commit 4190bd0c6d3c6b943704507f7a7e7ed1aa0a51a1 parent c9dcc2809378f209ab0ce33fd2cdc14e1e005ff7 Author: Jan Pobříslo <ccx@te2000.cz> Date: Thu, 25 Nov 2021 21:50:06 +0000 Code to initialize Alpine containers Diffstat:
| A | container_template/alpine/etc/hosts | | | 2 | ++ |
| A | container_template/alpine/etc/profile | | | 45 | +++++++++++++++++++++++++++++++++++++++++++++ |
| A | container_template/alpine/etc/protocols | | | 64 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | container_template/alpine/etc/services | | | 364 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | container_template/alpine/etc/shells | | | 5 | +++++ |
| M | zsh-functions/confz_containers_init | | | 362 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------- |
| M | zsh-functions/confz_site_containers_init | | | 14 | +++++++++++++- |
7 files changed, 805 insertions(+), 51 deletions(-)
diff --git a/container_template/alpine/etc/hosts b/container_template/alpine/etc/hosts @@ -0,0 +1,2 @@ +127.0.0.1 localhost localhost.localdomain +::1 localhost localhost.localdomain diff --git a/container_template/alpine/etc/profile b/container_template/alpine/etc/profile @@ -0,0 +1,45 @@ +# Append "$1" to $PATH when not already in. +# Copied from Arch Linux, see #12803 for details. +append_path () { + case ":$PATH:" in + *:"$1":*) + ;; + *) + PATH="${PATH:+$PATH:}$1" + ;; + esac +} + +append_path "/usr/local/sbin" +append_path "/usr/local/bin" +append_path "/usr/sbin" +append_path "/usr/bin" +append_path "/sbin" +append_path "/bin" +unset -f append_path + +export PATH +export PAGER=less +umask 022 + +# set up fallback default PS1 +: "${HOSTNAME:=$(hostname)}" +PS1='${HOSTNAME%%.*}:$PWD' +[ "$(id -u)" = "0" ] && PS1="${PS1}# " +[ "$(id -u)" = "0" ] || PS1="${PS1}\$ " + +# use nicer PS1 for bash and busybox ash +[ -n "$BASH_VERSION" -o "$BB_ASH_VERSION" ] && PS1='\h:\w\$ ' + +# use nicer PS1 for zsh +[ -n "$ZSH_VERSION" ] && PS1='%m:%~%# ' + +# export PS1 as before +export PS1 + +for script in /etc/profile.d/*.sh ; do + if [ -r "$script" ] ; then + . "$script" + fi +done +unset script diff --git a/container_template/alpine/etc/protocols b/container_template/alpine/etc/protocols @@ -0,0 +1,64 @@ +# Internet (IP) protocols +# +# Updated from http://www.iana.org/assignments/protocol-numbers and other +# sources. +# New protocols will be added on request if they have been officially +# assigned by IANA and are not historical. +# If you need a huge list of used numbers please install the nmap package. + +ip 0 IP # internet protocol, pseudo protocol number +hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883] +icmp 1 ICMP # internet control message protocol +igmp 2 IGMP # Internet Group Management +ggp 3 GGP # gateway-gateway protocol +ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') +st 5 ST # ST datagram mode +tcp 6 TCP # transmission control protocol +egp 8 EGP # exterior gateway protocol +igp 9 IGP # any private interior gateway (Cisco) +pup 12 PUP # PARC universal packet protocol +udp 17 UDP # user datagram protocol +hmp 20 HMP # host monitoring protocol +xns-idp 22 XNS-IDP # Xerox NS IDP +rdp 27 RDP # "reliable datagram" protocol +iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 [RFC905] +dccp 33 DCCP # Datagram Congestion Control Prot. [RFC4340] +xtp 36 XTP # Xpress Transfer Protocol +ddp 37 DDP # Datagram Delivery Protocol +idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport +ipv6 41 IPv6 # Internet Protocol, version 6 +ipv6-route 43 IPv6-Route # Routing Header for IPv6 +ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 +idrp 45 IDRP # Inter-Domain Routing Protocol +rsvp 46 RSVP # Reservation Protocol +gre 47 GRE # General Routing Encapsulation +esp 50 IPSEC-ESP # Encap Security Payload [RFC2406] +ah 51 IPSEC-AH # Authentication Header [RFC2402] +skip 57 SKIP # SKIP +ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 +ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 +ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 +rspf 73 RSPF CPHB # Radio Shortest Path First (officially CPHB) +vmtp 81 VMTP # Versatile Message Transport +eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) +ospf 89 OSPFIGP # Open Shortest Path First IGP +ax.25 93 AX.25 # AX.25 frames +ipip 94 IPIP # IP-within-IP Encapsulation Protocol +etherip 97 ETHERIP # Ethernet-within-IP Encapsulation [RFC3378] +encap 98 ENCAP # Yet Another IP encapsulation [RFC1241] +# 99 # any private encryption scheme +pim 103 PIM # Protocol Independent Multicast +ipcomp 108 IPCOMP # IP Payload Compression Protocol +vrrp 112 VRRP # Virtual Router Redundancy Protocol [RFC5798] +l2tp 115 L2TP # Layer Two Tunneling Protocol [RFC2661] +isis 124 ISIS # IS-IS over IPv4 +sctp 132 SCTP # Stream Control Transmission Protocol +fc 133 FC # Fibre Channel +mobility-header 135 Mobility-Header # Mobility Support for IPv6 [RFC3775] +udplite 136 UDPLite # UDP-Lite [RFC3828] +mpls-in-ip 137 MPLS-in-IP # MPLS-in-IP [RFC4023] +manet 138 # MANET Protocols [RFC5498] +hip 139 HIP # Host Identity Protocol +shim6 140 Shim6 # Shim6 Protocol [RFC5533] +wesp 141 WESP # Wrapped Encapsulating Security Payload +rohc 142 ROHC # Robust Header Compression diff --git a/container_template/alpine/etc/services b/container_template/alpine/etc/services @@ -0,0 +1,364 @@ +# Network services, Internet style +# +# Note that it is presently the policy of IANA to assign a single well-known +# port number for both TCP and UDP; hence, officially ports have two entries +# even if the protocol doesn't support UDP operations. +# +# Updated from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml . +# +# New ports will be added on request if they have been officially assigned +# by IANA and used in the real-world or are needed by a debian package. +# If you need a huge list of used numbers please install the nmap package. + +tcpmux 1/tcp # TCP port service multiplexer +echo 7/tcp +echo 7/udp +discard 9/tcp sink null +discard 9/udp sink null +systat 11/tcp users +daytime 13/tcp +daytime 13/udp +netstat 15/tcp +qotd 17/tcp quote +chargen 19/tcp ttytst source +chargen 19/udp ttytst source +ftp-data 20/tcp +ftp 21/tcp +fsp 21/udp fspd +ssh 22/tcp # SSH Remote Login Protocol +telnet 23/tcp +smtp 25/tcp mail +time 37/tcp timserver +time 37/udp timserver +whois 43/tcp nicname +tacacs 49/tcp # Login Host Protocol (TACACS) +tacacs 49/udp +domain 53/tcp # Domain Name Server +domain 53/udp +bootps 67/udp +bootpc 68/udp +tftp 69/udp +gopher 70/tcp # Internet Gopher +finger 79/tcp +http 80/tcp www # WorldWideWeb HTTP +kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5 +kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5 +iso-tsap 102/tcp tsap # part of ISODE +acr-nema 104/tcp dicom # Digital Imag. & Comm. 300 +pop3 110/tcp pop-3 # POP version 3 +sunrpc 111/tcp portmapper # RPC 4.0 portmapper +sunrpc 111/udp portmapper +auth 113/tcp authentication tap ident +nntp 119/tcp readnews untp # USENET News Transfer Protocol +ntp 123/udp # Network Time Protocol +epmap 135/tcp loc-srv # DCE endpoint resolution +netbios-ns 137/udp # NETBIOS Name Service +netbios-dgm 138/udp # NETBIOS Datagram Service +netbios-ssn 139/tcp # NETBIOS session service +imap2 143/tcp imap # Interim Mail Access P 2 and 4 +snmp 161/tcp # Simple Net Mgmt Protocol +snmp 161/udp +snmp-trap 162/tcp snmptrap # Traps for SNMP +snmp-trap 162/udp snmptrap +cmip-man 163/tcp # ISO mgmt over IP (CMOT) +cmip-man 163/udp +cmip-agent 164/tcp +cmip-agent 164/udp +mailq 174/tcp # Mailer transport queue for Zmailer +xdmcp 177/udp # X Display Manager Control Protocol +bgp 179/tcp # Border Gateway Protocol +smux 199/tcp # SNMP Unix Multiplexer +qmtp 209/tcp # Quick Mail Transfer Protocol +z3950 210/tcp wais # NISO Z39.50 database +ipx 213/udp # IPX [RFC1234] +ptp-event 319/udp +ptp-general 320/udp +pawserv 345/tcp # Perf Analysis Workbench +zserv 346/tcp # Zebra server +rpc2portmap 369/tcp +rpc2portmap 369/udp # Coda portmapper +codaauth2 370/tcp +codaauth2 370/udp # Coda authentication server +clearcase 371/udp Clearcase +ldap 389/tcp # Lightweight Directory Access Protocol +ldap 389/udp +svrloc 427/tcp # Server Location +svrloc 427/udp +https 443/tcp # http protocol over TLS/SSL +https 443/udp # HTTP/3 +snpp 444/tcp # Simple Network Paging Protocol +microsoft-ds 445/tcp # Microsoft Naked CIFS +kpasswd 464/tcp +kpasswd 464/udp +submissions 465/tcp ssmtp smtps urd # Submission over TLS [RFC8314] +saft 487/tcp # Simple Asynchronous File Transfer +isakmp 500/udp # IPSEC key management +rtsp 554/tcp # Real Time Stream Control Protocol +rtsp 554/udp +nqs 607/tcp # Network Queuing system +asf-rmcp 623/udp # ASF Remote Management and Control Protocol +qmqp 628/tcp +ipp 631/tcp # Internet Printing Protocol +ldp 646/tcp # Label Distribution Protocol +ldp 646/udp +# +# UNIX specific services +# +exec 512/tcp +biff 512/udp comsat +login 513/tcp +who 513/udp whod +shell 514/tcp cmd syslog # no passwords used +syslog 514/udp +printer 515/tcp spooler # line printer spooler +talk 517/udp +ntalk 518/udp +route 520/udp router routed # RIP +gdomap 538/tcp # GNUstep distributed objects +gdomap 538/udp +uucp 540/tcp uucpd # uucp daemon +klogin 543/tcp # Kerberized `rlogin' (v5) +kshell 544/tcp krcmd # Kerberized `rsh' (v5) +dhcpv6-client 546/udp +dhcpv6-server 547/udp +afpovertcp 548/tcp # AFP over TCP +nntps 563/tcp snntp # NNTP over SSL +submission 587/tcp # Submission [RFC4409] +ldaps 636/tcp # LDAP over SSL +ldaps 636/udp +tinc 655/tcp # tinc control port +tinc 655/udp +silc 706/tcp +kerberos-adm 749/tcp # Kerberos `kadmin' (v5) +# +domain-s 853/tcp # DNS over TLS [RFC7858] +domain-s 853/udp # DNS over DTLS [RFC8094] +rsync 873/tcp +ftps-data 989/tcp # FTP over SSL (data) +ftps 990/tcp +telnets 992/tcp # Telnet over SSL +imaps 993/tcp # IMAP over SSL +pop3s 995/tcp # POP-3 over SSL +# +# From ``Assigned Numbers'': +# +#> The Registered Ports are not controlled by the IANA and on most systems +#> can be used by ordinary user processes or programs executed by ordinary +#> users. +# +#> Ports are used in the TCP [45,106] to name the ends of logical +#> connections which carry long term conversations. For the purpose of +#> providing services to unknown callers, a service contact port is +#> defined. This list specifies the port used by the server process as its +#> contact port. While the IANA can not control uses of these ports it +#> does register or list uses of these ports as a convienence to the +#> community. +# +socks 1080/tcp # socks proxy server +proofd 1093/tcp +rootd 1094/tcp +openvpn 1194/tcp +openvpn 1194/udp +rmiregistry 1099/tcp # Java RMI Registry +lotusnote 1352/tcp lotusnotes # Lotus Note +ms-sql-s 1433/tcp # Microsoft SQL Server +ms-sql-m 1434/udp # Microsoft SQL Monitor +ingreslock 1524/tcp +datametrics 1645/tcp old-radius +datametrics 1645/udp old-radius +sa-msg-port 1646/tcp old-radacct +sa-msg-port 1646/udp old-radacct +kermit 1649/tcp +groupwise 1677/tcp +l2f 1701/udp l2tp +radius 1812/tcp +radius 1812/udp +radius-acct 1813/tcp radacct # Radius Accounting +radius-acct 1813/udp radacct +cisco-sccp 2000/tcp # Cisco SCCP +nfs 2049/tcp # Network File System +nfs 2049/udp # Network File System +gnunet 2086/tcp +gnunet 2086/udp +rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99 +rtcm-sc104 2101/udp +gsigatekeeper 2119/tcp +gris 2135/tcp # Grid Resource Information Server +cvspserver 2401/tcp # CVS client/server operations +venus 2430/tcp # codacon port +venus 2430/udp # Venus callback/wbc interface +venus-se 2431/tcp # tcp side effects +venus-se 2431/udp # udp sftp side effect +codasrv 2432/tcp # not used +codasrv 2432/udp # server port +codasrv-se 2433/tcp # tcp side effects +codasrv-se 2433/udp # udp sftp side effect +mon 2583/tcp # MON traps +mon 2583/udp +dict 2628/tcp # Dictionary server +f5-globalsite 2792/tcp +gsiftp 2811/tcp +gpsd 2947/tcp +gds-db 3050/tcp gds_db # InterBase server +icpv2 3130/udp icp # Internet Cache Protocol +isns 3205/tcp # iSNS Server Port +isns 3205/udp # iSNS Server Port +iscsi-target 3260/tcp +mysql 3306/tcp +ms-wbt-server 3389/tcp +nut 3493/tcp # Network UPS Tools +nut 3493/udp +distcc 3632/tcp # distributed compiler +daap 3689/tcp # Digital Audio Access Protocol +svn 3690/tcp subversion # Subversion protocol +suucp 4031/tcp # UUCP over SSL +sysrqd 4094/tcp # sysrq daemon +sieve 4190/tcp # ManageSieve Protocol +epmd 4369/tcp # Erlang Port Mapper Daemon +remctl 4373/tcp # Remote Authenticated Command Service +f5-iquery 4353/tcp # F5 iQuery +ipsec-nat-t 4500/udp # IPsec NAT-Traversal [RFC3947] +iax 4569/udp # Inter-Asterisk eXchange +mtn 4691/tcp # monotone Netsync Protocol +radmin-port 4899/tcp # RAdmin Port +sip 5060/tcp # Session Initiation Protocol +sip 5060/udp +sip-tls 5061/tcp +sip-tls 5061/udp +xmpp-client 5222/tcp jabber-client # Jabber Client Connection +xmpp-server 5269/tcp jabber-server # Jabber Server Connection +cfengine 5308/tcp +mdns 5353/udp # Multicast DNS +postgresql 5432/tcp postgres # PostgreSQL Database +freeciv 5556/tcp rptp # Freeciv gameplay +amqps 5671/tcp # AMQP protocol over TLS/SSL +amqp 5672/tcp +amqp 5672/sctp +x11 6000/tcp x11-0 # X Window System +x11-1 6001/tcp +x11-2 6002/tcp +x11-3 6003/tcp +x11-4 6004/tcp +x11-5 6005/tcp +x11-6 6006/tcp +x11-7 6007/tcp +gnutella-svc 6346/tcp # gnutella +gnutella-svc 6346/udp +gnutella-rtr 6347/tcp # gnutella +gnutella-rtr 6347/udp +redis 6379/tcp +sge-qmaster 6444/tcp sge_qmaster # Grid Engine Qmaster Service +sge-execd 6445/tcp sge_execd # Grid Engine Execution Service +mysql-proxy 6446/tcp # MySQL Proxy +babel 6696/udp # Babel Routing Protocol +ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL +bbs 7000/tcp +afs3-fileserver 7000/udp +afs3-callback 7001/udp # callbacks to cache managers +afs3-prserver 7002/udp # users & groups database +afs3-vlserver 7003/udp # volume location database +afs3-kaserver 7004/udp # AFS/Kerberos authentication +afs3-volser 7005/udp # volume managment server +afs3-bos 7007/udp # basic overseer process +afs3-update 7008/udp # server-to-server updater +afs3-rmtsys 7009/udp # remote cache manager service +font-service 7100/tcp xfs # X Font Service +http-alt 8080/tcp webcache # WWW caching service +puppet 8140/tcp # The Puppet master service +bacula-dir 9101/tcp # Bacula Director +bacula-fd 9102/tcp # Bacula File Daemon +bacula-sd 9103/tcp # Bacula Storage Daemon +xmms2 9667/tcp # Cross-platform Music Multiplexing System +nbd 10809/tcp # Linux Network Block Device +zabbix-agent 10050/tcp # Zabbix Agent +zabbix-trapper 10051/tcp # Zabbix Trapper +amanda 10080/tcp # amanda backup services +dicom 11112/tcp +hkp 11371/tcp # OpenPGP HTTP Keyserver +db-lsp 17500/tcp # Dropbox LanSync Protocol +dcap 22125/tcp # dCache Access Protocol +gsidcap 22128/tcp # GSI dCache Access Protocol +wnn6 22273/tcp # wnn6 + +# +# Datagram Delivery Protocol services +# +rtmp 1/ddp # Routing Table Maintenance Protocol +nbp 2/ddp # Name Binding Protocol +echo 4/ddp # AppleTalk Echo Protocol +zip 6/ddp # Zone Information Protocol + +#========================================================================= +# The remaining port numbers are not as allocated by IANA. +#========================================================================= + +# Kerberos (Project Athena/MIT) services +kerberos4 750/udp kerberos-iv kdc # Kerberos (server) +kerberos4 750/tcp kerberos-iv kdc +kerberos-master 751/udp kerberos_master # Kerberos authentication +kerberos-master 751/tcp +passwd-server 752/udp passwd_server # Kerberos passwd server +krb-prop 754/tcp krb_prop krb5_prop hprop # Kerberos slave propagation +zephyr-srv 2102/udp # Zephyr server +zephyr-clt 2103/udp # Zephyr serv-hm connection +zephyr-hm 2104/udp # Zephyr hostmanager +iprop 2121/tcp # incremental propagation +supfilesrv 871/tcp # Software Upgrade Protocol server +supfiledbg 1127/tcp # Software Upgrade Protocol debugging + +# +# Services added for the Debian GNU/Linux distribution +# +poppassd 106/tcp # Eudora +moira-db 775/tcp moira_db # Moira database +moira-update 777/tcp moira_update # Moira update protocol +moira-ureg 779/udp moira_ureg # Moira user registration +spamd 783/tcp # spamassassin daemon +skkserv 1178/tcp # skk jisho server port +predict 1210/udp # predict -- satellite tracking +rmtcfg 1236/tcp # Gracilis Packeten remote config server +xtel 1313/tcp # french minitel +xtelw 1314/tcp # french minitel +zebrasrv 2600/tcp # zebra service +zebra 2601/tcp # zebra vty +ripd 2602/tcp # ripd vty (zebra) +ripngd 2603/tcp # ripngd vty (zebra) +ospfd 2604/tcp # ospfd vty (zebra) +bgpd 2605/tcp # bgpd vty (zebra) +ospf6d 2606/tcp # ospf6d vty (zebra) +ospfapi 2607/tcp # OSPF-API +isisd 2608/tcp # ISISd vty (zebra) +fax 4557/tcp # FAX transmission service (old) +hylafax 4559/tcp # HylaFAX client-server protocol (new) +munin 4949/tcp lrrd # Munin +rplay 5555/udp # RPlay audio service +nrpe 5666/tcp # Nagios Remote Plugin Executor +nsca 5667/tcp # Nagios Agent - NSCA +canna 5680/tcp # cannaserver +syslog-tls 6514/tcp # Syslog over TLS [RFC5425] +sane-port 6566/tcp sane saned # SANE network scanner daemon +ircd 6667/tcp # Internet Relay Chat +zope-ftp 8021/tcp # zope management by ftp +tproxy 8081/tcp # Transparent Proxy +omniorb 8088/tcp # OmniORB +clc-build-daemon 8990/tcp # Common lisp build daemon +xinetd 9098/tcp +git 9418/tcp # Git Version Control System +zope 9673/tcp # zope server +webmin 10000/tcp +kamanda 10081/tcp # amanda backup services (Kerberos) +amandaidx 10082/tcp # amanda backup services +amidxtape 10083/tcp # amanda backup services +sgi-cmsd 17001/udp # Cluster membership services daemon +sgi-crsd 17002/udp +sgi-gcd 17003/udp # SGI Group membership daemon +sgi-cad 17004/tcp # Cluster Admin daemon +binkp 24554/tcp # binkp fidonet protocol +asp 27374/tcp # Address Search Protocol +asp 27374/udp +csync2 30865/tcp # cluster synchronization tool +dircproxy 57000/tcp # Detachable IRC Proxy +tfido 60177/tcp # fidonet EMSI over telnet +fido 60179/tcp # fidonet EMSI over TCP + +# Local services diff --git a/container_template/alpine/etc/shells b/container_template/alpine/etc/shells @@ -0,0 +1,5 @@ +# valid login shells +/bin/sh +/bin/ash +/bin/zsh +/bin/bash diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init @@ -399,67 +399,329 @@ confz_container_service_xsession_check() { content=$vars[display_number] } -# --- old - -confz_container_installed_alpine_check() { - checkvars container_root arch - defvar keys_dir /etc/apk/keys - defvar packages "alpine-base s6 s6-rc execline s6-portable-utils s6-linux-utils abduco" - defvar repositories 'http://dl-3.alpinelinux.org/alpine/edge/main http://dl-3.alpinelinux.org/alpine/edge/testing http://dl-3.alpinelinux.org/alpine/edge/community' - - require fs_d flags=p filename=$vars[container_root] - require container_dev_nodes :container_root - require container_alpine_base :container_root :arch :repositories :keys_dir - require container_alpine_configured :container_root :arch :repositories :keys_dir - local pkg - for pkg in $=vars[packages]; do - require container_alpine_package package=$pkg \ - :container_root :arch :repositories :keys_dir +# --- new image constructor + +() { + local f + for f in $^fpath/confz_containers_init*(N); do + if [[ -d $f:h/container_template ]]; then + typeset -g container_template_dir=$f:h/container_template + break + fi done } -confz_container_alpine_configured_check() { - checkvars container_root arch keys_dir repositories - local R=$vars[container_root] - # local -a repos - # repos=( $=vars[repositories] ) - - require fs_d flags=p filename=$R/etc/apk - require fs_contentnl filename=$R/etc/apk/repositories \ - content=$vars[repositories] - require fs_contentnl filename=$R/etc/apk/arch \ - content=$vars[arch] +confz_container_template_file_check() { + checkvars template name root + defvar uid 0 + defvar gid 0 + defvar mode 0644 + defvar target $vars[name] + + [[ -f $container_template_dir/$vars[template]/$vars[name] ]] \ + || die "Template file not found: $container_template_dir/$vars[template]/$vars[name]" + + [[ -f $vars[root]/$vars[target] ]] || return 1 + + require fs_m :mode filename=$vars[root]/$vars[target] + require fs_o owner=$vars[uid]:$vars[gid] filename=$vars[root]/$vars[target] +} +confz_container_template_file_do() { + cp -va $container_template_dir/$vars[template]/$vars[name] \ + $vars[root]/$vars[target] || die + chown $vars[uid]:$vars[gid] $vars[root]/$vars[target] || die + chmod $vars[mode] $vars[root]/$vars[target] || die } -confz_container_alpine_base_check() { - checkvars container_root arch keys_dir repositories +confz_container_alpine_base_layout_check() { + checkvars root + defvar uid 0 + defvar gid 0 + + require fs_d filename="$vars[root]/dev" + require fs_m filename="$vars[root]/dev" mode=0755 + require fs_o filename="$vars[root]/dev" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/dev/pts" + require fs_m filename="$vars[root]/dev/pts" mode=0755 + require fs_o filename="$vars[root]/dev/pts" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/dev/shm" + require fs_m filename="$vars[root]/dev/shm" mode=0755 + require fs_o filename="$vars[root]/dev/shm" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/dev/syslog" + require fs_m filename="$vars[root]/dev/syslog" mode=0755 + require fs_o filename="$vars[root]/dev/syslog" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/etc" + require fs_m filename="$vars[root]/etc" mode=0755 + require fs_o filename="$vars[root]/etc" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/etc/apk" + require fs_m filename="$vars[root]/etc/apk" mode=0755 + require fs_o filename="$vars[root]/etc/apk" owner=$vars[uid]:$vars[gid] + + require fs_l filename="$vars[root]/etc/mtab" destination="/proc/mounts" + require fs_o filename="$vars[root]/etc/mtab" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/etc/profile.d" + require fs_m filename="$vars[root]/etc/profile.d" mode=0755 + require fs_o filename="$vars[root]/etc/profile.d" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/home" + require fs_m filename="$vars[root]/home" mode=0755 + require fs_o filename="$vars[root]/home" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/lib" + require fs_m filename="$vars[root]/lib" mode=0755 + require fs_o filename="$vars[root]/lib" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/lib/firmware" + require fs_m filename="$vars[root]/lib/firmware" mode=0755 + require fs_o filename="$vars[root]/lib/firmware" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/lib/mdev" + require fs_m filename="$vars[root]/lib/mdev" mode=0755 + require fs_o filename="$vars[root]/lib/mdev" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/opt" + require fs_m filename="$vars[root]/opt" mode=0755 + require fs_o filename="$vars[root]/opt" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/proc" + require fs_m filename="$vars[root]/proc" mode=0755 + require fs_o filename="$vars[root]/proc" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/root" + require fs_m filename="$vars[root]/root" mode=0700 + require fs_o filename="$vars[root]/root" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/run" + require fs_m filename="$vars[root]/run" mode=0755 + require fs_o filename="$vars[root]/run" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/sbin" + require fs_m filename="$vars[root]/sbin" mode=0755 + require fs_o filename="$vars[root]/sbin" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/srv" + require fs_m filename="$vars[root]/srv" mode=0755 + require fs_o filename="$vars[root]/srv" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/sys" + require fs_m filename="$vars[root]/sys" mode=0755 + require fs_o filename="$vars[root]/sys" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/tmp" + require fs_m filename="$vars[root]/tmp" mode=1777 + require fs_o filename="$vars[root]/tmp" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr" + require fs_m filename="$vars[root]/usr" mode=0755 + require fs_o filename="$vars[root]/usr" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/lib" + require fs_m filename="$vars[root]/usr/lib" mode=0755 + require fs_o filename="$vars[root]/usr/lib" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/local" + require fs_m filename="$vars[root]/usr/local" mode=0755 + require fs_o filename="$vars[root]/usr/local" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/local/bin" + require fs_m filename="$vars[root]/usr/local/bin" mode=0755 + require fs_o filename="$vars[root]/usr/local/bin" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/local/lib" + require fs_m filename="$vars[root]/usr/local/lib" mode=0755 + require fs_o filename="$vars[root]/usr/local/lib" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/local/share" + require fs_m filename="$vars[root]/usr/local/share" mode=0755 + require fs_o filename="$vars[root]/usr/local/share" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/sbin" + require fs_m filename="$vars[root]/usr/sbin" mode=0755 + require fs_o filename="$vars[root]/usr/sbin" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/share" + require fs_m filename="$vars[root]/usr/share" mode=0755 + require fs_o filename="$vars[root]/usr/share" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/share/man" + require fs_m filename="$vars[root]/usr/share/man" mode=0755 + require fs_o filename="$vars[root]/usr/share/man" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/usr/share/misc" + require fs_m filename="$vars[root]/usr/share/misc" mode=0755 + require fs_o filename="$vars[root]/usr/share/misc" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var" + require fs_m filename="$vars[root]/var" mode=0755 + require fs_o filename="$vars[root]/var" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/cache" + require fs_m filename="$vars[root]/var/cache" mode=0755 + require fs_o filename="$vars[root]/var/cache" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/cache/misc" + require fs_m filename="$vars[root]/var/cache/misc" mode=0755 + require fs_o filename="$vars[root]/var/cache/misc" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/empty" + require fs_m filename="$vars[root]/var/empty" mode=0555 + require fs_o filename="$vars[root]/var/empty" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/lib" + require fs_m filename="$vars[root]/var/lib" mode=0755 + require fs_o filename="$vars[root]/var/lib" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/lib/misc" + require fs_m filename="$vars[root]/var/lib/misc" mode=0755 + require fs_o filename="$vars[root]/var/lib/misc" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/local" + require fs_m filename="$vars[root]/var/local" mode=0755 + require fs_o filename="$vars[root]/var/local" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/lock" + require fs_m filename="$vars[root]/var/lock" mode=0755 + require fs_o filename="$vars[root]/var/lock" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/lock/subsys" + require fs_m filename="$vars[root]/var/lock/subsys" mode=0755 + require fs_o filename="$vars[root]/var/lock/subsys" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/log" + require fs_m filename="$vars[root]/var/log" mode=0755 + require fs_o filename="$vars[root]/var/log" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/mail" + require fs_m filename="$vars[root]/var/mail" mode=0755 + require fs_o filename="$vars[root]/var/mail" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/opt" + require fs_m filename="$vars[root]/var/opt" mode=0755 + require fs_o filename="$vars[root]/var/opt" owner=$vars[uid]:$vars[gid] + + require fs_l filename="$vars[root]/var/run" destination="../run" + require fs_o filename="$vars[root]/var/run" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/spool" + require fs_m filename="$vars[root]/var/spool" mode=0755 + require fs_o filename="$vars[root]/var/spool" owner=$vars[uid]:$vars[gid] + + require fs_d filename="$vars[root]/var/tmp" + require fs_m filename="$vars[root]/var/tmp" mode=1777 + require fs_o filename="$vars[root]/var/tmp" owner=$vars[uid]:$vars[gid] + +} + +confz_container_alpine_base_files_check() { + checkvars root mirror release repositories hostname locale + defvar uid 0 + defvar gid 0 + + local -a repositories=( $vars[mirror]/$vars[release]/${^=vars[repositories]} ) + require fs_contentnl filename="$vars[root]/etc/apk/repositories" \ + content="${(F)repositories}" + require fs_m filename="$vars[root]/etc/apk/repositories" mode=0644 + require fs_o filename="$vars[root]/etc/apk/repositories" owner=$vars[uid]:$vars[gid] + + require fs_contentnl filename="$vars[root]/etc/hostname" \ + content="$vars[hostname]" + require fs_m filename="$vars[root]/etc/hostname" mode=0644 + require fs_o filename="$vars[root]/etc/hostname" owner=$vars[uid]:$vars[gid] + + require container_template_file :uid :gid \ + template=alpine name=etc/hosts + + # require fs_contentnl filename="$vars[root]/etc/hosts" \ + # content=$'127.0.0.1\tlocalhost localhost.localdomain\n::1\tlocalhost localhost.localdomain' + # require fs_m filename="$vars[root]/etc/hosts" mode=0644 + # require fs_o filename="$vars[root]/etc/hosts" owner=$vars[uid]:$vars[gid] + + require fs_contentnl filename="$vars[root]/etc/motd" \ + content="Welcome to container image at ${(qqq)vars[root]}" + require fs_m filename="$vars[root]/etc/motd" mode=0644 + require fs_o filename="$vars[root]/etc/motd" owner=$vars[uid]:$vars[gid] + + require container_template_file :uid :gid \ + template=alpine name=etc/profile + + local -a locale_lines=( + "export CHARSET=${(q)vars[locale]}" + "export LANG=${(q)vars[locale]}" + "export LC_COLLATE=C" + ) + require fs_contentnl filename="$vars[root]/etc/profile.d/locale.sh" \ + content="${(F)locale_lines}" + require fs_m filename="$vars[root]/etc/profile.d/locale.sh" mode=0644 + require fs_o filename="$vars[root]/etc/profile.d/locale.sh" owner=$vars[uid]:$vars[gid] + + require container_template_file :uid :gid \ + template=alpine name=etc/protocols + + require container_template_file :uid :gid \ + template=alpine name=etc/services + + require container_template_file :uid :gid \ + template=alpine name=etc/shells + + # require fs_contentnl filename="$vars[root]/etc/shells" \ + # content=$'# valid login shells\n/bin/sh\n/bin/ash\n/bin/zsh\n/bin/bash\n/bin/mksh' + # require fs_m filename="$vars[root]/etc/shells" mode=0644 + # require fs_o filename="$vars[root]/etc/shells" owner=$vars[uid]:$vars[gid] + + # require fs_c filename="$vars[root]/etc/group" \ + # content="" + # require fs_m filename="$vars[root]/etc/group" mode=0644 + # require fs_o filename="$vars[root]/etc/group" owner=$vars[uid]:$vars[gid] + + # require fs_c filename="$vars[root]/etc/passwd" \ + # content="" + # require fs_m filename="$vars[root]/etc/passwd" mode=0644 + # require fs_o filename="$vars[root]/etc/passwd" owner=$vars[uid]:$vars[gid] + + # require fs_c filename="$vars[root]/etc/shadow" \ + # content="" + # require fs_m filename="$vars[root]/etc/shadow" mode=0640 + # require fs_o filename="$vars[root]/etc/shadow" owner=$vars[uid]:$vars[gid] + +} + +confz_container_alpine_apk_check() { + checkvars user root arch + defvar keys_dir /etc/apk/keys + defvar apk_executable apk do_command=( - apk + s6-setuidgid $vars[user] + $vars[apk_executable] --update-cache --initdb --arch $vars[arch] - --root $vars[container_root] + --root $vars[root] --keys-dir $vars[keys_dir] + add alpine-keys apk-tools busybox ) - local repo - for repo in "${(Q@)${(z)vars[repositories]}}"; do - do_command+=( --repository $repo ) - done - do_command+=( add alpine-keys alpine-base ) - grep -q '^alpine-keys$' $vars[container_root]/etc/apk/world && \ - grep -q '^alpine-base$' $vars[container_root]/etc/apk/world + [[ -f $vars[root]/sbin/apk ]] } -confz_container_alpine_package_check() { - checkvars container_root arch keys_dir repositories package - do_command=( - apk - # --update-cache - # --initdb - --arch $vars[arch] - --root $vars[container_root] - --keys-dir $vars[keys_dir] - add $vars[package] - ) - grep -q '^'$vars[package]'$' $vars[container_root]/etc/apk/world +confz_container_alpine_image_check() { + checkvars containers_dir image_name arch + defvar mirror http://mirror.fit.cvut.cz/alpine + defvar release edge + defvar repositories main + defvar hostname $vars[root]:t + defvar locale C.UTF-8 + + local root=$vars[containers_dir]/systems/$vars[image_name] + + require container_sysroot_user %uid %gid :containers_dir :image_name + require container_alpine_base_layout :uid :gid root=$root + require container_alpine_base_files :uid :gid root=$root \ + :mirror :release :repositories :hostname :locale + require container_alpine_apk :arch \ + root=$root user=container-$vars[image_name] } diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init @@ -33,7 +33,7 @@ confz_site_containers_user_check() { :containers_dir :svscan_dir :user } -confz_site_containers_check() { +confz_site_container_services_check() { defvar containers_dir /mnt/volumes/containers defvar svscan_dir /run/service require site_containers_user user=ccx :containers_dir :svscan_dir @@ -41,6 +41,18 @@ confz_site_containers_check() { image_name=alpine-dev } +confz_site_container_images_check() { + defvar containers_dir /mnt/volumes/containers + require container_alpine_image +} + +confz_site_containers_check() { + defvar containers_dir /mnt/volumes/containers + defvar svscan_dir /run/service + require site_container_services :containers_dir :svscan_dir + require site_container_images :containers_dir +} + confz_container_sysroot_rundir_check() { checkvars container_root container_name tmp_dir require fs_contentnl filename=$vars[tmp_dir]/run/init \