pool/lxd
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 691258 from home:cyphar:lxc

Browse Source 
- Make sqlite+dqlite both shared libs to avoid bloating RSS. In order to avoid
  issues with packaging new versions of libsqlite3 there are a bunch of
  DT_SONAME and DT_NEEDED hacks to ensure that rpm doesn't cause false-positive
  conflicts or other issues. This requires a new lxd-rpmlintrc to work on older
  SLE versions.

OBS-URL: https://build.opensuse.org/request/show/691258
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=5
This commit is contained in:
Aleksa Sarai 2019-04-03 13:40:10 +00:00 committed by Git OBS Bridge
parent a02b7f74de
commit d93a7dcf1e
4 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lxd-rpmlintrc Normal file
View File

@ -0,0 +1,4 @@
# The linking against full paths underneath /usr/lib64/lxd/ is intentional, as
# our shared libraries are internal and aren't meant to be used outside LXD.
# This error only appears in old SLE versions.
addFilter ("^lxd.* E: invalid-filepath-dependency .* /usr/lib(32|64)?/lxd/")

3
lxd.changes
View File

@ -4,7 +4,8 @@ Thu Mar 28 01:54:01 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Make sqlite+dqlite both shared libs to avoid bloating RSS. In order to avoid - Make sqlite+dqlite both shared libs to avoid bloating RSS. In order to avoid
issues with packaging new versions of libsqlite3 there are a bunch of issues with packaging new versions of libsqlite3 there are a bunch of
DT_SONAME and DT_NEEDED hacks to ensure that rpm doesn't cause false-positive DT_SONAME and DT_NEEDED hacks to ensure that rpm doesn't cause false-positive
conflicts or other issues. conflicts or other issues. This requires a new lxd-rpmlintrc to work on older
SLE versions.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 26 02:44:05 UTC 2019 - Aleksa Sarai <asarai@suse.com> Tue Mar 26 02:44:05 UTC 2019 - Aleksa Sarai <asarai@suse.com>

2
lxd.service
View File

@ -5,7 +5,7 @@ Requires=network-online.target lxcfs.service
Documentation=man:lxd(1) Documentation=man:lxd(1)
[Service] [Service]
ExecStart=/usr/bin/lxd --group lxd --logfile=/var/log/lxd/lxd.log ExecStart=/usr/bin/lxd --group=lxd --logfile=/var/log/lxd/lxd.log
ExecStartPost=/usr/bin/lxd waitready --timeout=600 ExecStartPost=/usr/bin/lxd waitready --timeout=600
TimeoutStartSec=600s TimeoutStartSec=600s
TimeoutStopSec=30s TimeoutStopSec=30s

23
lxd.spec
View File

@ -27,6 +27,7 @@ URL: https://linuxcontainers.org/lxd
Source: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz Source: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz
Source1: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz.asc Source1: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz.asc
Source2: %{name}.keyring Source2: %{name}.keyring
Source3: %{name}-rpmlintrc
# LXD upstream doesn't use systemd, they use snapd. # LXD upstream doesn't use systemd, they use snapd.
Source100: %{name}.service Source100: %{name}.service
# Additional runtime configuration. # Additional runtime configuration.
@ -176,8 +177,8 @@ done
# [1]: https://github.com/NixOS/nixpkgs/issues/24844 # [1]: https://github.com/NixOS/nixpkgs/issues/24844
# Give our libraries unrecognisable DT_SONAME entries. # Give our libraries unrecognisable DT_SONAME entries.
patchelf --set-soname '_lxd-libsqlite3.so.0' "$PKGDIR/dist/sqlite/.libs/libsqlite3.so.0" patchelf --set-soname '._LXD_INTERNAL-libsqlite3.so.0' "$PKGDIR/dist/sqlite/.libs/libsqlite3.so.0"
patchelf --set-soname '_lxd-libdqlite.so.0' "$PKGDIR/dist/dqlite/.libs/libdqlite.so.0" patchelf --set-soname '._LXD_INTERNAL-libdqlite.so.0' "$PKGDIR/dist/dqlite/.libs/libdqlite.so.0"
# Switch to absolute DT_NEEDED for the lxd binary. # Switch to absolute DT_NEEDED for the lxd binary.
patchelf --remove-rpath bin/lxd patchelf --remove-rpath bin/lxd
@ -238,27 +239,31 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name}
%fdupes %{buildroot} %fdupes %{buildroot}
%pre %pre
# Set up a user with subuid mappings so we can # Group which owns the lxd socket, which allows people to administer it.
getent group %{name} &>/dev/null || groupadd -r %{name} getent group %{name} &>/dev/null || groupadd -r %{name} ||:
# /etc/sub[ug]id should exist already (it's part of shadow-utils), but older # /etc/sub[ug]id should exist already (it's part of shadow-utils), but older
# distros don't have it. LXD just parses it and doesn't need any special # distros don't have it. LXD just parses it and doesn't need any special
# shadow-utils helpers. # shadow-utils helpers.
touch /etc/sub{u,g}id touch /etc/sub{u,g}id ||:
# Add sub[ug]ids for LXD's unprivileged containers -- in order to support # Add sub[ug]ids for LXD's unprivileged containers -- in order to support
# isolated containers we add quite a few subuids. Since LXD runs as root we add # isolated containers we add quite a few subuids. Since LXD runs as root we add
# them for the root user (not the lxd group). # them for the root user (not the lxd group). We only bother if there aren't
# any mappings available already.
# #
# We have no guarantee that the range we pick will be unique -- which ideally # We have no guarantee that the range we pick will be unique -- which ideally
# we would want it to be. There isn't a nice way to do this without # we would want it to be. There isn't a nice way to do this without
# reimplementing a bunch of range-handling code for /etc/sub[ug]id in bash. So # reimplementing a bunch of range-handling code for /etc/sub[ug]id in bash. So
# we just pick the 40-80 million range, and hope for the best (most tutorials # we just pick the 400-900 million range, and hope for the best (most tutorials
# use the 1-million range, so we avoid that pitfall). # use the 1-million range, so we avoid that pitfall).
#
# This default setting of 500 million is enough for ~8000 isolated containers,
# which should be enough for most users.
grep '^root:' /etc/subuid &>/dev/null || \ grep '^root:' /etc/subuid &>/dev/null || \
usermod -v 40000000-80000000 root usermod -v 400000000-900000000 root ||:
grep '^root:' /etc/subgid &>/dev/null || \ grep '^root:' /etc/subgid &>/dev/null || \
usermod -w 40000000-80000000 root usermod -w 400000000-900000000 root ||:
%service_add_pre %{name}.service %service_add_pre %{name}.service