├── Dockerfile-docker ├── Dockerfile ├── docker-opkg │ ├── CONTROL │ │ ├── conffiles │ │ ├── control │ │ ├── postinst │ │ ├── postrm │ │ └── prerm │ ├── etc │ │ ├── docker │ │ │ └── daemon.conf │ │ └── init.d │ │ │ └── docker │ └── opt │ │ └── docker │ │ └── bin │ │ └── docker └── patches │ ├── libcontainer_ppc.diff │ ├── lxc_template.go.diff │ ├── overlay.diff │ └── pty-ppc.diff ├── Dockerfile-gocross ├── Dockerfile ├── configs │ ├── common.sh │ ├── env-cross │ └── env-native ├── go-caller.patch └── samples │ └── powerpc-turris-linux-gnuspe │ ├── crosstool.config │ └── reported.by ├── LICENSE ├── README.md ├── bin └── busybox-static-ppcspe └── lxc-templates ├── lxc-busybox-ppcspe └── lxc-turrisos /Dockerfile-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gocross:latest 2 | MAINTAINER Alex Samorukov 3 | USER root 4 | # Get lvm2 source for compiling statically 5 | RUN git clone -b v2_02_103 https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 6 | # set crosscompilation flags 7 | ENV PATH=/go/bin:/opt/golang/x-tools/powerpc-turris-linux-gnuspe/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ 8 | CC=powerpc-turris-linux-gnuspe-gcc CXX=powerpc-turris-linux-gnuspe-g++ 9 | # install lvm2/ppc 10 | RUN cd /usr/local/lvm2 && \ 11 | ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes ./configure \ 12 | --prefix=/opt/golang/x-tools/powerpc-turris-linux-gnuspe/powerpc-turris-linux-gnuspe/sysroot/ \ 13 | --host=powerpc-turris-linux-gnuspe --enable-static_link && \ 14 | make device-mapper && make install_device-mapper 15 | # install sqlite/ppc 16 | RUN cd /root && wget http://www.sqlite.org/2015/sqlite-autoconf-3080900.tar.gz && \ 17 | tar -xzf sqlite-autoconf-3080900.tar.gz && cd sqlite-autoconf-3080900 && \ 18 | ./configure --prefix=/opt/golang/x-tools/powerpc-turris-linux-gnuspe/powerpc-turris-linux-gnuspe/sysroot/ \ 19 | --host=powerpc-turris-linux-gnuspe && make install 20 | # docker configuration, to enable btrfs backend we should cross-comoile btrfs-tools, so let disable it for now 21 | # aufs is n/a on the target device 22 | ENV DOCKER_BUILDTAGS="exclude_graphdriver_btrfs exclude_graphdriver_aufs" 23 | # configure go cross compilation 24 | ENV GOARCH=ppc \ 25 | GCCGO=/opt/golang/x-tools/powerpc-turris-linux-gnuspe/bin/powerpc-turris-linux-gnuspe-gccgo \ 26 | GOPATH=/go:/go/src/github.com/docker/docker/vendor \ 27 | GOROOT=/opt/golang/x-tools/powerpc-turris-linux-gnuspe/powerpc-turris-linux-gnuspe/sysroot/lib/go/5.1.0/powerpc-turris-linux-gnuspe \ 28 | LD_LIBRARY_PATH=/opt/golang/x-tools/x86_64-linux-gnu/lib64 \ 29 | CGO_ENABLED=1 CGO_CFLAGS=-I/opt/golang/x-tools/powerpc-turris-linux-gnuspe/powerpc-turris-linux-gnuspe/sysroot/include/ 30 | # set some go softlinkgs 31 | RUN mkdir -p /go/bin && cd /go/bin && ln -s /opt/golang/x-tools/x86_64-linux-gnu/bin/gccgo \ 32 | && ln -s /opt/golang/x-tools/x86_64-linux-gnu/bin/go \ 33 | && ln -s /opt/golang/x-tools/x86_64-linux-gnu/bin/gofmt 34 | # get docker/release, trunk seems to be broken 35 | ENV DOCKER_VERSION=1.6.1 36 | RUN git clone -b v${DOCKER_VERSION} https://github.com/docker/docker /go/src/github.com/docker/docker 37 | # add PPC/gccgo patches 38 | ADD patches/*diff /go/src/patches/ 39 | # patch docker 40 | RUN cd /go/src/github.com/docker/docker && cat /go/src/patches/*.diff | patch -p1 41 | # finally - compile docker 42 | RUN cd /go/src/github.com/docker/docker && hack/make.sh gccgo 43 | # install opkg tools 44 | RUN cd /root/ && git clone http://git.yoctoproject.org/git/opkg-utils && cd opkg-utils && make CC=gcc && make install 45 | # create docker ipk 46 | ADD docker-opkg /root/docker-opkg 47 | RUN cd /root/ && cp /go/src/github.com/docker/docker/bundles/${DOCKER_VERSION}/gccgo/docker-${DOCKER_VERSION} docker-opkg/opt/docker/bin/docker && \ 48 | cp /go/src/github.com/docker/docker/contrib/check-config.sh docker-opkg/opt/docker/bin/docker-check-config.sh && \ 49 | sed -i "s|@size|`du docker-opkg/ -b -s|awk '{print $1}'`|" docker-opkg/CONTROL/control && \ 50 | sed -i "s|@docker_version|$DOCKER_VERSION|" docker-opkg/CONTROL/control && \ 51 | opkg-build docker-opkg 52 | 53 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/CONTROL/conffiles: -------------------------------------------------------------------------------- 1 | /etc/docker/daemon.conf 2 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/CONTROL/control: -------------------------------------------------------------------------------- 1 | Package: docker 2 | Priority: optional 3 | Version: @docker_version 4 | Architecture: mpc85xx 5 | Section: utils 6 | Installed-Size: @size 7 | Source: https://github.com/samm-git/turris-containers/ 8 | Maintainer: Alex Samorukov 9 | Depends: lxc, kmod-veth, kmod-ipt-extra, iptables-mod-extra 10 | Description: Docker is an open platform for developers and sysadmins to build, 11 | ship, and run distributed applications. 12 | 13 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/CONTROL/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cd /usr/bin 4 | ln -sf /opt/docker/bin/docker ./ 5 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/CONTROL/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm -f /usr/bin/docker 4 | 5 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/CONTROL/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | /etc/init.d/docker stop 4 | 5 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/etc/docker/daemon.conf: -------------------------------------------------------------------------------- 1 | # We are using LXC because native backend still has some issues on PPC 2 | DOCKER_OPTS="-s overlay -g /opt/docker/lib -e lxc" 3 | 4 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/etc/init.d/docker: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # Copyright (C) 2011 OpenWrt.org 3 | 4 | START=99 5 | 6 | USE_PROCD=1 7 | 8 | # if you need to change daemon settings - change this file 9 | . /etc/docker/daemon.conf 10 | 11 | cgroups_mount () 12 | # based on https://raw.githubusercontent.com/tianon/cgroupfs-mount/master/cgroupfs-mount 13 | { 14 | cgroups_error=0 15 | # kernel provides cgroups? 16 | if [ ! -e /proc/cgroups ]; then 17 | cgroups_error=1 18 | return 19 | fi 20 | 21 | # if we don't even have the directory we need, something else must be wrong 22 | if [ ! -d /sys/fs/cgroup ]; then 23 | cgroups_error=1 24 | fi 25 | 26 | # mount /sys/fs/cgroup if not already done 27 | if ! mountpoint -q /sys/fs/cgroup; then 28 | mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup 29 | fi 30 | 31 | cd /sys/fs/cgroup 32 | 33 | # get/mount list of enabled cgroup controllers 34 | for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do 35 | mkdir -p $sys 36 | if ! mountpoint -q $sys; then 37 | if ! mount -n -t cgroup -o $sys cgroup $sys; then 38 | rmdir $sys || true 39 | fi 40 | fi 41 | done 42 | } 43 | 44 | cgroups_umount (){ 45 | # if we don't even have the directory we need, something else must be wrong 46 | if [ ! -d /sys/fs/cgroup ]; then 47 | return 48 | fi 49 | 50 | # if /sys/fs/cgroup is not mounted, we don't bother 51 | if ! mountpoint -q /sys/fs/cgroup; then 52 | return 53 | fi 54 | 55 | cd /sys/fs/cgroup 56 | 57 | for sys in *; do 58 | if mountpoint -q $sys; then 59 | umount $sys 60 | fi 61 | if [ -d $sys ]; then 62 | rmdir $sys || true 63 | fi 64 | done 65 | cd / 66 | umount /sys/fs/cgroup 67 | } 68 | 69 | start_service() { 70 | procd_open_instance 71 | cgroups_mount 72 | procd_set_param env GOTRACEBACK=0 73 | procd_set_param command /opt/docker/bin/docker -d $DOCKER_OPTS 74 | procd_set_param respawn # respawn automatically if something died, be careful if you have an alternative process supervisor 75 | procd_close_instance 76 | } 77 | 78 | stop_service() { 79 | cgroups_umount 80 | } 81 | -------------------------------------------------------------------------------- /Dockerfile-docker/docker-opkg/opt/docker/bin/docker: -------------------------------------------------------------------------------- 1 | dummy file to make git happy 2 | -------------------------------------------------------------------------------- /Dockerfile-docker/patches/libcontainer_ppc.diff: -------------------------------------------------------------------------------- 1 | --- a/vendor/src/github.com/docker/libcontainer/system/setns_linux.go 2 | +++ b/vendor/src/github.com/docker/libcontainer/system/setns_linux.go 3 | @@ -14,6 +14,7 @@ var setNsMap = map[string]uintptr{ 4 | "linux/386": 346, 5 | "linux/amd64": 308, 6 | "linux/arm": 374, 7 | + "linux/ppc": 350, 8 | "linux/ppc64": 350, 9 | "linux/ppc64le": 350, 10 | "linux/s390x": 339, 11 | --- a/vendor/src/github.com/docker/libcontainer/system/syscall_linux_64.go 12 | +++ b/vendor/src/github.com/docker/libcontainer/system/syscall_linux_64.go 13 | @@ -1,4 +1,4 @@ 14 | -// +build linux,amd64 linux,ppc64 linux,ppc64le linux,s390x 15 | +// +build linux,amd64 linux,ppc64 linux,ppc linux,ppc64le linux,s390x 16 | 17 | package system 18 | 19 | -------------------------------------------------------------------------------- /Dockerfile-docker/patches/lxc_template.go.diff: -------------------------------------------------------------------------------- 1 | --- a/daemon/execdriver/lxc/lxc_template.go 2 | +++ b/daemon/execdriver/lxc/lxc_template.go 3 | @@ -80,11 +80,11 @@ lxc.aa_profile = {{.AppArmorProfile}} 4 | {{end}} 5 | 6 | {{if .ProcessConfig.Tty}} 7 | -lxc.mount.entry = {{.ProcessConfig.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw 0 0 8 | +lxc.mount.entry = {{.ProcessConfig.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw,create=file 0 0 9 | {{end}} 10 | 11 | -lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" ""}} 0 0 12 | -lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" ""}} 0 0 13 | +lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec,create=dir" ""}} 0 0 14 | +lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec,create=dir" ""}} 0 0 15 | 16 | {{range $value := .Mounts}} 17 | {{$createVal := isDirectory $value.Source}} 18 | -------------------------------------------------------------------------------- /Dockerfile-docker/patches/overlay.diff: -------------------------------------------------------------------------------- 1 | diff --git a/contrib/check-config.sh b/contrib/check-config.sh 2 | index ac5df62..4eb3e1e 100755 3 | --- a/contrib/check-config.sh 4 | +++ b/contrib/check-config.sh 5 | @@ -174,7 +174,7 @@ echo '- Storage Drivers:' 6 | check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS EXT4_FS_POSIX_ACL EXT4_FS_SECURITY | sed 's/^/ /' 7 | 8 | echo '- "'$(wrap_color 'overlay' blue)'":' 9 | - check_flags OVERLAY_FS EXT4_FS_SECURITY EXT4_FS_POSIX_ACL | sed 's/^/ /' 10 | + check_flags OVERLAYFS_FS EXT4_FS_SECURITY EXT4_FS_POSIX_ACL | sed 's/^/ /' 11 | } | sed 's/^/ /' 12 | echo 13 | 14 | diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go 15 | index afe12c5..c600a01 100644 16 | --- a/daemon/graphdriver/overlay/overlay.go 17 | +++ b/daemon/graphdriver/overlay/overlay.go 18 | @@ -149,7 +149,7 @@ func supportsOverlay() error { 19 | 20 | s := bufio.NewScanner(f) 21 | for s.Scan() { 22 | - if s.Text() == "nodev\toverlay" { 23 | + if s.Text() == "nodev\toverlayfs" { 24 | return nil 25 | } 26 | } 27 | @@ -296,11 +296,10 @@ func (d *Driver) Get(id string, mountLabel string) (string, error) { 28 | } 29 | lowerDir := path.Join(d.dir(string(lowerId)), "root") 30 | upperDir := path.Join(dir, "upper") 31 | - workDir := path.Join(dir, "work") 32 | mergedDir := path.Join(dir, "merged") 33 | 34 | - opts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerDir, upperDir, workDir) 35 | - if err := syscall.Mount("overlay", mergedDir, "overlay", 0, label.FormatMountLabel(opts, mountLabel)); err != nil { 36 | + opts := fmt.Sprintf("lowerdir=%s,upperdir=%s", lowerDir, upperDir) 37 | + if err := syscall.Mount("overlayfs", mergedDir, "overlayfs", 0, label.FormatMountLabel(opts, mountLabel)); err != nil { 38 | return "", fmt.Errorf("error creating overlay mount to %s: %v", mergedDir, err) 39 | } 40 | mount.path = mergedDir 41 | -------------------------------------------------------------------------------- /Dockerfile-docker/patches/pty-ppc.diff: -------------------------------------------------------------------------------- 1 | diff --git a/vendor/src/github.com/kr/pty/ztypes_ppc.go b/vendor/src/github.com/kr/pty/ztypes_ppc.go 2 | new file mode 100644 3 | index 0000000..ff0b8fd 4 | --- /dev/null 5 | +++ b/vendor/src/github.com/kr/pty/ztypes_ppc.go 6 | @@ -0,0 +1,9 @@ 7 | +// Created by cgo -godefs - DO NOT EDIT 8 | +// cgo -godefs types.go 9 | + 10 | +package pty 11 | + 12 | +type ( 13 | + _C_int int32 14 | + _C_uint uint32 15 | +) 16 | -------------------------------------------------------------------------------- /Dockerfile-gocross/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Alex Samorukov 3 | # this is cross-compilation toolkit based on GCC 5.1 for the powerpcspe devices 4 | 5 | # update os 6 | RUN apt-get update && apt-get upgrade -y 7 | # install packages required to build toolchain and native gcc 8 | RUN apt-get install -y git autoconf automake libtool gperf bison \ 9 | build-essential flex texinfo wget gawk ncurses-dev libgmp-dev \ 10 | libmpfr-dev libmpc-dev 11 | # lets add builder user and work from it 12 | RUN useradd --home /opt/golang builder 13 | ADD configs /opt/golang/configs/ 14 | # add turris config and build toolchain 15 | ADD samples /opt/golang/ct-ng/samples/ 16 | ADD go-caller.patch /opt/golang/src/ 17 | RUN chown -R builder:builder /opt/golang 18 | WORKDIR /opt/golang 19 | # remove root password to allow su and switch to builder 20 | RUN passwd -d root 21 | # switch user and set home 22 | USER builder 23 | # grab gcc 5.1.0 source and extract it, apply patch from https://bugzilla.redhat.com/show_bug.cgi?id=1212472, 24 | # remove original tar then 25 | ENV GCC_VERSION=5.1.0 26 | RUN cd /opt/golang/src && wget http://gcc.cybermirror.org/releases/gcc-${GCC_VERSION}/gcc-${GCC_VERSION}.tar.bz2 \ 27 | && tar -xjf gcc-${GCC_VERSION}.tar.bz2 && rm gcc-${GCC_VERSION}.tar.bz2 28 | RUN cd /opt/golang/src && patch -p0 -d gcc-${GCC_VERSION} -i ../go-caller.patch 29 | # fetch crosstool-ng from git, we will use commit known to work fine 30 | ENV CT_NG_COMMIT=cd47c091ba6f7d6d9a98c85fc5729a434c99d4ea 31 | RUN cd /opt/golang/src && git clone https://github.com/crosstool-ng/crosstool-ng \ 32 | && cd crosstool-ng && git checkout $CT_NG_COMMIT 33 | # configure and install ct-ng 34 | RUN cd src/crosstool-ng && autoreconf -i && ./configure --prefix=/opt/golang/ct-ng && make install 35 | # build powerpcspe go 36 | RUN cd /opt/golang/ct-ng && bin/ct-ng powerpc-turris-linux-gnuspe && bin/ct-ng build && rm -rf .build 37 | # build native go from the same source - required to build go tools for the x86_64 platform 38 | RUN mkdir gccbuild && cd gccbuild \ 39 | && /opt/golang/src/gcc-${GCC_VERSION}/configure --disable-multilib \ 40 | --enable-languages=go --prefix /opt/golang/x-tools/x86_64-linux-gnu \ 41 | && make -j `nproc` && make install && cd /opt/golang && rm -rf gccbuild 42 | # add env scripts and create some links 43 | RUN mkdir /opt/golang/configs/bin && cd /opt/golang/configs/bin && \ 44 | ln -s /opt/golang/x-tools/x86_64-linux-gnu/bin/gccgo && \ 45 | ln -s /opt/golang/x-tools/x86_64-linux-gnu/bin/go && \ 46 | ln -s /opt/golang/x-tools/x86_64-linux-gnu/bin/gofmt 47 | 48 | -------------------------------------------------------------------------------- /Dockerfile-gocross/configs/common.sh: -------------------------------------------------------------------------------- 1 | unset GOARCH GCCGO GOPATH GOROOT LD_LIBRARY_PATH CGO_ENABLED 2 | 3 | 4 | if [ -z "$OLDPATH" ]; then 5 | export OLDPATH=$PATH 6 | export PATH=/opt/golang/configs/bin:$PATH 7 | fi 8 | export GOOS="linux" 9 | -------------------------------------------------------------------------------- /Dockerfile-gocross/configs/env-cross: -------------------------------------------------------------------------------- 1 | . /opt/golang/configs/common.sh 2 | 3 | GOARCH=ppc 4 | GCCGO=/opt/golang/x-tools/powerpc-turris-linux-gnuspe/bin/powerpc-turris-linux-gnuspe-gccgo 5 | GOPATH=/opt/golang/goroot-ppc 6 | GOROOT=/opt/golang/x-tools/powerpc-turris-linux-gnuspe/powerpc-turris-linux-gnuspe/sysroot/lib/go/5.1.0/powerpc-turris-linux-gnuspe 7 | LD_LIBRARY_PATH=/opt/golang/x-tools/x86_64-linux-gnu/lib64 8 | CGO_ENABLED=1 9 | 10 | export GOARCH GCCGO GOPATH GOROOT LD_LIBRARY_PATH CGO_ENABLED 11 | 12 | -------------------------------------------------------------------------------- /Dockerfile-gocross/configs/env-native: -------------------------------------------------------------------------------- 1 | . /opt/golang/configs/common.sh 2 | 3 | GOPATH=/opt/golang/goroot-native 4 | LD_LIBRARY_PATH=/opt/golang/x-tools/x86_64-linux-gnu/lib64 5 | 6 | export GOPATH LD_LIBRARY_PATH 7 | 8 | -------------------------------------------------------------------------------- /Dockerfile-gocross/go-caller.patch: -------------------------------------------------------------------------------- 1 | diff -up gcc-5.1.0/libgo/runtime/go-caller.c.fix~ gcc-5.0.1-20150413/libgo/runtime/go-caller.c 2 | --- libgo/runtime/go-caller.c.fix~ 2015-03-13 12:02:38.000000000 +0100 3 | +++ libgo/runtime/go-caller.c 2015-04-22 14:34:56.820267279 +0200 4 | @@ -231,7 +231,13 @@ String runtime_funcname_go (Func *f) 5 | String 6 | runtime_funcname_go (Func *f) 7 | { 8 | - return f->name; 9 | + String str; 10 | + if (!f) 11 | + { 12 | + runtime_memclr (&str, sizeof str); 13 | + return str; 14 | + } 15 | + else return f->name; 16 | } 17 | 18 | /* Return the entry point of a function. */ 19 | -------------------------------------------------------------------------------- /Dockerfile-gocross/samples/powerpc-turris-linux-gnuspe/crosstool.config: -------------------------------------------------------------------------------- 1 | CT_EXPERIMENTAL=y 2 | CT_LOCAL_TARBALLS_DIR="${HOME}/src" 3 | CT_SAVE_TARBALLS=y 4 | # CT_STRIP_ALL_TOOLCHAIN_EXECUTABLES is not set 5 | CT_LOG_EXTRA=y 6 | CT_ARCH_CPU="8548" 7 | CT_ARCH_TUNE="8548" 8 | CT_ARCH_FLOAT_SW=y 9 | CT_TARGET_CFLAGS="-mfloat-gprs=double -Wa,-me500x2 -O2" 10 | CT_ARCH_powerpc=y 11 | CT_ARCH_powerpc_ABI_SPE=y 12 | CT_TARGET_VENDOR="turris" 13 | CT_KERNEL_linux=y 14 | CT_KERNEL_V_3_9=y 15 | CT_BINUTILS_EXTRA_CONFIG_ARRAY="--enable-spe=yes --enable-e500x2 --with-e500x2" 16 | CT_LIBC_glibc=y 17 | CT_LIBC_GLIBC_EXTRA_CONFIG_ARRAY=" --enable-static-nss" 18 | CT_CC_CUSTOM=y 19 | CT_CC_CUSTOM_LOCATION="/opt/golang/src/gcc-5.1.0" 20 | CT_CC_LANG_OTHERS="go" 21 | CT_CC_CORE_EXTRA_CONFIG_ARRAY="--with-long-double-128 --enable-e500_double" 22 | CT_CC_EXTRA_CONFIG_ARRAY="--with-long-double-128 --enable-e500_double" 23 | # CT_CC_GCC_ENABLE_TARGET_OPTSPACE is not set 24 | -------------------------------------------------------------------------------- /Dockerfile-gocross/samples/powerpc-turris-linux-gnuspe/reported.by: -------------------------------------------------------------------------------- 1 | reporter_name="Alex Samorukov " 2 | reporter_url="http://samm.kiev.ua/" 3 | reporter_comment="GCC 5.1 with golang for the turris router" 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 samm-git 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # turris-containers 2 | ## about 3 | Goal of the project is to add LXC and Docker containers support to the Turris router. Turris router is running on PowerPC SPE e500v2 CPU (1200 MHzm 2 cores) with 2048 MB of RAM. This should be enough to run Linux containers on the device. Ability to run containers should give us some benefits, including: 4 | 5 | - better security because of service isolation 6 | - ability to run different Linux distribution (e.g. Debian PPC) on the same hardware, without reflashing your router 7 | - Fine grained resource control 8 | - Separate network stack/routing table for the applcation 9 | 10 | ## Tasks 11 | To use containers on Turris we need to: 12 | 13 | 1. Enable LXC and Namespace support on Kernel and test that its really works. This should be an easy step - Turris is running on Recent kernel (3.10.49) so i am not expecting that any backporting will be required. Tool `lxc-checkconfig` can validate is everything is fine witht this. Currently it seems that this configuration should be required: 14 | 15 | CONFIG_KERNEL_NAMESPACES=y 16 | CONFIG_KERNEL_UTS_NS=y 17 | CONFIG_KERNEL_IPC_NS=y 18 | CONFIG_KERNEL_PID_NS=y 19 | CONFIG_KERNEL_USER_NS=y 20 | CONFIG_KERNEL_NET_NS=y 21 | CONFIG_KERNEL_LXC_MISC=y 22 | CONFIG_KERNEL_CGROUPS=y 23 | CONFIG_KERNEL_CGROUP_DEVICE=y 24 | CONFIG_KERNEL_CGROUP_SCHED=y 25 | CONFIG_KERNEL_CGROUP_CPUACCT=y 26 | CONFIG_KERNEL_CGROUP_FREEZER=y 27 | CONFIG_KERNEL_CPUSETS=y 28 | CONFIG_KERNEL_RESOURCE_COUNTERS=y 29 | CONFIG_KERNEL_MEMCG=y 30 | CONFIG_KERNEL_MEMCG_SWAP=y 31 | 32 | Also CONFIG_PACKAGE_kmod-fs-xfs should not be enabled because its conflicting with USER_NS support (see https://bugzilla.redhat.com/show_bug.cgi?id=917708). To use debian-unstable inside LXC container you should add line `CONFIG_MATH_EMULATION=y` to the target/linux/mpc85xx/p2020-nand/config-default file (maintainer of the powerpcspe port already contacted to resolve this). To run docker from EXT4 volumes (e.g. external flash or sdcard) you should add `CONFIG_EXT4_FS_SECURITY=y` and `CONFIG_EXT4_FS_POSIX_ACL` to the target/linux/mpc85xx/p2020-nand/config-default. `CONFIG_DM_THIN_PROVISIONING` may be needed for the devicemapper backend. 33 | 34 | 2. Choose some container management software. After all i decided to use lxc (it is easy to debug and already integrated to the OpenWRT and docker, because its cool ;-) 35 | 3. Choose and enable overlay FS backend: - overlayfs is included in the OpenWRT kernel, works fine with LXC, needs some patches with docker (no support for workdir and different name in the /proc/filesystem). 36 | 4. Create some demo containers ) I would like to move my Asterisk from OpenWRT root so this shoud be a good starting point. 37 | 5. Create wp article and opkg packages 38 | 39 | ## problems 40 | Go is not available on OpenWRT platform and to build it we need to use GCC 5 (gccgo in GCC4 is incomplete and buggy). uClibc is also known to not work with Go. After all i decided to use crosstool-ng and GCC 5.1 to compile Go in static mode. Also PPC and GCCGO support in the docker is available only in the trunk, so i had to use it. 41 | 42 | ## Status 43 | - ☑ GCCGO5 Porting to turris: done, gccgo5 (GCC 5.1) bult and tested, crosscompilation works fine, go and cgo tools are also working (tested with hello-cgo and few other projects). Static and dynamic executables are supported 44 | - ☑ Build all docker compile time requirments (in fact only LVM and sqlite). 45 | - ☑ Compile kernel with containers support - done. 46 | - ☑ Check if Namespaces/Cgroups works as expected on device - done 47 | - ☑ Build docker using gccgo/cgo - done, with a few local patches 48 | - ☑ Create Ububtu based image docker for repeatable builds - done, need some cleanup and publishinh 49 | - ☑ Create container with minimal openwrt - done, created containers with TurrisOS, Debian and Busybox-static 50 | - ☐ Test docker functionality: in progress. Working already: 51 | - Exec Backends: native - works with some issues, LXC - works fine 52 | - Storage Backends: VFS - works, overlayfs - works, devmapper - fails, more tests needed. Other backends are untestestd 53 | - All docker commands are tested and known to work correctly 54 | - Known issues: native exec driver hangs if its trying to start non-existing file. Probably libcontainer bug, need more debugging. 55 | - ☐ Create openwrt package + some documentation (not started yet) 56 | 57 | 58 | -------------------------------------------------------------------------------- /bin/busybox-static-ppcspe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/samm-git/turris-containers/b0c4d5b6278c6a53fe8dc106bed7de2264df8f83/bin/busybox-static-ppcspe -------------------------------------------------------------------------------- /lxc-templates/lxc-busybox-ppcspe: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 4 | # lxc: linux Container library 5 | 6 | # Authors: 7 | # Daniel Lezcano 8 | 9 | # This library is free software; you can redistribute it and/or 10 | # modify it under the terms of the GNU Lesser General Public 11 | # License as published by the Free Software Foundation; either 12 | # version 2.1 of the License, or (at your option) any later version. 13 | 14 | # This library is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | # Lesser General Public License for more details. 18 | 19 | # You should have received a copy of the GNU Lesser General Public 20 | # License along with this library; if not, write to the Free Software 21 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 | 23 | LXC_MAPPED_UID= 24 | LXC_MAPPED_GID= 25 | 26 | # Make sure the usual locations are in PATH 27 | export PATH=/tmp/busybox-static:$PATH:/usr/sbin:/usr/bin:/sbin:/bin 28 | 29 | am_in_userns() { 30 | [ -e /proc/self/uid_map ] || { echo no; return; } 31 | [ "$(wc -l /proc/self/uid_map | awk '{ print $1 }')" -eq 1 ] || { echo yes; return; } 32 | line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map) 33 | [ "$line" = "0 0 4294967295" ] && { echo no; return; } 34 | echo yes 35 | } 36 | 37 | in_userns=0 38 | [ $(am_in_userns) = "yes" ] && in_userns=1 39 | 40 | install_busybox() 41 | { 42 | rootfs=$1 43 | name=$2 44 | res=0 45 | tree="\ 46 | $rootfs/selinux \ 47 | $rootfs/dev \ 48 | $rootfs/home \ 49 | $rootfs/root \ 50 | $rootfs/etc \ 51 | $rootfs/etc/init.d \ 52 | $rootfs/bin \ 53 | $rootfs/usr/bin \ 54 | $rootfs/sbin \ 55 | $rootfs/usr/sbin \ 56 | $rootfs/proc \ 57 | $rootfs/sys \ 58 | $rootfs/mnt \ 59 | $rootfs/tmp \ 60 | $rootfs/var/log \ 61 | $rootfs/usr/share/udhcpc \ 62 | $rootfs/dev/pts \ 63 | $rootfs/dev/shm \ 64 | $rootfs/lib \ 65 | $rootfs/usr/lib \ 66 | $rootfs/lib64 \ 67 | $rootfs/usr/lib64" 68 | 69 | mkdir -p $tree || return 1 70 | chmod 755 $tree || return 1 71 | 72 | pushd $rootfs/dev > /dev/null || return 1 73 | 74 | # minimal devices needed for busybox 75 | if [ $in_userns -eq 1 ]; then 76 | for dev in tty console tty0 tty1 ram0 null urandom; do 77 | echo "lxc.mount.entry = /dev/$dev dev/$dev none bind,optional,create=file 0 0" >> $path/config 78 | done 79 | else 80 | mknod -m 666 tty c 5 0 || res=1 81 | mknod -m 666 console c 5 1 || res=1 82 | mknod -m 666 tty0 c 4 0 || res=1 83 | mknod -m 666 tty1 c 4 0 || res=1 84 | mknod -m 666 tty5 c 4 0 || res=1 85 | mknod -m 600 ram0 b 1 0 || res=1 86 | mknod -m 666 null c 1 3 || res=1 87 | mknod -m 666 zero c 1 5 || res=1 88 | mknod -m 666 urandom c 1 9 || res=1 89 | fi 90 | 91 | popd > /dev/null 92 | 93 | # root user defined 94 | cat <> $rootfs/etc/passwd 95 | root:x:0:0:root:/root:/bin/sh 96 | EOF 97 | 98 | cat <> $rootfs/etc/group 99 | root:x:0:root 100 | EOF 101 | 102 | # mount everything 103 | cat <> $rootfs/etc/init.d/rcS 104 | #!/bin/sh 105 | #/bin/syslogd 106 | /bin/mount -a 107 | /bin/udhcpc 108 | EOF 109 | 110 | # executable 111 | chmod 744 $rootfs/etc/init.d/rcS || return 1 112 | 113 | # launch rcS first then make a console available 114 | # and propose a shell on the tty, the last one is 115 | # not needed 116 | cat <> $rootfs/etc/inittab 117 | ::sysinit:/etc/init.d/rcS 118 | tty1::respawn:/bin/getty -L tty1 115200 vt100 119 | console::askfirst:/bin/sh 120 | EOF 121 | # writable and readable for other 122 | chmod 644 $rootfs/etc/inittab || return 1 123 | 124 | cat <> $rootfs/usr/share/udhcpc/default.script 125 | #!/bin/sh 126 | case "\$1" in 127 | deconfig) 128 | ip addr flush dev \$interface 129 | ;; 130 | 131 | renew|bound) 132 | # flush all the routes 133 | if [ -n "\$router" ]; then 134 | ip route del default 2> /dev/null 135 | fi 136 | 137 | # check broadcast 138 | if [ -n "\$broadcast" ]; then 139 | broadcast="broadcast \$broadcast" 140 | fi 141 | 142 | # add a new ip address 143 | ip addr add \$ip/\$mask \$broadcast dev \$interface 144 | 145 | if [ -n "\$router" ]; then 146 | ip route add default via \$router dev \$interface 147 | fi 148 | 149 | [ -n "\$domain" ] && echo search \$domain > /etc/resolv.conf 150 | for i in \$dns ; do 151 | echo nameserver \$i >> /etc/resolv.conf 152 | done 153 | ;; 154 | esac 155 | exit 0 156 | EOF 157 | 158 | chmod 744 $rootfs/usr/share/udhcpc/default.script 159 | 160 | return $res 161 | } 162 | 163 | configure_busybox() 164 | { 165 | rootfs=$1 166 | mkdir -p /tmp/busybox-static 167 | wget https://github.com/samm-git/turris-containers/raw/master/bin/busybox-static-ppcspe -O /tmp/busybox-static/busybox 168 | which busybox >/dev/null 2>&1 169 | 170 | if [ $? -ne 0 ]; then 171 | echo "busybox executable is not accessible" 172 | return 1 173 | fi 174 | 175 | file -L $(which busybox) | grep -q "statically linked" 176 | if [ $? -ne 0 ]; then 177 | echo "warning : busybox is not statically linked." 178 | echo "warning : The template script may not correctly" 179 | echo "warning : setup the container environment." 180 | fi 181 | 182 | # copy busybox in the rootfs 183 | cp $(which busybox) $rootfs/bin 184 | if [ $? -ne 0 ]; then 185 | echo "failed to copy busybox in the rootfs" 186 | return 1 187 | fi 188 | 189 | # symlink busybox for the commands it supports 190 | # it would be nice to just use "chroot $rootfs busybox --install -s /bin" 191 | # but that only works right in a chroot with busybox >= 1.19.0 192 | pushd $rootfs/bin > /dev/null || return 1 193 | ./busybox --help | grep 'Currently defined functions:' -A300 | \ 194 | grep -v 'Currently defined functions:' | tr , '\n' | \ 195 | xargs -n1 ln -s busybox 196 | popd > /dev/null 197 | 198 | # relink /sbin/init 199 | ln $rootfs/bin/busybox $rootfs/sbin/init 200 | 201 | # passwd exec must be setuid 202 | chmod +s $rootfs/bin/passwd 203 | touch $rootfs/etc/shadow 204 | 205 | # setting passwd for root 206 | CHPASSWD_FILE=$rootfs/root/chpasswd.sh 207 | 208 | cat <$CHPASSWD_FILE 209 | echo "setting root password to \"root\"" 210 | 211 | mount -n --bind /lib $rootfs/lib 212 | if [ \$? -ne 0 ]; then 213 | echo "Failed bind-mounting /lib at $rootfs/lib" 214 | exit 1 215 | fi 216 | 217 | chroot $rootfs chpasswd </dev/null 218 | root:root 219 | EOFF 220 | 221 | 222 | if [ \$? -ne 0 ]; then 223 | echo "Failed to change root password" 224 | exit 1 225 | fi 226 | 227 | umount $rootfs/lib 228 | 229 | EOF 230 | 231 | lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE 232 | rm $CHPASSWD_FILE 233 | 234 | # add ssh functionality if dropbear package available on host 235 | which dropbear >/dev/null 2>&1 236 | if [ $? -eq 0 ]; then 237 | # copy dropbear binary 238 | cp $(which dropbear) $rootfs/usr/sbin 239 | if [ $? -ne 0 ]; then 240 | echo "Failed to copy dropbear in the rootfs" 241 | return 1 242 | fi 243 | 244 | # make symlinks to various ssh utilities 245 | utils="\ 246 | $rootfs/usr/bin/dbclient \ 247 | $rootfs/usr/bin/scp \ 248 | $rootfs/usr/bin/ssh \ 249 | $rootfs/usr/sbin/dropbearkey \ 250 | $rootfs/usr/sbin/dropbearconvert \ 251 | " 252 | echo $utils | xargs -n1 ln -s /usr/sbin/dropbear 253 | 254 | # add necessary config files 255 | mkdir $rootfs/etc/dropbear 256 | dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1 257 | dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1 258 | 259 | echo "'dropbear' ssh utility installed" 260 | fi 261 | 262 | return 0 263 | } 264 | 265 | copy_configuration() 266 | { 267 | path=$1 268 | rootfs=$2 269 | name=$3 270 | 271 | grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config 272 | cat <> $path/config 273 | lxc.haltsignal = SIGUSR1 274 | lxc.utsname = $name 275 | lxc.tty = 1 276 | lxc.pts = 1 277 | lxc.cap.drop = sys_module mac_admin mac_override sys_time 278 | 279 | # When using LXC with apparmor, uncomment the next line to run unconfined: 280 | #lxc.aa_profile = unconfined 281 | 282 | lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed 283 | lxc.mount.entry = shm /dev/shm tmpfs defaults 0 0 284 | EOF 285 | 286 | libdirs="\ 287 | lib \ 288 | usr/lib \ 289 | lib64 \ 290 | usr/lib64" 291 | 292 | for dir in $libdirs; do 293 | if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then 294 | echo "lxc.mount.entry = /$dir $dir none ro,bind 0 0" >> $path/config 295 | fi 296 | done 297 | echo "lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind,optional 0 0" >>$path/config 298 | } 299 | 300 | remap_userns() 301 | { 302 | path=$1 303 | 304 | if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then 305 | chown $LXC_MAPPED_UID $path/config >/dev/null 2>&1 306 | chown -R root $path/rootfs >/dev/null 2>&1 307 | fi 308 | 309 | if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then 310 | chgrp $LXC_MAPPED_GID $path/config >/dev/null 2>&1 311 | chgrp -R root $path/rootfs >/dev/null 2>&1 312 | fi 313 | } 314 | 315 | usage() 316 | { 317 | cat < 319 | EOF 320 | return 0 321 | } 322 | 323 | options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@") 324 | if [ $? -ne 0 ]; then 325 | usage $(basename $0) 326 | exit 1 327 | fi 328 | eval set -- "$options" 329 | 330 | while true 331 | do 332 | case "$1" in 333 | -h|--help) usage $0 && exit 0;; 334 | -p|--path) path=$2; shift 2;; 335 | --rootfs) rootfs=$2; shift 2;; 336 | -n|--name) name=$2; shift 2;; 337 | --mapped-uid) LXC_MAPPED_UID=$2; shift 2;; 338 | --mapped-gid) LXC_MAPPED_GID=$2; shift 2;; 339 | --) shift 1; break ;; 340 | *) break ;; 341 | esac 342 | done 343 | 344 | if [ "$(id -u)" != "0" ]; then 345 | echo "This script should be run as 'root'" 346 | exit 1 347 | fi 348 | 349 | if [ -z "$path" ]; then 350 | echo "'path' parameter is required" 351 | exit 1 352 | fi 353 | 354 | # detect rootfs 355 | config="$path/config" 356 | if [ -z "$rootfs" ]; then 357 | if grep -q '^lxc.rootfs' $config 2>/dev/null ; then 358 | rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config) 359 | else 360 | rootfs=$path/rootfs 361 | fi 362 | fi 363 | 364 | install_busybox $rootfs $name 365 | if [ $? -ne 0 ]; then 366 | echo "failed to install busybox's rootfs" 367 | exit 1 368 | fi 369 | 370 | configure_busybox $rootfs 371 | if [ $? -ne 0 ]; then 372 | echo "failed to configure busybox template" 373 | exit 1 374 | fi 375 | 376 | copy_configuration $path $rootfs $name 377 | if [ $? -ne 0 ]; then 378 | echo "failed to write configuration file" 379 | exit 1 380 | fi 381 | 382 | remap_userns $path 383 | if [ $? -ne 0 ]; then 384 | echo "failed to remap files to user" 385 | exit 1 386 | fi 387 | -------------------------------------------------------------------------------- /lxc-templates/lxc-turrisos: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 4 | # lxc: linux Container library 5 | 6 | # Authors: 7 | # Alex Samorukov 8 | 9 | # This library is free software; you can redistribute it and/or 10 | # modify it under the terms of the GNU Lesser General Public 11 | # License as published by the Free Software Foundation; either 12 | # version 2.1 of the License, or (at your option) any later version. 13 | 14 | # This library is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | # Lesser General Public License for more details. 18 | 19 | # You should have received a copy of the GNU Lesser General Public 20 | # License along with this library; if not, write to the Free Software 21 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 | 23 | LXC_MAPPED_UID= 24 | LXC_MAPPED_GID= 25 | 26 | # Make sure the usual locations are in PATH 27 | export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin 28 | 29 | am_in_userns() { 30 | [ -e /proc/self/uid_map ] || { echo no; return; } 31 | [ "$(wc -l /proc/self/uid_map | awk '{ print $1 }')" -eq 1 ] || { echo yes; return; } 32 | line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map) 33 | [ "$line" = "0 0 4294967295" ] && { echo no; return; } 34 | echo yes 35 | } 36 | 37 | in_userns=0 38 | [ $(am_in_userns) = "yes" ] && in_userns=1 39 | 40 | openwrt_container_configure_network() { 41 | cat > etc/config/network << EOF 42 | config interface 'loopback' 43 | option ifname 'lo' 44 | option proto 'static' 45 | option ipaddr '127.0.0.1' 46 | option netmask '255.0.0.0' 47 | 48 | config interface 'wan' 49 | option ifname 'eth2' 50 | option proto 'dhcp' 51 | EOF 52 | } 53 | 54 | openwrt_container_configure_system() { 55 | cat > etc/config/system << EOF 56 | config system 57 | option timezone 'UTC' 58 | option hostname 'turris-vrt' 59 | 60 | config timeserver 'ntp' 61 | list server '0.openwrt.pool.ntp.org' 62 | list server '1.openwrt.pool.ntp.org' 63 | list server '2.openwrt.pool.ntp.org' 64 | list server '3.openwrt.pool.ntp.org' 65 | option enable_server '0' 66 | EOF 67 | } 68 | 69 | openwrt_container_cleanup_rootfs() { 70 | rm -rf lib/modules/* 71 | } 72 | 73 | openwrt_container_configure_inittab() { 74 | cat > etc/inittab << EOF 75 | ::sysinit:/etc/init.d/rcS S boot 76 | ::shutdown:/etc/init.d/rcS K shutdown 77 | console::askfirst:/bin/ash --login 78 | tty1::askfirst:/bin/ash --login 79 | tty2::askfirst:/bin/ash --login 80 | tty3::askfirst:/bin/ash --login 81 | tty4::askfirst:/bin/ash --login 82 | EOF 83 | } 84 | 85 | 86 | install_turrisos() 87 | { 88 | rootfs=$1 89 | name=$2 90 | res=0 91 | 92 | # download turris os image to the src 93 | [ -e /tmp/turrisos.tar.gz ] || { wget -O \ 94 | /tmp/turrisos.tar.gz https://api.turris.cz/openwrt-repo/turris/openwrt-mpc85xx-p2020-nand-TURRISNAND-rootfs.tar.gz; } 95 | mkdir -p $rootfs && \ 96 | cd $rootfs && \ 97 | tar -xzf /tmp/turrisos.tar.gz 98 | return $res 99 | } 100 | 101 | turrisos_disable_services() 102 | { 103 | # remove services not working inside container 104 | cd etc/rc.d 105 | rm -f *log *smrtd *rainbow *led *update_mac S98sysntpd 106 | # disable firewall autostart 107 | rm -f S19firewall 108 | cd ../../ 109 | # remove rainbow cron job 110 | rm -f etc/cron.d/rainbow 111 | # remove some preinit scripts 112 | rm -f lib/preinit/03_preinit_do_mpc85xx.sh lib/preinit/05_set_preinit_iface_mpc85xx 113 | # fix syslogd configuration 114 | sed -i 's|source(kernel)|# source(kernel)|' etc/syslog-ng.conf 115 | sed -i 's|file("/proc/kmsg"|# file("/proc/kmsg"|' etc/syslog-ng.conf 116 | } 117 | 118 | turrisos_add_board_info() 119 | { 120 | mkdir -p tmp/sysinfo 121 | echo rtrs01-virt > tmp/sysinfo/board_name 122 | echo Turris > tmp/sysinfo/model 123 | # we will replace /usr/bin/atsha204cmd with fake to make webinterface happy 124 | cat < usr/bin/atsha204cmd 125 | #!/bin/sh 126 | 127 | if [ ! -n "\$1" ]; then 128 | echo "atsha204cmd hack for the VirtualTurris to emulate serial-number and hw-rev commands" 129 | exit; 130 | fi 131 | case \$1 in 132 | serial-number) 133 | # 1234567890123456789 134 | echo 112210F47DE98115 135 | ;; 136 | hw-rev) 137 | echo 00000005 138 | ;; 139 | esac 140 | EOF 141 | } 142 | 143 | configure_turrisos() 144 | { 145 | rootfs=$1 146 | 147 | cd $rootfs 148 | openwrt_container_configure_inittab 149 | openwrt_container_configure_network 150 | openwrt_container_configure_system 151 | openwrt_container_cleanup_rootfs 152 | turrisos_disable_services 153 | turrisos_add_board_info 154 | return 0 155 | } 156 | 157 | # Generate a random hardware (MAC) address composed of FE followed by 158 | # 5 random bytes... 159 | create_hwaddr() 160 | { 161 | openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/' 162 | } 163 | 164 | copy_configuration() 165 | { 166 | path=$1 167 | rootfs=$2 168 | name=$3 169 | 170 | grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config 171 | cat <> $path/config 172 | # uncomment next lines to run container in br-lan bridge 173 | #lxc.network.type = veth 174 | #lxc.network.flags = up 175 | #lxc.network.link = br-lan 176 | #lxc.network.name = eth2 177 | #lxc.network.hwaddr=$(create_hwaddr) 178 | 179 | # fix for lxc-stop 180 | lxc.haltsignal = SIGUSR1 181 | # Default mount entries 182 | lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 183 | lxc.mount.entry = sysfs sys sysfs defaults 0 0 184 | lxc.mount.entry = tmpfs tmp tmpfs defaults 185 | # Include common configuration 186 | lxc.include = /usr/share/lxc/config/openwrt.common.conf 187 | EOF 188 | } 189 | 190 | remap_userns() 191 | { 192 | path=$1 193 | 194 | if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then 195 | chown $LXC_MAPPED_UID $path/config >/dev/null 2>&1 196 | chown -R root $path/rootfs >/dev/null 2>&1 197 | fi 198 | 199 | if [ -n "$LXC_MAPPED_GID" ] && [ "$LXC_MAPPED_GID" != "-1" ]; then 200 | chgrp $LXC_MAPPED_GID $path/config >/dev/null 2>&1 201 | chgrp -R root $path/rootfs >/dev/null 2>&1 202 | fi 203 | } 204 | 205 | usage() 206 | { 207 | cat < 209 | EOF 210 | return 0 211 | } 212 | 213 | options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@") 214 | if [ $? -ne 0 ]; then 215 | usage $(basename $0) 216 | exit 1 217 | fi 218 | eval set -- "$options" 219 | 220 | while true 221 | do 222 | case "$1" in 223 | -h|--help) usage $0 && exit 0;; 224 | -p|--path) path=$2; shift 2;; 225 | --rootfs) rootfs=$2; shift 2;; 226 | -n|--name) name=$2; shift 2;; 227 | --mapped-uid) LXC_MAPPED_UID=$2; shift 2;; 228 | --mapped-gid) LXC_MAPPED_GID=$2; shift 2;; 229 | --) shift 1; break ;; 230 | *) break ;; 231 | esac 232 | done 233 | 234 | if [ "$(id -u)" != "0" ]; then 235 | echo "This script should be run as 'root'" 236 | exit 1 237 | fi 238 | 239 | if [ -z "$path" ]; then 240 | echo "'path' parameter is required" 241 | exit 1 242 | fi 243 | 244 | # detect rootfs 245 | config="$path/config" 246 | if [ -z "$rootfs" ]; then 247 | if grep -q '^lxc.rootfs' $config 2>/dev/null ; then 248 | rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config) 249 | else 250 | rootfs=$path/rootfs 251 | fi 252 | fi 253 | 254 | install_turrisos $rootfs $name 255 | if [ $? -ne 0 ]; then 256 | echo "failed to install TurrisOS rootfs" 257 | exit 1 258 | fi 259 | 260 | configure_turrisos $rootfs 261 | if [ $? -ne 0 ]; then 262 | echo "failed to configure TurrisOS template" 263 | exit 1 264 | fi 265 | 266 | copy_configuration $path $rootfs $name 267 | if [ $? -ne 0 ]; then 268 | echo "failed to write configuration file" 269 | exit 1 270 | fi 271 | 272 | remap_userns $path 273 | if [ $? -ne 0 ]; then 274 | echo "failed to remap files to user" 275 | exit 1 276 | fi 277 | 278 | --------------------------------------------------------------------------------