# Default mount entries
+lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
+
+# Default console settings
+lxc.tty.max = 4
+lxc.pty.max = 1024
+
+# Default capabilities
+lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.apparmor.profile = unconfined
+
+# To support container nesting on an Ubuntu host while retaining most of
+# apparmor's added security, use the following two lines instead.
+#lxc.apparmor.profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.apparmor.profile = lxc-container-default-with-mounting
+
+# Default cgroup limits
+lxc.cgroup.devices.deny = a
+## Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+## consoles
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+## /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/pts/*
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm

conf/debian-stretch

@@ -0,0 +1,63 @@
+# support systemd as PID 1
+lxc.autodev = 1
+
+# Default pivot location
+
+# Default mount entries
+lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
+
+# Default console settings
+lxc.tty.max = 4
+lxc.pty.max = 1024
+
+# Default capabilities
+lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.apparmor.profile = unconfined
+
+# To support container nesting on an Ubuntu host while retaining most of
+# apparmor's added security, use the following two lines instead.
+#lxc.apparmor.profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.apparmor.profile = lxc-container-default-with-mounting
+
+# Default cgroup limits
+lxc.cgroup.devices.deny = a
+## Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+## consoles
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+## /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/pts/*
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm

conf/fedora

@@ -0,0 +1,68 @@
+# work better with systemd:
+lxc.autodev = 1
+
+# Taken from the oracle.common.conf.in
+# Console settings
+
+lxc.tty.dir = lxc
+lxc.tty.max = 4
+lxc.pty.max = 1024
+
+# Mount entries
+lxc.mount.auto = proc:mixed sys:ro
+
+# Ensure hostname is changed on clone
+lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
+
+# Capabilities
+# Uncomment these if you don't run anything that needs the capability, and
+# would like the container to run with less privilege.
+#
+# Dropping sys_admin disables container root from doing a lot of things
+# that could be bad like re-mounting lxc fstab entries rw for example,
+# but also disables some useful things like being able to nfs mount, and
+# things that are already namespaced with ns_capable() kernel checks, like
+# hostname(1).
+# lxc.cap.drop = sys_admin
+# lxc.cap.drop = net_raw          # breaks dhcp/ping
+# lxc.cap.drop = setgid           # breaks login (initgroups/setgroups)
+# lxc.cap.drop = dac_read_search  # breaks login (pam unix_chkpwd)
+# lxc.cap.drop = setuid           # breaks sshd,nfs statd
+# lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
+# lxc.cap.drop = audit_write
+# big big login delays in Fedora 20 systemd:
+#lxc.cap.drop = setpcap
+#
+lxc.cap.drop = mac_admin mac_override
+# needed for httpd
+#lxc.cap.drop = setfcap
+lxc.cap.drop = sys_module sys_pacct
+# sys_nice: needed to run CTDB
+#lxc.cap.drop = sys_nice sys_pacct
+lxc.cap.drop = sys_rawio sys_time
+
+# Control Group devices: all denied except those whitelisted
+lxc.cgroup.devices.deny = a
+# Allow any mknod (but not reading/writing the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null
+lxc.cgroup.devices.allow = c 1:3 rwm
+## /dev/zero
+lxc.cgroup.devices.allow = c 1:5 rwm
+## /dev/full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## /dev/tty
+lxc.cgroup.devices.allow = c 5:0 rwm
+## /dev/random
+lxc.cgroup.devices.allow = c 1:8 rwm
+## /dev/urandom
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/tty[1-4] ptys and lxc console
+lxc.cgroup.devices.allow = c 136:* rwm
+## /dev/ptmx pty master
+lxc.cgroup.devices.allow = c 5:2 rwm
+
+# Blacklist some syscalls which are not safe in privileged
+# containers
+lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp

conf/gentoo

@@ -0,0 +1,5 @@
+lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+
+# Default console settings
+lxc.tty.max = 4
+lxc.pty.max = 1024

conf/ubuntu

@@ -1,14 +1,13 @@
 # Default pivot location
-lxc.pivotdir = lxc_putold
 
 # Default mount entries
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 lxc.mount.entry = sysfs sys sysfs defaults 0 0
 
 # Default console settings
-lxc.devttydir = lxc
-lxc.tty = 4
-lxc.pts = 1024
+lxc.tty.dir = lxc
+lxc.tty.max = 4
+lxc.pty.max = 1024
 
 # Default capabilities
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
@@ -16,11 +15,11 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 
 # To support container nesting on an Ubuntu host while retaining most of
 # apparmor's added security, use the following two lines instead.
-#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.apparmor.profile = lxc-container-default-with-nesting
 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 
 # Uncomment the following line to autodetect squid-deb-proxy configuration on the
@@ -30,7 +29,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 
 # Default cgroup limits
 lxc.cgroup.devices.deny = a

conf/ubuntu-wily

@@ -0,0 +1,9 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
+# Parameters passed to the template: --release wily --arch amd64
+# For additional config options, please look at lxc.container.conf(5)
+
+# Common configuration
+lxc.include = /usr/share/lxc/config/ubuntu.common.conf
+
+# settings for systemd with PID 1:
+lxc.autodev = 1

conf/ubuntu-xenial

@@ -0,0 +1,12 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
+# Parameters passed to the template: --release wily --arch amd64
+# For additional config options, please look at lxc.container.conf(5)
+
+# Common configuration
+lxc.include = /usr/share/lxc/config/ubuntu.common.conf
+
+# settings for systemd with PID 1:
+lxc.autodev = 1
+# allow unconfined and incomplete
+lxc.apparmor.profile = unconfined
+lxc.apparmor.allow_incomplete = 1

debian/clean.sh

@@ -12,5 +12,8 @@ info "Cleaning up '${CONTAINER}'..."
 log 'Removing temporary files...'
 rm -rf ${ROOTFS}/tmp/*
 
+log 'cleaning up dhcp leases'
+rm -f ${ROOTFS}/var/lib/dhcp/*
+
 log 'Removing downloaded packages...'
 utils.lxc.attach apt-get clean

debian/install-ansible.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+ANSIBLE_VERSION=${ANSIBLE_VERSION:-latest}
+
+apt-get install -y build-essential python-setuptools python-jinja2 python-yaml python-paramiko python-httplib2 python-crypto sshpass
+wget https://releases.ansible.com/ansible/ansible-$ANSIBLE_VERSION.tar.gz -O /tmp//ansible.tar.gz
+tar -zxvf /tmp/ansible.tar.gz -C /tmp/ && rm -r /tmp/ansible.tar.gz
+cd /tmp/ansible-* && make && make install

debian/install-extras.sh

@@ -10,21 +10,29 @@ debug 'Bringing container up'
 utils.lxc.start
 
 # Sleep for a bit so that the container can get an IP
-log 'Sleeping for 5 seconds...'
-sleep 5
+SECS=15
+log "Sleeping for $SECS seconds..."
+sleep $SECS
+
+PACKAGES=(vim curl wget man-db openssh-server bash-completion ca-certificates sudo)
+
+log "Installing additional packages: ${ADDPACKAGES}"
+PACKAGES+=" ${ADDPACKAGES}"
 
-# TODO: Support for appending to this list from outside
-PACKAGES=(vim curl wget man-db bash-completion python-software-properties ca-certificates sudo)
 if [ $DISTRIBUTION = 'ubuntu' ]; then
   PACKAGES+=' software-properties-common'
 fi
-if [ $RELEASE != 'raring' ] && [ $RELEASE != 'saucy' ] && [ $RELEASE != 'trusty' ] ; then
+if [ $RELEASE != 'raring' ] && [ $RELEASE != 'saucy' ] && [ $RELEASE != 'trusty' ] && [ $RELEASE != 'wily' ] ; then
   PACKAGES+=' nfs-common'
 fi
+if [ $RELEASE != 'stretch' ] ; then
+  PACKAGES+=' python-software-properties'
+fi
 utils.lxc.attach apt-get update
 utils.lxc.attach apt-get install ${PACKAGES[*]} -y --force-yes
 utils.lxc.attach apt-get upgrade -y --force-yes
 
+ANSIBLE=${ANSIBLE:-0}
 CHEF=${CHEF:-0}
 PUPPET=${PUPPET:-0}
 SALT=${SALT:-0}
@@ -36,6 +44,18 @@ if [ $DISTRIBUTION = 'debian' ]; then
     -i ${ROOTFS}/etc/bash.bashrc
 fi
 
+if [ $ANSIBLE = 1 ]; then
+  if $(lxc-attach -n ${CONTAINER} -- which ansible &>/dev/null); then
+    log "Ansible has been installed on container, skipping"
+  else
+    info "Installing Ansible"
+    cp debian/install-ansible.sh ${ROOTFS}/tmp/ && chmod +x ${ROOTFS}/tmp/install-ansible.sh
+    utils.lxc.attach /tmp/install-ansible.sh
+  fi
+else
+  log "Skipping Ansible installation"
+fi
+
 if [ $CHEF = 1 ]; then
   if $(lxc-attach -n ${CONTAINER} -- which chef-solo &>/dev/null); then
     log "Chef has been installed on container, skipping"
@@ -55,14 +75,10 @@ fi
 if [ $PUPPET = 1 ]; then
   if $(lxc-attach -n ${CONTAINER} -- which puppet &>/dev/null); then
     log "Puppet has been installed on container, skipping"
-  elif [ ${RELEASE} = 'trusty' ]; then
-    warn "Puppet can't be installed on Ubuntu Trusty 14.04, skipping"
   elif [ ${RELEASE} = 'sid' ]; then
     warn "Puppet can't be installed on Debian sid, skipping"
   else
     log "Installing Puppet"
-    wget http://apt.puppetlabs.com/puppetlabs-release-stable.deb -O "${ROOTFS}/tmp/puppetlabs-release-stable.deb" &>>${LOG}
-    utils.lxc.attach dpkg -i "/tmp/puppetlabs-release-stable.deb"
     utils.lxc.attach apt-get update
     utils.lxc.attach apt-get install puppet -y --force-yes
   fi
@@ -73,47 +89,10 @@ fi
 if [ $SALT = 1 ]; then
   if $(lxc-attach -n ${CONTAINER} -- which salt-minion &>/dev/null); then
     log "Salt has been installed on container, skipping"
-  elif [ ${RELEASE} = 'raring' ]; then
-    warn "Salt can't be installed on Ubuntu Raring 13.04, skipping"
   else
-    if [ $DISTRIBUTION = 'ubuntu' ]; then
-      utils.lxc.attach add-apt-repository -y ppa:saltstack/salt
-    else # DEBIAN
-      if [ $RELEASE == "squeeze" ]; then
-        SALT_SOURCE_1="deb http://debian.saltstack.com/debian squeeze-saltstack main"
-        SALT_SOURCE_2="deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free"
-      elif [ $RELEASE == "wheezy" ]; then
-        SALT_SOURCE_1="deb http://debian.saltstack.com/debian wheezy-saltstack main"
-      else
-        SALT_SOURCE_1="deb http://debian.saltstack.com/debian unstable main"
-      fi
-      echo $SALT_SOURCE_1 > ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
-      echo $SALT_SOURCE_2 >> ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
-
-      utils.lxc.attach wget -q -O /tmp/salt.key "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key"
-      utils.lxc.attach apt-key add /tmp/salt.key
-    fi
     utils.lxc.attach apt-get update
     utils.lxc.attach apt-get install salt-minion -y --force-yes
   fi
 else
   log "Skipping Salt installation"
 fi
-
-if [ $BABUSHKA = 1 ]; then
-  if $(lxc-attach -n ${CONTAINER} -- which babushka &>/dev/null); then
-    log "Babushka has been installed on container, skipping"
-  elif [ ${RELEASE} = 'trusty' ]; then
-    warn "Babushka can't be installed on Ubuntu Trusty 14.04, skipping"
-  else
-    log "Installing Babushka"
-    cat > $ROOTFS/tmp/install-babushka.sh << EOF
-#!/bin/sh
-curl https://babushka.me/up | sudo bash
-EOF
-    chmod +x $ROOTFS/tmp/install-babushka.sh
-    utils.lxc.attach /tmp/install-babushka.sh
-  fi
-else
-  log "Skipping Babushka installation"
-fi

debian/vagrant-lxc-fixes.sh

@@ -27,7 +27,26 @@ if [ ${DISTRIBUTION} = 'debian' ]; then
   utils.lxc.attach /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove
   utils.lxc.attach /usr/sbin/update-rc.d -f mountall-bootclean.sh remove
   utils.lxc.attach /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove
+
+  # Fixes for jessie, following the guide from
+  # https://wiki.debian.org/LXC#Incompatibility_with_systemd
+  if [ "$RELEASE" = 'jessie' ] || [ "$RELEASE" = 'stretch' ]; then
+	  # Reconfigure the LXC
+	  utils.lxc.attach /bin/cp \
+		  /lib/systemd/system/getty@.service \
+		  /etc/systemd/system/getty@.service
+	  # Comment out ConditionPathExists
+	  sed -i -e 's/\(ConditionPathExists=\)/# \n# \1/' \
+		  "${ROOTFS}/etc/systemd/system/getty@.service"
+
+	  # Mask udev.service and systemd-udevd.service:
+	  utils.lxc.attach /bin/systemctl mask udev.service systemd-udevd.service
+  fi
 fi
 
 utils.lxc.attach /usr/sbin/locale-gen ${LANG}
 utils.lxc.attach update-locale LANG=${LANG}
+
+# Fix to allow bindfs
+utils.lxc.attach ln -sf /bin/true /sbin/modprobe
+utils.lxc.attach mknod -m 666 /dev/fuse c 10 229

fedora/clean.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+debug 'Bringing container up'
+utils.lxc.start
+
+info "Cleaning up '${CONTAINER}'..."
+
+log 'Removing temporary files...'
+rm -rf ${ROOTFS}/tmp/*
+
+log 'cleaning up dhcp leases'
+rm -f ${ROOTFS}/var/lib/dhcp/*

fedora/install-extras.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+info 'Installing extra packages and upgrading'
+
+debug 'Bringing container up'
+utils.lxc.start
+
+# Sleep for a bit so that the container can get an IP
+SECS=20
+log "Sleeping for $SECS seconds..."
+sleep $SECS
+
+# TODO: Support for appending to this list from outside
+PACKAGES=(vim-enhanced curl wget man-db bash-completion ca-certificates sudo openssh-server strace python-dnf dnf-plugins-core e2fsprogs net-tools bind-utils)
+
+utils.lxc.attach dnf update -y
+utils.lxc.attach dnf install ${PACKAGES[*]} -y
+
+
+MASK_TMP=${MASK_TMP:-0}
+
+if [ $MASK_TMP -eq 1 ]; then
+	# don't overmount /tmp with tmpfs: important for lxc-cachier
+	utils.lxc.attach systemctl mask tmp.mount
+fi

gentoo/clean.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+source /etc/profile
+
+echo "Cleaning up"
+
+rm /script.sh
+
+echo 'Removing temporary files...'
+rm -rf /tmp/*
+
+echo 'cleaning up distfiles'
+rm -f /usr/portage/distfiles/*
+

gentoo/install-packages.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+set -e
+
+source /etc/profile
+
+echo 'Installing packages and upgrading'
+
+PACKAGES=(net-misc/curl wget man-db openssh ca-certificates sudo)
+
+echo "Installing additional packages: ${ADDPACKAGES}"
+PACKAGES+=" ${ADDPACKAGES}"
+
+ANSIBLE=${ANSIBLE:-0}
+if [[ $ANSIBLE = 1 ]]; then
+    PACKAGES+=' ansible'
+fi
+
+CHEF=${CHEF:-0}
+if [[ $CHEF = 1 ]]; then
+    echo "Chef installation isn't supported on Gentoo"
+    exit 1
+fi
+
+PUPPET=${PUPPET:-0}
+if [[ $PUPPET = 1 ]]; then
+    PACKAGES+=' puppet eix'
+fi
+
+SALT=${SALT:-0}
+if [[ $SALT = 1 ]]; then
+    PACKAGES+=' salt'
+fi
+
+# trying to set capabilities on an unprivileged container fails.
+echo "*/* -filecaps" > /etc/portage/package.use/vagrant_overrides
+
+emerge --sync
+emerge --noreplace ${PACKAGES[*]}
+emerge -uND @world
+
+rc-config add sshd default

mk-centos.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+
+if [ "$(id -u)" != "0" ]; then
+  echo "You should run this script as root (sudo)."
+  exit 1
+fi
+
+export DISTRIBUTION='centos'
+export RELEASE=$1
+export ARCH=$2
+export CONTAINER=$3
+export PACKAGE=$4
+export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
+export WORKING_DIR="/tmp/${CONTAINER}"
+export NOW=$(date -u)
+export LOG=$(readlink -f .)/log/${CONTAINER}.log
+
+mkdir -p $(dirname $LOG)
+echo '############################################' > ${LOG}
+echo "# Beginning build at $(date)" >> ${LOG}
+touch ${LOG}
+chmod +rw ${LOG}
+
+if [ -f ${PACKAGE} ]; then
+  warn "The box '${PACKAGE}' already exists, skipping..."
+  echo
+  exit
+fi
+
+debug "Creating ${WORKING_DIR}"
+mkdir -p ${WORKING_DIR}
+
+info "Building box to '${PACKAGE}'..."
+
+./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
+# ./centos/vagrant-lxc-fixes.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
+./centos/install-extras.sh ${CONTAINER}
+./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
+./centos/clean.sh ${CONTAINER}
+./common/package.sh ${CONTAINER} ${PACKAGE}
+
+info "Finished building '${PACKAGE}'!"
+log "Run \`sudo lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
+echo

mk-debian.sh

@@ -13,6 +13,7 @@ export RELEASE=$2
 export ARCH=$3
 export CONTAINER=$4
 export PACKAGE=$5
+export ADDPACKAGES=${ADDPACKAGES-$(cat ${RELEASE}_packages | tr "\n" " ")}
 export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
 export WORKING_DIR="/tmp/${CONTAINER}"
 export NOW=$(date -u)
@@ -38,7 +39,7 @@ info "Building box to '${PACKAGE}'..."
 ./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
 ./debian/vagrant-lxc-fixes.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
 ./debian/install-extras.sh ${CONTAINER}
-./common/prepare-vagrant-user.sh ${CONTAINER}
+./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
 ./debian/clean.sh ${CONTAINER}
 ./common/package.sh ${CONTAINER} ${PACKAGE}
 

mk-fedora.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+
+if [ "$(id -u)" != "0" ]; then
+  echo "You should run this script as root (sudo)."
+  exit 1
+fi
+
+export DISTRIBUTION='fedora'
+export RELEASE=$1
+export ARCH=$2
+export CONTAINER=$3
+export PACKAGE=$4
+export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
+export WORKING_DIR="/tmp/${CONTAINER}"
+export NOW=$(date -u)
+export LOG=$(readlink -f .)/log/${CONTAINER}.log
+
+mkdir -p $(dirname $LOG)
+echo '############################################' > ${LOG}
+echo "# Beginning build at $(date)" >> ${LOG}
+touch ${LOG}
+chmod +rw ${LOG}
+
+if [ -f ${PACKAGE} ]; then
+  warn "The box '${PACKAGE}' already exists, skipping..."
+  echo
+  exit
+fi
+
+debug "Creating ${WORKING_DIR}"
+mkdir -p ${WORKING_DIR}
+
+info "Building box to '${PACKAGE}'..."
+
+./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
+./fedora/install-extras.sh ${CONTAINER}
+./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
+./fedora/clean.sh ${CONTAINER}
+./common/package.sh ${CONTAINER} ${PACKAGE}
+
+info "Finished building '${PACKAGE}'!"
+log "Run \`sudo lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
+echo

mk-gentoo.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+if [ "$(id -u)" != "0" ]; then
+  echo "You should run this script as root (sudo)."
+  exit 1
+fi
+
+TODAY=$(date -u +"%Y-%m-%d")
+export DISTRIBUTION=gentoo
+export RELEASE=current
+export ARCH=$(uname -m | sed -e "s/68/38/" | sed -e "s/x86_64/amd64/")
+export CONTAINER="vagrant-base-${DISTRIBUTION}-${ARCH}"
+export PACKAGE="output/${TODAY}/${CONTAINER}.box"
+export NOW=$(date -u)
+
+echo '############################################'
+echo "# Beginning build at $(date)"
+
+if [ -f ${PACKAGE} ]; then
+  warn "The box '${PACKAGE}' already exists, skipping..."
+  echo
+  exit
+fi
+
+info "Building box to '${PACKAGE}'..."
+
+./common/download.sh
+utils.lxc.start
+
+SECS=15
+log "Sleeping for $SECS seconds..."
+sleep $SECS
+
+utils.lxc.runscript gentoo/install-packages.sh
+./common/prepare-vagrant-user.sh
+utils.lxc.runscript gentoo/clean.sh
+utils.lxc.stop
+
+./common/package.sh
+
+info "Finished building '${PACKAGE}'!"
+log "Run \`lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
+echo