diff --git a/boxes/Makefile b/boxes/Makefile index 1193a58..75772d7 100644 --- a/boxes/Makefile +++ b/boxes/Makefile @@ -6,9 +6,10 @@ default: all: $(UBUNTU_BOXES) $(UBUNTU_BOXES): CONTAINER = "vagrant-lxc-base-${@}-amd64-${TODAY}" -$(UBUNTU_BOXES): PACKAGE = "output/$(CONTAINER).box" +$(UBUNTU_BOXES): PACKAGE = "output/vagrant-lxc-${@}-amd64-${TODAY}.box" $(UBUNTU_BOXES): @sudo -E ./mk-ubuntu.sh $(@) amd64 $(CONTAINER) $(PACKAGE) + @chmod +rw $(PACKAGE) clean: @echo "Implement clean" diff --git a/boxes/common/download.sh b/boxes/common/download.sh index 01e8272..b617a13 100755 --- a/boxes/common/download.sh +++ b/boxes/common/download.sh @@ -29,4 +29,7 @@ lxc-create -n ${CONTAINER} -t download -- \ --dist ${DISTRIBUTION} \ --release ${RELEASE} \ --arch ${ARCH} + +# TODO: Nicely handle boxes that don't have an image associated + log "Container created!" diff --git a/boxes/common/package.sh b/boxes/common/package.sh index b44c074..f7d8813 100755 --- a/boxes/common/package.sh +++ b/boxes/common/package.sh @@ -3,19 +3,46 @@ set -e source common/ui.sh +# TODO: Create file with build date / time on container + info "Packaging '${CONTAINER}' to '${PACKAGE}'..." debug 'Stopping container' lxc-stop -n ${CONTAINER} &>/dev/null || true -debug "Removing previous rootfs tarbal" -rm -f ${WORKING_DIR}/rootfs.tar.gz +if [ -f ${WORKING_DIR}/rootfs.tar.gz ]; then + log "Removing previous rootfs tarbal" + rm -f ${WORKING_DIR}/rootfs.tar.gz +fi log "Compressing container's rootfs" -cd $(dirname ${ROOTFS}) -tar --numeric-owner -czf ${WORKING_DIR}/rootfs.tar.gz ./rootfs/* +pushd $(dirname ${ROOTFS}) &>/dev/null + tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \ + ${WORKING_DIR}/rootfs.tar.gz ./rootfs/* +popd &>/dev/null # Prepare package contents -cd ${WORKING_DIR} +pushd ${WORKING_DIR} &>/dev/null + warn "TODO: Package on `pwd`" + warn "TODO: Add creation date" + warn "TODO: Fix hostname (its too big!)" +popd &>/dev/null -warn 'TODO: Package!' +# cp $LXC_TEMPLATE . +# cp $LXC_CONF . +# cp $METATADA_JSON . +# chmod +x lxc-template +# sed -i "s//${NOW}/" metadata.json +# +# # Vagrant box! +# tar -czf $PKG ./* +# +# chmod +rw ${WORKING_DIR}/${PKG} +# mkdir -p ${CWD}/output +# mv ${WORKING_DIR}/${PKG} ${CWD}/output +# +# # Clean up after ourselves +# rm -rf ${WORKING_DIR} +# lxc-destroy -n ${RELEASE}-base +# +# echo "The base box was built successfully to ${CWD}/output/${PKG}" diff --git a/boxes/common/ui.sh b/boxes/common/ui.sh index c5c40f1..b2f91f8 100644 --- a/boxes/common/ui.sh +++ b/boxes/common/ui.sh @@ -12,6 +12,7 @@ info() { echo -e "${OK_COLOR}==> [${RELEASE}] ${1}${NO_COLOR}" } +# TODO: Add a file lock so we can build in parallel confirm() { question=${1} default=${2} diff --git a/boxes/conf/ubuntu b/boxes/conf/ubuntu new file mode 100644 index 0000000..1ec323f --- /dev/null +++ b/boxes/conf/ubuntu @@ -0,0 +1,70 @@ +# Default pivot location +lxc.pivotdir = lxc_putold + +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 +lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0 +lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0 +lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0 + +# Default console settings +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.aa_profile = unconfined + +# To support container nesting on an Ubuntu host while retaining most of +# apparmor's added security, use the following two lines instead. +#lxc.aa_profile = lxc-container-default-with-nesting +#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups + +# Uncomment the following line to autodetect squid-deb-proxy configuration on the +# host and forward it to the guest at start time. +#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.aa_profile = lxc-container-default-with-mounting + +# Default cgroup limits +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm