pool/lxd
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CVE-2023-46565 / bsc#1223794 reference.

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=151
This commit is contained in:
Aleksa Sarai 2024-12-09 15:16:20 +00:00 committed by Git OBS Bridge
commit 442723546e
13 changed files with 1584 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

3
lxd-5.21.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f148aa7e1fc31f6cef3038e141e9bd03787274ffc506b97376d758abf1a93cb7
size 23753867

16
lxd-5.21.1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE7Ryh56b4DiLlyy2oSs4QZhV1RhQFAmYNR88ACgkQSs4QZhV1
RhSTMQ/9E5mPMp0oUGAOnklusDMlyfPfY+rgYkXf73y51UuRRbO3Gb1Hz/zeamVH
CknlsThw6GWD2cBgkGwEjGHO+hBYp8Qoaxp64GGftvz09aWyXxhHZDZOJTwfodPg
0Ld+epZPfzgfQjlXlSP+s5BkRRlrvsopoqyxIUOdepJeitAMAE+mqeiLCUILJACH
jiFmS7Unu5fWs+PaT1Msqf6UFawcwdOILjALlnAWDe4g6TcHL+jQAEO5LX9npalZ
HGKytcYbtMyo8d/vXCK53qKYhGV7gR/52vgVb8N2NtUZcSPtKJAJ5PrMdwwwb8OJ
xZdpfYBsViINffLBV6nL8mIvFaN+h7b4R/bcU+lCBJtsf0Dxf7IJmysG/w9V/jKt
iKe9pNseETJyHrdL7qhKLv6QzhiogUVNGhT8IZhZM3eI9ABSpCKx222AIaDfxuMV
YepbmJCAPHGFpePzaKGgHByjh6zm9m66RXg/nxP2ElAwLuZrMt5+wHX2UJiNc6LR
H0V75WNWkWx+W2aXxBmLHk25ep3wlUpdWe3OtJIVdn47gVmjpYQawBReYDvkplAI
V65lx2FO29r8QUONRGU6nt0rL3KMG82japB4KGDRNY4MB4pKBRNO2cqBEa1xjKmf
SUrHIw7+wPruBCVpVTubunHVRb0GQ/k2Qas0I02Z4HEZ2a5lBXA=
=9TMQ
-----END PGP SIGNATURE-----

21
lxd-config.yml Normal file
View File

@ -0,0 +1,21 @@
# This is an example system-wide configuration file for the lxc client. Any
# configuration entries added here will be merged with a user's configuration
# when they run "lxc". This is primarily useful for defining system-wide
# remotes, whose certificates are stored in /etc/lxd/servercerts.
# An example configuration (from </usr/share/doc/packages/lxd/doc/remotes.md>)
# looks like the following:
#
# remotes:
# foo:
# addr: https://10.0.2.4:8443
# auth_type: tls
# project: default
# protocol: lxd
# public: false
# bar:
# addr: https://10.0.2.5:8443
# auth_type: tls
# project: default
# protocol: lxd
# public: false

8
lxd-rpmlintrc Normal file
View File

@ -0,0 +1,8 @@
# The linking against full paths underneath /usr/lib64/lxd/ is intentional, as
# our shared libraries are internal and aren't meant to be used outside LXD.
# This error only appears in old SLE versions.
addFilter ("^lxd.* E: invalid-filepath-dependency .* /usr/lib(32|64)?/lxd/")
# We need lxd-agent and lxd-p2c to be statically linked.
addFilter ("^lxd.*: [EW]: statically-linked-binary /usr/bin/lxd-(agent|p2c)")
addFilter ("^lxd.*: [EW]: position-independent-executable-suggested /usr/bin/lxd-(agent|p2c)")

933
lxd.changes Normal file
View File

@ -0,0 +1,933 @@
-------------------------------------------------------------------
Tue Jun 11 11:27:33 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
- Change license to AGPL-3.0-only AND Apache-2.0:
+ All Canonical contributions have been relicensed and are now
under AGPLv3. Community contributions remain under Apache 2.0.
- update to 5.21.1. Full changelog at:
https://discourse.ubuntu.com/t/lxd-5-21-1-lts-has-been-released/43823
https://discourse.ubuntu.com/t/lxd-5-21-0-lts-has-been-released/42476
https://discourse.ubuntu.com/t/lxd-5-20-has-been-released/40865
Bugfixes and improvements 5.21.1:
+ Restricted metrics client certificate security regression fix
+ New image server remote for non-Ubuntu images
+ List all storage volumes API and CLI support
Highlights 5.21.0:
+ Change of version numbering scheme
+ Fine grained authorization for OIDC users
+ Optimized block volume refresh for Ceph RBD
+ Device config override when importing instance backups
Highlights 5.20.0:
+ LXD change to AGPLv3
+ Create metadata and data OSD pools as part of creating a cephfs
storage pool
+ Debug mode for EDK2 UEFI firmware
+ Authorization restructure
+ Shiftfs support has been removed
+ Fix CVE-2023-46565. bsc#1223794
-------------------------------------------------------------------
Mon Nov 20 21:51:15 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add attr as dependency for setfattr (bsc#1190416)
-------------------------------------------------------------------
Sun Oct 29 15:06:18 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- update to 5.19. Full changelog at:
https://discourse.ubuntu.com/t/lxd-5-19-has-been-released/39590
Highlights:
+ Add support for per-NIC device limits.priority option
+ Instance volume configuration through disk device
-------------------------------------------------------------------
Thu Oct 5 01:18:44 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- update to 5.18. Full changelog at
https://discourse.ubuntu.com/t/lxd-5-17-has-been-released/38061
https://discourse.ubuntu.com/t/lxd-5-18-has-been-released/38769
Highlights 5.18:
+ Receive OVN logs into LXD and Loki
Highlights 5.17:
+ ZFS 2.2 delegation support
+ Add remote copy support for custom volume snapshots
+ Allow recovery of empty storage pools
-------------------------------------------------------------------
Sat Aug 19 05:15:39 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- remove the last bit of the old repo
-------------------------------------------------------------------
Tue Aug 8 07:15:31 UTC 2023 - Dirk Müller <dmueller@suse.com>
- correct source0/1 urls
-------------------------------------------------------------------
Sun Jul 23 17:44:26 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- fix import path to the new upstream git repo
- Update to 5.16. Full upstream changelogs are at
https://discourse.ubuntu.com/t/lxd-5-16-has-been-released/37150
Highlights:
+ ISO volumes
+ IPAM information
+ selection of cluster groups when moving instances
-------------------------------------------------------------------
Sat Jul 15 15:28:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update keyring
-------------------------------------------------------------------
Wed Jul 5 07:03:20 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- Update to 5.15. Full upstream changelogs are at
https://discuss.linuxcontainers.org/t/lxd-5-14-has-been-released/17259 and
https://discuss.linuxcontainers.org/t/lxd-5-15-has-been-released/17493
Highlights from 5.15:
+ Non-UEFI support in LXD VMs (CSM)
+ Instance rebuild
+ Container pinning based on NUMA nodes
+ User authentication information in API
Highlights from 5.14:
+ Cluster auto-healing
+ OIDC web authentication
+ lxc publish --reuse
+ Support for specifying the size of an LVM thinpool
+ Total disk and memory reporting
-------------------------------------------------------------------
Thu Jun 15 12:05:08 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix call to sysctl_apply: this macro takes a parameter.
-------------------------------------------------------------------
Thu May 18 03:03:30 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.13. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-13-has-been-released/16949
boo#1211477
LXD 5.13:
+ Fast live migration for virtual machines
+ AMD SEV support for virtual machines
+ OpenID Connect authentication
+ VDPA for network acceleration on OVN
+ Layer 3 only support on OVN
+ Nested NIC support on OVN networks
+ Per user bridge in multi-user setups
+ Support for growing existing storage pools
LXD 5.12:
+ Device wipe when creating storage pools
+ VM generation id
+ VM block cache mode
-------------------------------------------------------------------
Sat Feb 18 11:23:42 UTC 2023 - Jacob Hansen <me@jacobbaungard.com>
- Update to LXD 5.11. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-11-has-been-released/16443
+ Instance placement scriptlet
+ Block storage mode on ZFS pools
+ lxc cluster info command
+ Support for attaching managed physical networks to instances
-------------------------------------------------------------------
Mon Feb 13 13:03:24 UTC 2023 - Jacob Hansen <me@jacobbaungard.com>
- Update to LXD 5.10. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-10-has-been-released/16143
+ Configurable network transmit queue length on NIC devices
-------------------------------------------------------------------
Sun Dec 25 19:01:56 UTC 2022 - Kostas Papadakis <papadakis.k@yandex.com>
- Add stop entry to systemd service file so the lxc containers shutdown
gracefully
-------------------------------------------------------------------
Mon Dec 12 04:12:54 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.9. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-9-has-been-released/15907
boo#1206296
+ Network zones project feature
-------------------------------------------------------------------
Tue Nov 22 06:34:14 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.8. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-8-has-been-released/15686
boo#1205623
+ CPU hotplug in VMs
+ Device override on init and launch
* Record volume creation date
-------------------------------------------------------------------
Fri Oct 28 23:55:12 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.7. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-7-has-been-released/15432
boo#1204852
+ ACME / Lets Encrypt support
+ Cloud-init validation
+ Internal metrics
+ Cluster join tokens expiry
+ Proxy device hotplugging to VM
-------------------------------------------------------------------
Mon Sep 26 02:20:04 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.6. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-6-has-been-released/15191
boo#1203731
LXD 5.6:
+ Grafana Loki support
+ Object storage on local storage pools
+ Infiniband support for virtual machines
+ Restricted network access in projects
+ instance-ready lifecycle event
+ Metric for total effective CPUs
LXD 5.5:
+ Storage buckets (on Ceph)
+ Instance Ready state
+ Configurable BGP hold time
+ All projects queries for storage volumes
+ OOM kill counter in metrics
* Database optimization
LXD 5.4:
+ Load-balancers (OVN)
+ Bi-directional vsock interface (VM)
* Changes to vsock API (LXD VMs)
-------------------------------------------------------------------
Sun Jul 17 17:06:49 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
- Change to using systemd-sysusers
-------------------------------------------------------------------
Mon Jun 27 23:57:42 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.3. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-3-has-been-released/14439
boo#1200974
+ Extended raw.qemu support
+ fscache support for cephfs storage pools
-------------------------------------------------------------------
Sun May 29 02:18:04 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.2. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-2-has-been-released/14200
boo#1200002
+ VPD information in resources API
* Cross-project profile copy
* HTTP streaming support in /dev/lxd API
* Use of server-side filtering in CLI
* Ceph librbd for virtual machines
- Remove upstreamed patch:
+ 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
-------------------------------------------------------------------
Thu May 5 04:27:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 5.1. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-5-1-has-been-released/13956
boo#1199216
+ Sysinfo system call interception
+ lxc cluster role sub-command
* lxc storage volume info shows volume total size
+ Configurable host network interface naming pattern
* Overrideable evacuation mode
* Setting profiles during an image copy
- Backport upstream patch to fix build on x32 systems.
+ 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch
- Make CRIU a Recommends so that we can still use LXD on 32-bit openSUSE.
-------------------------------------------------------------------
Thu May 5 03:31:24 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.24. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-24-has-been-released/13550
boo#1199215
This is the last release before LXD 5.0 (which does not support the Leap 15.3
kernel -- LXD 5.0 requires kernel 5.4 or newer). Thus this will be the last
LXD release for Leap 15.3.
+ lxc file mount and new files API
+ Cluster event hub role
* Reworked lxc storage volume info
+ AppArmor profiles for image extractors
+ Grafana dashboard
+ Degraded startup (missing disk)
+ restricted.containers.interception project option
+ core.metrics_authentication server option
+ Network interface name and MTU in virtual machines
+ I/O uring support for VM storage
+ ipv4.neighbor_probe and ipv6.neighbor_probe NIC options
-------------------------------------------------------------------
Mon Dec 13 02:46:02 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.21. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-21-has-been-released/12860
boo#1193649
+ Cluster member groups
* Reworked cloud-init support
+ Trust certificate self-renewal
+ Restricted disk passthrough in projects
+ Restricted idmap uid/gid in projects
+ List all lxc commands with --sub-commands
+ List instances across all projects with --all-projects
+ New database-leader cluster role
* Consistent units for byte sizes.
* Routed networking in virtual machines
+ Support for ipv4.routes and ipv6.routes on routed type NICs
+ Option to skip records for NAT-ed addresses in network zones
+ Allow blocking an IP address family with security filtering options
+ New ceph.rbd.du storage config option to disable potentially slow rbd du
* Optimized moving of instances and volumes between projects
* Support for copying/moving custom volumes between cluster members
-------------------------------------------------------------------
Mon Nov 8 03:24:36 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.20. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-20-has-been-released/12540
boo#1192432
+ Live migration of virtual machines
+ Network peering for OVN
+ Network zones (DNS)
+ SR-IOV acceleration for OVN networking
+ Linux sysctl configuration on containers
+ Core scheduling for virtual machines
+ Cluster member configuration
* Improvement to network leases
-------------------------------------------------------------------
Sun Sep 5 06:43:47 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.18. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-18-has-been-released/12068/2
boo#1190323
+ Network forwards (floating IPs)
+ Native BGP support
* NAT address customization with OVN
* lxd cluster edit for cluster disaster recovery
+ Refresh support for custom volume copies
+ Additional device restrictions for projects
* --minimal option for lxd init
* Additional network counters in instance state
- Disable stripping of binaries, which seems to be causing issues at runtime
due to some ld.so assertion failing. In particular it seems that libdqlite is
getting corrupted somehow.
-------------------------------------------------------------------
Fri Aug 20 11:59:37 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.17. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-17-has-been-released/11812
boo#1189645
+ lxd import replaced by new lxd recover
+ Cluster member evacuation
* Reworked lxc info output
+ Requestor address in lifecycle event
+ USB GPU support in the resources API
+ Monitoring of all projects in lxc monitor
+ Alternative format options in lxc monitor
-------------------------------------------------------------------
Sat Jul 31 04:33:50 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.16. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-16-has-been-released/11547
boo#1188946
+ Cluster certificate update
+ Copy/move of custom volumes between projects
+ lxc monitor --pretty now works with all event types
+ Easier revocation of cluster join tokens
+ IP filtering on unmanaged bridges
+ New warnings
+ New lifecycle events
- Remove upstreamed patches:
+ boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch
-------------------------------------------------------------------
Wed Jul 7 16:52:36 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>
- Build with go1.15 for reproducible build results (boo#1102408)
-------------------------------------------------------------------
Fri Jun 25 09:59:23 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Add backport for <https://github.com/lxc/lxd/pull/8908> which fixes a
Leap-specific kernel backport bug (close_range(2) was backported but not the
flags that it supported in the first version). boo#1186786
+ boo1186786-0001-forkexec-handle-broken-close_range-backport-in-openS.patch
-------------------------------------------------------------------
Tue Jun 8 02:25:02 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Build lxd-agent and lxd-p2c statically to match upstream LXD build scripts
(and to make VMs work properly -- lxd-agent is injected into the VM).
- Update lxd-rpmlintrc to match this.
-------------------------------------------------------------------
Sun Jun 6 07:03:53 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.15. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-15-has-been-released/11252
bsc#1186906
+ Network interface hotplug in VMs
+ Configurable shutdown timeout
+ New persistent warnings (time skew, apparmor and virtiofsd)
+ Location field in /dev/lxd API
+ New type and name columns in lxc config trust list
+ Cluster members acting as database stand-by now visible
+ lxc monitor --pretty now supported with lifecycle events
+ New --expire flag for lxc publish
+ Requestor now recorded in lifecyle events
+ Proxy header support on main API endpoint
+ Full swagger coverage of REST API
-------------------------------------------------------------------
Tue Jun 1 20:35:20 UTC 2021 - Dirk Müller <dmueller@suse.com>
- fix dependencies for aarch64/armv7l
-------------------------------------------------------------------
Tue Jun 1 11:57:52 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Fix build on i586 by if_arch-ing out the VM support on non-x86_64 platforms.
-------------------------------------------------------------------
Mon May 31 05:11:38 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.14. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-14-has-been-released/11008
bsc#1186647
+ ACL support on managed bridges
+ Cluster member certificates
+ Cluster member description
+ Cluster token based join
+ Server warnings
+ Backup and snapshot project restrictions
+ User keys in device configuration
+ More auto-generated REST-API documentation
- Remove upstreamed patches:
- boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch
-------------------------------------------------------------------
Wed Apr 21 00:19:11 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Don't use SecureBoot OVMF blobs, they don't work with LXD.
- Add backport of <https://github.com/lxc/lxd/pull/8700> to fix LXD VMs on
openSUSE. boo#1181549
+ boo1181549-0001-vm-qemu-configure-spice-using-spice-parameter.patch
-------------------------------------------------------------------
Mon Apr 12 05:19:43 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.13. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-13-has-been-released/10737
boo#1184580
+ Support for instance filters in "lxc list"
+ NVIDIA MIG support for containers
+ System wide configuration in /etc/lxd
+ Project resource usage
+ Snapshot schedule aliases (cron-like @... aliases)
+ images.default_architecture for multi-architecture setups
+ New description column in "lxc {project,profile,storage} list"
+ Reworked handling of default action in network ACLs
+ "lxc stop --console"
+ More auto-generated REST-API documentation
-------------------------------------------------------------------
Mon Mar 15 16:49:41 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Move OVMF symlinks to /usr/share, /opt is not allowed in SUSE
packages.
-------------------------------------------------------------------
Fri Mar 5 16:31:52 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.12. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-12-has-been-released/10424
boo#1183111
+ Initial Network ACLs support (OVN-only)
+ Project restricted certificates
+ Server configuration options now supported at the project level
+ Configuration option for Ceph features
* Projects now supported by lxd init --dump and --preseed
* Initial auto-generated REST-API documentation
+ VM: Stateful stop and stateful snapshots for virtual machines
- Updated packaging to support VMs, though note that LXD's usage of QEMU causes
issues with QEMU 5.2 on openSUSE (because of how we package it). See
<https://github.com/lxc/lxd/issues/8416> for more details. bsc#1181549
- Prefix all binaries with lxd- if they don't start with "lx[cd]". This is to
avoid having cases like lxd-generate where there's a binary in /usr/bin that
has a super-generic name.
-------------------------------------------------------------------
Fri Feb 5 07:41:04 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.11. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-11-has-been-released/10135
boo#1181825
+ Bulk instance state change API
+ GVRP support for dynamic vlan configuration
+ Server-side instance storage pool migration
+ Volume usage API
+ VM: SR-IOV GPU Support
+ VM: PCI Device Type
+ VM: ISO images now exposed as cdrom
-------------------------------------------------------------------
Mon Jan 11 12:53:22 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.10. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-10-has-been-released/9894
boo#1180772
+ VLAN information in network state
+ Proxy device support for VMs (NAT only)
+ Bridge port isolation
+ New sub-commands for image properties
+ Multi-queue networking in VMs
-------------------------------------------------------------------
Sat Dec 12 06:32:48 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.9. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-9-has-been-released/9673
boo#1179972
+ Mediated GPU devices for Virtual Machines
+ IOMMU groups for PCI devices
+ QEMU version in server environment information
* Improved lifecycle events
+ "user." keys allowed on all objects
+ usb_address and pci_address properties in USB/network resources
+ ipv4.dhcp and ipv6.dhcp on OVN networks
+ ovn.ingress_mode on physical networks
+ ipv4.routes.anycast and ipv6.routes.anycast on physical networks
+ limits.instances project option
+ zstd compression for images and backups
-------------------------------------------------------------------
Fri Nov 13 06:15:10 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.8. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-8-has-been-released/9458
boo#1178759
+ vTPM support
+ VirtioFS support for virtual machines
+ Full CGroup2 support
+ rebase mode for zfs.clone_copy
+ --reuse option in lxc snapshot and lxc storage volume snapshot
* restarted lifecycle event
* Improved logging of user requests
-------------------------------------------------------------------
Sat Oct 17 09:03:58 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.7. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-7-has-been-released/9213
boo#1177825
+ Backup (export/import) of custom storage volumes
+ Import of instances with alternative name
+ Virtual machine memory shrinking (and re-grow)
+ USB device passthrough for virtual machines
+ Configurable rsync compression in migration
+ Restrict available uplinks for project networks
+ Add new physical managed network type
+ Support for external routed addresses/subnets on OVN
-------------------------------------------------------------------
Sat Sep 19 04:50:10 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.6. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-6-has-been-released/8981
boo#1176737
+ Networks in projects
+ AppArmor profiles for qemu
- Removal of custom sqlite fork.
-------------------------------------------------------------------
Sat Aug 29 02:59:26 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.5. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-5-has-been-released/8824
boo#1175910
+ Initial support for OVN virtual networks
+ Initial bpf syscall interception
* Support for native terminal device allocation
* VGA console now working on Windows
* Improved handling of remote storage pools
* forkdns and forkproxy now running under AppArmor confinement
+ lxc move now lets you select a cluster target too
-------------------------------------------------------------------
Sat Aug 1 07:14:32 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.4. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-4-has-been-released/8574
boo#1174789
+ VGA console for virtual machines
+ Clustering failure domains
+ /dev/lxd API in virtual machines
+ Graceful daemon shutdown
+ macvlan and sriov managed network types
+ Disk usage limits in projects
+ AppAmor confinement for dnsmasq
+ GPU mediated devices in resources API
+ --console option in lxc launch
-------------------------------------------------------------------
Thu Jul 2 02:12:53 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.3. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-3-has-been-released/8303
boo#1173608
+ Block custom storage volumes
+ VM: Initial work for graphical console
* VM: Rework of PCIe layout
+ VM: GPU passthrough
* Direct console attach on lxc start and lxc restart
* Isolated CPUs reporting in resources API
-------------------------------------------------------------------
Fri Jun 5 23:58:50 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.2. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-2-has-been-released/8071
bsc#1172605
+ VLAN filtering on bridges
* Expanded network state information
+ Support for custom search domains
+ New IPv4 and IPv6 columns in network lists
* mips & riscv64 support for containers and s390x support for VMs
* Using pidfds for all container subprocesses
* LVM volumes only active when needed
+ DB query tracing support
* Better cluster life-cycle handling
* Cleaned up database functions
-------------------------------------------------------------------
Sat May 9 03:45:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.1. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-1-has-been-released/7737
+ Push and relay support for images
+ Routing table support for routed NIC devices
+ L2 mode for ipvlan NIC devices
* Tweaks to the resources API
* Addition of OS data in the server information
+ New lxd cluster remove-raft-node command
* Improved table sorting in the command line tool
-------------------------------------------------------------------
Fri Apr 24 06:58:55 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.0.1. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-0-1-lts-has-been-released/7515
boo#1170404
* Tweaked and improved the resources API
* Added lxd cluster remove-raft-node disaster recovery function
* Implemented ceph rbd/fs disk devices can now be attached to virtual machines
* Fixed some data migration issues for users of < 3.0 upgrading to 4.0 directly
* Fixed file descriptor leakage in exec
-------------------------------------------------------------------
Wed Apr 1 14:23:25 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 4.0.0. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-4-0-lts-has-been-released/7231
boo#1168338
Breaking Changes:
* Removal of --container-only, replaced by --instance-only
+ VM: Support for backup (import/export)
+ PCI and USB devices in the resource API
+ Support for multiple ipvlan NIC devices
+ Support for host addresses on routed NIC
+ Support for editing cluster roles
+ Disk usage for custom volumes
+ Disk usage for snapshots
+ Support for passwordless PKI mode
-------------------------------------------------------------------
Sat Mar 21 04:55:09 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.23. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-23-has-been-released/7140
boo#1167304
+ Custom storage volumes in projects
+ Schedule snapshots for custom storage volumes
+ Expiry for custom storage volumes
+ Limits for projects
+ Restrictions for projects
+ Improved backup/export logic
+ VM: Support for migration
+ VM: Support for publishing
-------------------------------------------------------------------
Sat Mar 7 14:49:16 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.22. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-22-has-been-released/7027
boo#1165976
+ Resource limits for projects
+ nftables backend for firewalling
+ Container: Hugepages in unprivileged containers
+ VM: Support for 9p disk devices
+ VM: File templating support
-------------------------------------------------------------------
Fri Feb 14 07:27:24 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.21. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-21-has-been-released/6802
boo#1163651
+ New way to attach to LXD managed networks
+ Clustering: Configurable number of active and standby database members
* Ceph ported to new storage driver infrastructure
* VM: CPU pinning and topology
* VM: Network and storage optimizations
* VM: Agent-less reporting of IPv6 addresses
- Remove upstreamed patch. boo#1156336
- boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch
-------------------------------------------------------------------
Mon Feb 3 15:03:49 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow
OBS to shortcut through the -mini flavors.
-------------------------------------------------------------------
Sat Feb 1 23:37:24 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Fix bash-completion by installing it to the correct path. boo#1162426
-------------------------------------------------------------------
Fri Jan 31 10:16:27 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Backport https://github.com/canonical/dqlite/pull/207 to fix boo#1156336.
+ boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch
-------------------------------------------------------------------
Fri Jan 31 00:33:47 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.20. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-20-has-been-released/6673
boo#1162299
+ Server side support of API collections
+ New unix-hotplug device type
+ Support for standby cluster members
- Update packaging to use GOPATH="_dist" rather than trying to move everything
to vendor/. This is the recommended approach by upstream (and makes our
specfile marginally less horrific).
-------------------------------------------------------------------
Fri Jan 17 05:17:53 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.19. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-19-has-been-released/6529
boo#1161615
+ Virtual machine support
+ Reworked storage layer
+ Routed networking mode
+ Custom mount options for disk devices
+ Interception of the mount system call
+ Multi-architecture clustering
+ ...
- Rework package handling to fake Go module builds.
-------------------------------------------------------------------
Wed Dec 11 23:55:40 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Support older SLE systems which don't have "usermod -w -v".
-------------------------------------------------------------------
Thu Oct 3 01:53:53 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.18. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-18-has-been-released/5869
boo#1152846
+ New /1.0/instances endpoint
+ Support for storing VM images
+ Extended disk resources information
+ Modification of image expiry date
+ Clustering roles
+ IPv4 configuration when in Fan mode
-------------------------------------------------------------------
Wed Sep 25 11:03:42 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Clean up a few remaining specfile bits left over from the 3.17 update.
-------------------------------------------------------------------
Tue Sep 24 12:31:21 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Completely drop all stripping -- it appears to cause all sorts of problems
with unresolved symbol errors.
- Update to LXD 3.17. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-17-has-been-released/5679
boo#1151874
+ Storage pool backed image tarballs and backups
+ Container configuration as YAML on lxc init and lxc launch
* Ported to final Dqlite 1.0
* Database rework
* Container devices rework
* Storage rework
-------------------------------------------------------------------
Mon Jul 15 06:40:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.15. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-15-has-been-released/5218
+ Switch to dqlite 1.0.
* Reworked DHCP lease handling
* Reworked cluster heartbeat handling
* Better syscall interception framework
* More reliable unix socket proxying
+ Hardware VLAN and MAC filtering on SR-IOV
+ New storage-size option for lxd-p2c
+ IPv4 and IPv6 filtering (spoof protection)
* Reworked resources API (host hardware)
+ Control over uid, gid and cwd during command execution
+ Quota support for custom storage volumes on dir backend
* Lots of bug fixes...
-------------------------------------------------------------------
Wed Jun 19 07:21:29 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.14. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-14-has-been-released/5045
boo#1138770
+ Cluster: Re-worked DNS forwarding
+ Script to factory reset LXD
+ Improvements to syscall interception
* Lots of bug fixes...
-------------------------------------------------------------------
Wed Jun 19 03:16:40 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update build to use go_nostrip, in order to attempt to fix the broken
binaries on Leap 15.1. boo#1138769
-------------------------------------------------------------------
Sun Jun 9 08:21:19 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Explicitly require lxcfs-hooks-lxc. LXD supports lxcfs but it requires tha
the LXC configuration files be present.
-------------------------------------------------------------------
Sun Jun 2 17:22:35 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Trim filler wording from description.
- Remove --with-pic which often has no point with --disable-static.
- Avoid bash-specific sh code.
-------------------------------------------------------------------
Thu May 9 20:28:55 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.13. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-13-has-been-released/4738
boo#1138031
+ Cluster: Improved heartbeat interval
+ Cluster Internal container copy
+ Initial syscall interception support
+ Role Based Access Control
+ IPVLAN support
+ Quota support on dir storage backend
+ Routes on container NIC devices
+ Configurable NAT source address
+ LXC features exported in API
* Lots of bug fixes...
-------------------------------------------------------------------
Mon Apr 8 13:18:50 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- %pre bash features: replace by POSIX equivalents.
- %build bash features: add %_buildshell definition for it.
- Do not ignore errors from groupadd.
-------------------------------------------------------------------
Fri Apr 5 19:13:48 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to LXD 3.12. The full upstream changelog is available from:
https://discuss.linuxcontainers.org/t/lxd-3-12-has-been-released/4483
+ Cluster: Aggregated DHCP leases
+ Cluster: Events now show location
+ Cluster: Operations now show location
+ Cluster: Support for --target in more commands
+ Shiftfs support
+ Kernel features now exported over API
+ Improved CPU reporting
+ GPU reporting
+ Snapshot expiry now visible in lxc info
* Lots of bug fixes...
-------------------------------------------------------------------
Thu Mar 28 01:54:01 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Make sqlite+dqlite both shared libs to avoid bloating RSS. In order to avoid
issues with packaging new versions of libsqlite3 there are a bunch of
DT_SONAME and DT_NEEDED hacks to ensure that rpm doesn't cause false-positive
conflicts or other issues. This requires a new lxd-rpmlintrc to work on older
SLE versions.
-------------------------------------------------------------------
Tue Mar 26 02:44:05 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Initial packaging of LXD 3.11.

8
lxd.dnsmasq Normal file
View File

@ -0,0 +1,8 @@
# WARNING: DO NOT MODIFY THIS FILE.
# Changes to this file will be lost when the lxd package is updated or removed.
# Instead, add changes to /etc/dnsmasq.d/.
# Tell any system-wide dnsmasq instance to make sure to bind to interfaces
# instead of listening on 0.0.0.0.
bind-interfaces
except-interface=lxdbr0

65
lxd.keyring Normal file
View File

@ -0,0 +1,65 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFyiNooBEADCs1KhgS+tDQbEqERIL7RSB3hVrDECAAys35O7QEfnMXTaUnB1
CVjb0gom4c+dDOLXhe4i05HWDfoc3+JJMNsSfyN2e/kocI00u9zKiDN45kZpXpC5
3J6dUYCFDhvR/j9iAhITYJA4KgFDmEc0axocxGCkJhvdX307tInpgnuOfg8qf0Wq
wXfrCDikZhBNP4cgW12Lzc5CFhBXK6uyOOe61R4ErMZb4DGsO3RNYVS9er1QsXgV
LskKVwzbRV0oZ8rmfgOBoeuDl5KIjVrJI2xP8Sw0mQzypdZO6UjmEUA+zq2xpPoM
17DeDYdJ6LGCB04+g8utofZnFcl1VSw1dXMlLjZ71X35scEi14zE3N7Q8vOkAND9
xmiHdCy3n2bnEdOE/ZQbh9o1ttHFE8Bkf8XDc2+sKr+unWnGhnTzemNl1EsUw1P3
9nDV8Uv1tjcC2Vx6tGyDi/GbATdwC7yYJoMWuyP1K7RAXSlqWKZLswqILkbuyJII
ge2nQPCcJ36uf1Fph9lfXmlzrHLsvn21jNQnbUPIFmi2jFkG+ISA7LA+Df7xrYIe
Rmo/pUdnGcWdpFEd1tg84bKzi1Ue48tmRfxgf6FmchwqelSXb9uQBrjzWK1SQfwR
rpodLREyJmwSky6J+ldigUXXmnBzQ/JNFGc6po1y5BHHBRuwMhefd57LwwARAQAB
tC1UaG9tYXMgUGFycm90dCA8dGhvbWFzLnBhcnJvdHRAY2Fub25pY2FsLmNvbT6J
Ak4EEwEKADgWIQTtHKHnpvgOIuXLLahKzhBmFXVGFAUCZJVGjwIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBKzhBmFXVGFCo3EACmUM07J7jf5HfQO9fEd8IV
3d2ff3uA5DtFulZHNLAJ/jCopeHeX7f8V0iYwpyjzcupdQJZ64my99+3z8sdAqPD
bsDedIr0Kb3gjRunGRLSla/u9hxVXbdwmqgzfcOWo1fR3crbVCSjyGhci9K5EqK4
iquQhVmEjNMFs2i2L+OrO2NHS3mSeEDv8BhMA73OZNoIP6L0kvL1ye1sd7MbXYTh
EapnHURT4j24CTMDrCg6pVAjZDo5YIdixk7B2kM0KZANubQz278nIFdpQ07pNikk
OGMZOiuP7dYgt6dDNIRXY2oBwTefGTIRG7dW2Tlb+Pm2+0r7A28KGR8+oz+Gll7C
rfkvDx2AJqdsS166ssu81PQusdgMCSUR6+LblvlXVIMiRD9W4woZa1rpGnDrRBVT
spwb6WcNGmSXbSe2HLuPOAg6qHlchlv2ZW2S68jMgh2EGN4TIWapSkJCw0BLdNvm
Dz1vwNf6HQ8KZh2VQiRQhTNgvvmkRyVQSBfvdDvfDca1GIi4+tgd0jbr6Gy1+l1h
bv0NgJUjIRo3DLVs7dHCfr9D8CzcjCPxXpauvd6AYJ63cXkXfE6IH/+fk0M3Y+pI
6G58gNii2TG60xaQJ0+rePF1pHNIf1cEKRNjPaSTaEZBvew6r55U1N8gZwzExtsB
isJYiWMpL9BeAhJxdQBAHLQdVGhvbWFzIFBhcnJvdHQgPHRvbXBAdG9tcC51az6J
Ak4EEwEKADgWIQTtHKHnpvgOIuXLLahKzhBmFXVGFAUCXKI2igIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBKzhBmFXVGFFCrEADBekf1mFk/RzD2eagfqIHC
LoVlJVVOUVyD/8kyYLLJFJDDp9EKJkCqM67aBYKcnM8nnuUQybJcdeC9tbXH7UfI
dFH6nO/PYOECVFHJy0UP27+x0SpG3EA4mDiEyFTnRRJIEDaH4ANMXQxKekcwqpBl
SH1TtpS3ckKiCZ016+epxj1kWuRRTy37xYrv08RvLQAVPCF7dWhOmn6AYnrNZZAt
MnZktrijHjU/ZjF7EXT+dSI1PnqHsW8AHu9dWgyXQI+e2jYPmSFPx5MFgY3GXjrC
KUhPbZ9Ctjpk3ooFrK4EcJIhpNMmB6tycSmquXRUpa+xZXIZ6gFAKYrv577oqmZe
++jneHwYzXfRIDol0rhgPbyS1FqNXGpVtNgmRS8N4yyphSSuPZPvq1lvbOFNzcqn
Zlc5QPJUW/SyrNQOM0jp5a5wLKbUo4L05nODuUG2Rqy9Qr664iv+P88IGS8QKnbX
LgRZahPTQ6cRpNmdOvY0aTaciBeBi1EyW0vywmKZEjZLdBmpzwXJUa+yLzjCOLNa
IliriIjBoMloUOT3kLGKRZ6OFBXAv4wds8U+Ac2qQnpO3P1sT3peC7oNprnhJ0Jq
WPsRtDVfgCutgtmvYn5a/NSLhFr2UmKOnLJj6VV2HMBdYTh2w/+hotbnSjLXalmi
xmkMSm7sGRBFL1natOuaybkCDQRcojaKARAAp04MWhQS/hR7OVSyu3Y2APzgketB
261q/oPFIPYUv8oaXlR3JWXvR5+NsOkwCRemgGJI73dbjLACPc2meVHngvL4PoAd
w8IPmODBpMZCK+b1sxzfo+chzihoJF8PMFVH5G+xBPwpO/nAaJjx6VJNL0pBCr0m
4sMJ9Lxr+mK4vEdGwTqbfil+/Bsk2voCwhCgXjmyNSvQuLbIhoLvbIE8Za/BAsDU
HRllnFXCFU0l/KU4IS4mczHq3Fp9ycSNYG0Q3K8wmCu/QSnilwhDV35JPMl6Vexe
ZYQ96B1cSxi1dRKA4Ckf0ISbfoECxp/jFEJelIfYSCWHeSnCMzMjbkjy+t9R79KT
xo7lRTAs3CD9+hfBSzZHBmsOS2ykC1Fa1CODIfZOwvOBX3fZyMjjlQpJfPut148R
Q5nR+4dc4t8xKMDkpImX3uODIjr2PpEvTN4ytNCZhyaNdFuMnuEGZcJkA8BfNTrS
7o2tY45zoC0S6kAMiLN/V5Td7ewi5NjGm0DGZ5QJMDLefZHitApmduPoYsGrtAmo
uueehBcaa23BRF8qzqt1hAJ+lOdkbi65X2m6ZVoUcut/qStdH46XvA5KcPVyx1xU
quZPt7H25wzp6bAZKs0XCafkfJp2ZhhpFx7CPZLLHJkszqpxrFyh/dTbgNWAv6EI
vuEGPT2p347TEX0AEQEAAYkCNgQYAQoAIBYhBO0coeem+A4i5cstqErOEGYVdUYU
BQJcojaKAhsMAAoJEErOEGYVdUYUEkIQAMB223yj+SDWn0ufG0X/8lGC7cnbfqFE
09P3BcjXLFp2qznbZ3p4utKOXVBoh17xO1MXCfakGRJkn20M/M69xuKJGB3nSRsK
daJX6JPXqlLb74s+7csC+NgnyIfISvfZ5gB8u9KjnPHFC6+COG5KdlZjY6XtbsHV
qhhCxBcKKG4c4IY3w8H/zj1Y4KZPyTWtWu9j1y+IAdSIXmJgIU+w3W1X15L5dbIH
u7Qit/h4zxA1TNYP6Lyocm+7++C2HGTEmWbbFIU0WRdcyPLAEfX2YgfOUuXCp8jY
dWyYknQ7E77KlmhQgK66MwXQPKFnvwdU4cplNsKY5l0qAT1EGPypZfvlIU1pUW+G
T7qy/6B8X8hb4ynqjL/mRsqxumV23Xhv/2S7XFXXjrebk38w1kU0kWS2s3Nqbwq1
5szF2KWgKKO7n+KSuAjOt3p4ztZ6V041WmCL9TIjSacQRAeunIsLupx0EPnedLkO
jc8ZYFY731OF3q1DBWbKnRzPXVazMMNIYUxQ1DMaOAqFTuxEYj02lRHqIoJBCq/L
cHgyVCYmdETM7A/Wkh+iRXH6txPA64loHwEvmxrSiBhmd3T19KwBWAk/AtCnjEgL
wW0aPgVEE7KBMLpyfGHQevQVwW1YsrxncQvT7vgT+h+P9mAgOcEOPdnsGT6T1ljS
lw4DIrt30T1S
=JHs9
-----END PGP PUBLIC KEY BLOCK-----

32
lxd.service Normal file
View File

@ -0,0 +1,32 @@
[Unit]
Description=LXD Container Hypervisor
After=network-online.target lxcfs.service
Requires=network-online.target lxcfs.service
Documentation=man:lxd(1)
[Service]
Environment=LXD_OVMF_PATH=/usr/share/lxd/ovmf
ExecStart=/usr/bin/lxd --group=lxd --logfile=/var/log/lxd/lxd.log
ExecStartPost=/usr/bin/lxd waitready --timeout=600
ExecStop=/usr/bin/lxd shutdown --timeout=600
TimeoutStartSec=600s
TimeoutStopSec=30s
Restart=on-failure
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
# No need to add a task limit.
TasksMax=infinity
# Set delegate yes so that systemd does not mess with LXD cgroups.
Delegate=yes
# Kill only the LXD process, not all processes in the cgroup.
KillMode=process
[Install]
WantedBy=multi-user.target

446
lxd.spec Normal file
View File

@ -0,0 +1,446 @@
#
# spec file for package lxd
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# nodebuginfo
%go_nostrip
%define _buildshell /bin/bash
%define import_path github.com/canonical/lxd
%define lxd_datadir %{_datadir}/lxd
%define lxd_ovmfdir %{lxd_datadir}/ovmf
# We need OVMF in order to support VMs with LXD. At the moment this means we
# can only support it on x86_64.
%ifarch x86_64
%define arch_vm_support 1
%else
%define arch_vm_support 0
%endif
Name: lxd
Version: 5.21.1
Release: 0
Summary: Container hypervisor based on LXC
License: AGPL-3.0-only AND Apache-2.0
Group: System/Management
URL: https://ubuntu.com/lxd
Source: https://github.com/canonical/lxd/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/canonical/lxd/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz.asc
Source2: %{name}.keyring
Source3: %{name}-rpmlintrc
Source4: %{name}.sysusers
# LXD upstream doesn't use systemd, they use snapd.
Source100: %{name}.service
# LXD upstream doesn't have a sample config file.
Source101: %{name}-config.yml
# Additional runtime configuration.
Source200: %{name}.sysctl
Source201: %{name}.dnsmasq
BuildRequires: fdupes
BuildRequires: go >= 1.22
BuildRequires: golang-packaging
BuildRequires: libacl-devel
BuildRequires: libcap-devel
BuildRequires: liblz4-devel
BuildRequires: patchelf
BuildRequires: pkgconfig
BuildRequires: rsync
BuildRequires: sqlite3-devel >= 3.25
BuildRequires: sysuser-tools
BuildRequires: pkgconfig(libudev)
BuildRequires: pkgconfig(lxc) >= 4.0.0
# Needed to build dqlite and raft.
BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: pkgconfig(libuv) >= 1.8.0
Requires: kernel-base >= 5.4
# Bits required for images and other things at runtime.
Requires: acl
Requires: attr
Requires: ebtables
BuildRequires: dnsmasq
Requires: dnsmasq
Requires: lxcfs
Requires: lxcfs-hooks-lxc
Requires: rsync
Requires: squashfs
Requires: tar
Requires: xz
%if 0%{arch_vm_support} != 0
# Needed for VM support.
Requires: qemu-ovmf-x86_64
BuildRequires: qemu-ovmf-x86_64
# QEMU spice became a separate package for QEMU 5.2, which is not in Leap 15.2.
# But it exists in Tumbleweed so only require this in Tumbleweed.
%if 0%{?suse_version} > 1500 || 0%{?sle_version} == 150300
Requires: qemu-ui-spice-core
%else
Requires: qemu-ui-spice-app
%endif
%ifarch %ix86 x86_64
Requires: qemu-x86 >= 6.0
%endif
%ifarch aarch64 %arm
Requires: qemu-arm >= 6.0
%endif
%endif
# Storage backends -- we don't recommend ZFS since it's not *technically* a
# blessed configuration.
Recommends: lvm2
Recommends: btrfsprogs
Recommends: thin-provisioning-tools
# CRIU is used for certain operations but is not necessary (and is no longer
# shipped on 32-bit openSUSE).
Recommends: criu >= 2.0
Suggests: zfs
%sysusers_requires
%description
LXD is a system container manager. It offers a user experience
similar to virtual machines but uses Linux containers (LXC) instead.
%package bash-completion
Summary: Bash Completion for %{name}
Group: System/Management
Requires: %{name} = %{version}
Supplements: (%{name} and bash-completion)
BuildArch: noarch
%description bash-completion
Bash command line completion support for %{name}.
%prep
%setup -q
%build
%sysusers_generate_pre %{SOURCE4} %{name} %{name}.conf
# Make sure any leftover go build caches are gone.
go clean -cache
# Set up temporary installation paths.
export INSTALL_ROOT="$PWD/.install"
export INSTALL_INCLUDEDIR="$INSTALL_ROOT/%{_includedir}"
export INSTALL_LIBDIR="$INSTALL_ROOT/%{_libdir}/%{name}"
# We first need to build all of the LXD-specific dependencies. To avoid binary
# bloat, we build them as dylibs -- but we then later need to mess around with
# the ELF headers to stop the openSUSE packaging scripts from freaking out.
export CFLAGS="%{optflags} -fPIC -DPIC"
# We have a temporary-install directory which contains all of the dylib deps.
export PKG_CONFIG_SYSROOT_DIR="$INSTALL_ROOT"
export PKG_CONFIG_PATH="$INSTALL_LIBDIR/pkgconfig"
# For some reason, Leap need us to specify this explicitly now.
export CPPFLAGS="-I$INSTALL_INCLUDEDIR"
# raft
pushd "vendor/raft"
autoreconf -fiv
%configure \
--libdir="%{_libdir}/%{name}" \
--disable-static
make %{?_smp_mflags}
make DESTDIR="$INSTALL_ROOT" install
popd
# dqlite
pushd "vendor/dqlite"
(
autoreconf -fiv
%configure \
--libdir="%{_libdir}/%{name}" \
--disable-static
make clean
make %{?_smp_mflags}
make DESTDIR="$INSTALL_ROOT" install
)
popd
# Find all of the main packages using go-list.
readarray -t mainpkgs \
<<<"$(go list -f '{{.Name}}:{{.ImportPath}}' %{import_path}/... | \
awk -F: '$1 == "main" { print $2 }' | \
grep -Ev '^github.com/canonical/lxd/(test|shared)')"
# Needed because lxd and deps use funky #cgo LDFLAGS that Go blocks by default.
export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
# And now we can finally build LXD and all of the related binaries.
mkdir bin
for mainpkg in "${mainpkgs[@]}"
do
# Make sure all binaries *except* "lxc" have an lxd- prefix.
binary="$(basename "$mainpkg")"
if ( echo "$binary" | grep -Eqv '^lx[cd].*$' )
then
binary="lxd-$binary"
fi
case "$binary" in
lxd-agent)
build_static=1
build_tags="agent,netgo"
;;
lxd-p2c)
build_static=1
build_tags="netgo"
;;
*)
build_static=
build_tags="libsqlite3"
;;
esac
(
# We need to link against our particular dylib deps.
export \
CGO_CFLAGS="-I $INSTALL_INCLUDEDIR" \
CGO_LDFLAGS="-L $INSTALL_LIBDIR" ||:
if [ -n "$build_static" ]
then
CGO_ENABLED=0 go build -ldflags "-extldflags -static" \
-tags "$build_tags" -o "bin/$binary" "$mainpkg"
else
go build -buildmode=pie \
-tags "$build_tags" -o "bin/$binary" "$mainpkg"
fi
)
done
# This part is quite ugly, so I apologise upfront.
#
# We want to have our vendor/* libraries be dylibs so that we don't bloat our
# lxd binary. Unfortunately, we are presented with a few challenges:
#
# * Doing this naively (put it in {_libdir}) results in sqlite3 package
# conflicts -- and we aren't going to maintain sqlite3 for all of openSUSE
# here.
#
# * Putting everything in a hidden {_libdir}/{name} with RUNPATH configured
# accordingly works a little better, but still results in lxd ending up with
# {Provides,Requires}: libsqlite3.so.0. This results in more esoteric
# conflicts but is still an issue (we'd need to add Prefer: libsqlite3-0
# everywhere).
#
# So, the only reasonable choice left is to use absolute paths as DT_NEEDED
# entries -- which bypasses the need for RUNPATH and allows us to set garbage
# sonames for our vendor/* libraries. Absolute paths for DT_NEEDED is
# *slightly* undefined behaviour, but glibc has had this behaviour for a very
# long time -- and others have considered using it in a similar manner[1].
#
# What F U N.
#
# [1]: https://github.com/NixOS/nixpkgs/issues/24844
(
# A simple check that lxd isn't broken. We can't do this after patchelf
# because we'd need to chroot(2) into {buildroot} which isn't permitted due
# to user namespaces being blocked inside rpmbuild. boo#1138769
export LD_LIBRARY_PATH="$INSTALL_LIBDIR"
./bin/lxd help
)
for lib in "$INSTALL_LIBDIR"/lib*.so
do
# Strip off last two version digits.
name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')"
# Give our libraries unrecognisable DT_SONAME entries.
patchelf --set-soname "._LXD_INTERNAL-$name" "$lib"
# Make sure they're executable.
chmod +x "$lib"
done
# Switch to absolute DT_NEEDED for all dylibs we have as well as the main LXD
# binary. We do this for all dylibs to make sure we don't end up with weird
# chain-loading problems.
for target in bin/* "$INSTALL_LIBDIR"/lib*.so
do
case "$(basename "$target")" in
lxd-agent|lxd-p2c)
# Cannot patch static binaries, and the patching isn't necessary
# for them anyway.
continue
;;
*)
;;
esac
# Drop RPATH in case it got included during builds.
patchelf --remove-rpath "$target"
# And now replace all the possible DT_NEEDEDs to absolute paths.
for lib in "$INSTALL_LIBDIR"/lib*.so
do
# Strip off last two version digits.
name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')"
patchelf --replace-needed {,%{_libdir}/%{name}/}"$name" "$target"
done
done
# Generate man pages.
mkdir man
./bin/lxc manpage man/
# Final sanity-check during build.
pushd bin/
for bin in *
do
# Ensure that all our binaries are dynamic (except for lxd-p2c and
# lxd-agent, which must be static). boo#1138769
case "$(basename $bin)" in
lxd-agent|lxd-p2c)
file "$bin" | grep 'statically linked'
;;
*)
file "$bin" | grep 'dynamically linked'
# Check what they are linked against.
ldd "$bin"
;;
esac
done
popd
%install
export INSTALL_LIBDIR="$PWD/.install/%{_libdir}/%{name}"
install -d -m 0755 %{buildroot}%{_libdir}/%{name}
# We can't use install because *.so.$n are symlinks.
cp -avt %{buildroot}%{_libdir}/%{name}/ "$INSTALL_LIBDIR"/lib*.so.*
# Install all the binaries.
pushd bin/
for bin in *
do
install -D -m 0755 "$bin" "%{buildroot}%{_bindir}/$bin"
done
popd
# System-wide client configuration.
install -D -m0644 %{S:101} %{buildroot}/etc/lxd/config.yml
install -d -m0755 %{buildroot}/etc/lxd/servercerts
# Install man pages.
pushd man/
for man in *
do
section="${man##*.}"
install -D -m 0644 "$man" "%{buildroot}%{_mandir}/man$section/$man"
done
popd
# bash-completion.
install -D -m 0644 scripts/bash/lxd-client %{buildroot}%{_datadir}/bash-completion/completions/lxc
# sysv-init and systemd setup.
install -D -m 0644 %{S:100} %{buildroot}%{_unitdir}/%{name}.service
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
# Run-time configuration.
install -D -m 0644 %{S:200} %{buildroot}%{_sysctldir}/60-lxd.conf
install -D -m 0644 %{S:201} %{buildroot}%{_sysconfdir}/dnsmasq.d/60-lxd.conf
# Run-time directories.
install -d -m 0711 %{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name}
# sysusers.d
install -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/%{name}.conf
%if 0%{arch_vm_support} != 0
# In order for VM support in LXD to function, you need to have OVMF configured
# in the way it expects. In particular, LXD depends on specific filenames for
# the firmware files so we create fake ones with symlinks.
mkdir -p %{buildroot}%{lxd_ovmfdir}
ln -s %{_datarootdir}/qemu/ovmf-x86_64-code.bin %{buildroot}%{lxd_ovmfdir}/OVMF_CODE.fd
ln -s %{_datarootdir}/qemu/ovmf-x86_64-vars.bin %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.fd
ln -s OVMF_VARS.fd %{buildroot}%{lxd_ovmfdir}/OVMF_VARS.ms.fd
%endif
%fdupes %{buildroot}
%pre -f %{name}.pre
# /etc/sub[ug]id should exist already (it's part of shadow-utils), but older
# distros don't have it. LXD just parses it and doesn't need any special
# shadow-utils helpers.
touch /etc/subuid /etc/subgid ||:
# Add sub[ug]ids for LXD's unprivileged containers -- in order to support
# isolated containers we add quite a few subuids. Since LXD runs as root we add
# them for the root user (not the lxd group). We only bother if there aren't
# any mappings available already.
#
# We have no guarantee that the range we pick will be unique -- which ideally
# we would want it to be. There isn't a nice way to do this without
# reimplementing a bunch of range-handling code for /etc/sub[ug]id in bash. So
# we just pick the 400-900 million range, and hope for the best (most tutorials
# use the 1-million range, so we avoid that pitfall).
#
# This default setting of 500 million is enough for ~8000 isolated containers,
# which should be enough for most users.
grep -q '^root:' /etc/subuid || \
usermod -v 400000000-900000000 root &>/dev/null || \
echo "root:400000000:500000001" >>/etc/subuid ||:
grep -q '^root:' /etc/subgid || \
usermod -w 400000000-900000000 root &>/dev/null || \
echo "root:400000000:500000001" >>/etc/subgid ||:
%service_add_pre %{name}.service
%post
%sysctl_apply 60-lxd.conf
%service_add_post %{name}.service
%preun
%service_del_preun %{name}.service
%postun
%sysctl_apply 60-lxd.conf
%service_del_postun %{name}.service
%files
%defattr(-,root,root)
%doc AUTHORS README.md doc/
%license COPYING
%{_bindir}/lx{c,d}*
%{_mandir}/man*/*
%{_libdir}/%{name}
%dir /etc/lxd
%config(noreplace) /etc/lxd/config.yml
%dir /etc/lxd/servercerts
%if 0%{arch_vm_support} != 0
%{lxd_datadir}
%endif
%{_sbindir}/rc%{name}
%{_unitdir}/%{name}.service
%{_sysusersdir}/%{name}.conf
%dir %{_localstatedir}/lib/%{name}
%dir %{_localstatedir}/log/%{name}
%{_sysctldir}/60-lxd.conf
%config(noreplace) %{_sysconfdir}/dnsmasq.d/60-lxd.conf
%files bash-completion
%defattr(-,root,root)
%{_datadir}/bash-completion/
%changelog

26
lxd.sysctl Normal file
View File

@ -0,0 +1,26 @@
# WARNING: DO NOT MODIFY THIS FILE.
# Changes to this file will be lost when the lxd package is updated or removed.
# Instead, add changes to /etc/sysctl.d/.
# These defaults come from doc/production-setup.md, but have been slightly
# modified to be less extreme. The recommended value is included as a comment
# below each changed value.
# inotify limits.
fs.inotify.max_queued_events = 131072 # 1048576
fs.inotify.max_user_instances = 131072 # 1048576
fs.inotify.max_user_watches = 131072 # 1048576
# Number of memory mappings a process can have (lxd can have quite a lot).
#vm.max_map_count = 262144
# Deny container access to kmsg, but this also blocks non-root host users so
# it's disabled by default. This isn't a bad hardening measure in general.
#kernel.dmesg_restrict = 1
# ARP table size (one per container)
net.ipv4.neigh.default.gc_thresh3 = 2048 # 8192
net.ipv6.neigh.default.gc_thresh3 = 2048 # 8192
# Number of kernel keyrings for unprivileged users (one per container).
kernel.keys.maxkeys = 2048

2
lxd.sysusers Normal file
View File

@ -0,0 +1,2 @@
#Type Name ID GECOS Home directory Shell
g lxd - - - -