app-containers/lxc: add 5.0.0

 - build system switched to meson, so dropping all keywords off,
 - some changes to handling systemd in general - there's a chance gentoo-lxc
   on systemd breaks due to this (did my best to test it but...)

Signed-off-by: Joonas Niilola <juippis@gentoo.org>

7 files changed, 252 insertions, 0 deletions

diff --git a/app-containers/lxc/Manifest b/app-containers/lxc/Manifest
index c736c09fa249..c367d0810b33 100644
--- a/app-containers/lxc/Manifest
+++ b/app-containers/lxc/Manifest
@@ -1,2 +1,4 @@
 DIST lxc-4.0.12.tar.gz 1565070 BLAKE2B 819b5140b641dbc1ed6cf5f2840bb0ee6d3ab8c687f4f8064e42d347113bdf50fcbb653a6fb26598db0daab0c83ad88fe0d27fd2842fac9d7f5fef73656d7976 SHA512 04437d9c891cd3a22f756c42f05e97398772587175d65aff9d394f0f3e810efc5c1fe7077c39573de3ec259e0605bc2a7ea51093613b2cef908372ae338df19d
 DIST lxc-4.0.12.tar.gz.asc 833 BLAKE2B 2fca60b5ac267a893f70875ccdbe39db6b98b5fe51fe396692449e310b6e680e7b142380e193f5d8299f18e796ed2fd0e08cd186859069877fcca6bc26e44717 SHA512 4f2912879e6f3bf5fdbebb902cf16ca6b766b5720b817c4b4996e62098a1d282327d330ffd9768d45d69aeddb50184dc8485b0ef75b046449ce4c544cdc43c9b
+DIST lxc-5.0.0.tar.gz 968678 BLAKE2B 82fa15353bdd78a1cc4cdb915f4a8366790b4ac317247bb03ceae91137368ef953ec52f6882ba9d44f6b9bddd3ac20579339e6bbedb4e5642adc81473825a91d SHA512 ecdce46a83602197716c9a4e50e0514a7e0764fbf34db6d5e3497e90669b4c8ced4b787fb220967d95dd8e50016075f3b118e85d9d63c21b2ba17de2e7aefb81
+DIST lxc-5.0.0.tar.gz.asc 833 BLAKE2B 3519789f7a9797895c1b89371db28add0833b0db5a32b71f8fdff98f689a2ed6edd77db90fad89658e7c148a94a1008a718dca32bc3ce40dbfce9b44c9506dbd SHA512 d475073543e82481675a4d7ffe642445b73698ad0675cfd996768c6f026786c694cea062d50139264362a516b8777fc4e1a5fb5592eeed35ac2f6d64460c505d
diff --git a/app-containers/lxc/files/lxc-5.0.0-dont-depend-on-static-libcap.patch b/app-containers/lxc/files/lxc-5.0.0-dont-depend-on-static-libcap.patch
new file mode 100644
index 000000000000..74f3d353c561
--- /dev/null
+++ b/app-containers/lxc/files/lxc-5.0.0-dont-depend-on-static-libcap.patch
@@ -0,0 +1,27 @@
+From 7d72354898feac15bc4082130bcbe638bae02450 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Thu, 14 Jul 2022 17:03:40 +0200
+Subject: [PATCH] meson.build: fix build with -Dcapabilities=false
+
+Define libcap_static to an empty array to avoid the following build
+failure with -Dcapabilities=false:
+
+output/build/lxc-5.0.0/src/lxc/cmd/meson.build:64:4: ERROR: Unknown variable "libcap_static".
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ meson.build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/meson.build b/meson.build
+index 992fa08c72..4ed57a655b 100644
+--- a/meson.build
++++ b/meson.build
+@@ -443,6 +443,7 @@ int main(int argc, char *argv[]) { return 0; };
+         srcconf.set10('HAVE_STATIC_LIBCAP', false)
+     endif
+ else
++    libcap_static = []
+     srcconf.set10('HAVE_LIBCAP', false)
+     srcconf.set10('HAVE_STATIC_LIBCAP', false)
+ endif
diff --git a/app-containers/lxc/files/lxc-monitord.service.5.0.0 b/app-containers/lxc/files/lxc-monitord.service.5.0.0
new file mode 100644
index 000000000000..ff4a201152c0
--- /dev/null
+++ b/app-containers/lxc/files/lxc-monitord.service.5.0.0
@@ -0,0 +1,11 @@
+[Unit]
+Description=LXC Container Monitoring Daemon
+After=syslog.service network.target
+Documentation=man:lxc
+
+[Service]
+Type=simple
+ExecStart=/usr/libexec/lxc/lxc-monitord --daemon
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-containers/lxc/files/lxc-net.service.5.0.0 b/app-containers/lxc/files/lxc-net.service.5.0.0
new file mode 100644
index 000000000000..8a037fcb7614
--- /dev/null
+++ b/app-containers/lxc/files/lxc-net.service.5.0.0
@@ -0,0 +1,15 @@
+[Unit]
+Description=LXC network bridge setup
+After=network-online.target
+Before=lxc.service
+Documentation=man:lxc
+ConditionVirtualization=!lxc
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/lxc/lxc-net start
+ExecStop=/usr/libexec/lxc/lxc-net stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-containers/lxc/files/lxc.service-5.0.0 b/app-containers/lxc/files/lxc.service-5.0.0
new file mode 100644
index 000000000000..35d0dff241d0
--- /dev/null
+++ b/app-containers/lxc/files/lxc.service-5.0.0
@@ -0,0 +1,19 @@
+[Unit]
+Description=LXC Container Initialization and Autoboot Code
+After=network.target lxc-net.service remote-fs.target
+Wants=lxc-net.service
+Documentation=man:lxc-autostart man:lxc
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load
+ExecStart=/usr/libexec//lxc/lxc-containers start
+ExecStop=/usr/libexec/lxc/lxc-containers stop
+ExecReload=/usr/libexec/lxc/lxc-apparmor-load
+# Environment=BOOTUP=serial
+# Environment=CONSOLETYPE=serial
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-containers/lxc/files/lxc_at.service.5.0.0 b/app-containers/lxc/files/lxc_at.service.5.0.0
new file mode 100644
index 000000000000..447b6c87ec5d
--- /dev/null
+++ b/app-containers/lxc/files/lxc_at.service.5.0.0
@@ -0,0 +1,19 @@
+[Unit]
+Description=LXC Container: %i
+# This pulls in apparmor, dev-setup, lxc-net
+After=lxc.service
+Wants=lxc.service
+Documentation=man:lxc-start man:lxc
+
+[Service]
+Type=simple
+KillMode=mixed
+TimeoutStopSec=120s
+ExecStart=/usr/bin/lxc-start -F -n %i
+ExecStop=/usr/bin/lxc-stop -n %i
+# Environment=BOOTUP=serial
+# Environment=CONSOLETYPE=serial
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-containers/lxc/lxc-5.0.0.ebuild b/app-containers/lxc/lxc-5.0.0.ebuild
new file mode 100644
index 000000000000..e613d9df3f45
--- /dev/null
+++ b/app-containers/lxc/lxc-5.0.0.ebuild
@@ -0,0 +1,159 @@
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1 linux-info meson optfeature systemd verify-sig
+
+DESCRIPTION="A userspace interface for the Linux kernel containment features"
+HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz
+	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P}.tar.gz.asc )"
+
+LICENSE="GPL-2 LGPL-2.1 LGPL-3"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="apparmor +caps examples io-uring man pam seccomp selinux ssl systemd test +tools verify-sig"
+
+RDEPEND="acct-group/lxc
+	acct-user/lxc
+	apparmor? ( sys-libs/libapparmor )
+	caps? ( sys-libs/libcap[static-libs] )
+	io-uring? ( >=sys-libs/liburing-2:= )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	ssl? ( dev-libs/openssl:0= )
+	systemd? ( sys-apps/systemd )
+	tools? ( sys-libs/libcap[static-libs] )"
+DEPEND="${RDEPEND}
+	sys-kernel/linux-headers"
+BDEPEND="virtual/pkgconfig
+	man? ( app-text/docbook2X )
+	verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
+
+RESTRICT="!test? ( test )"
+
+CONFIG_CHECK="~!NETPRIO_CGROUP
+	~CGROUPS
+	~CGROUP_CPUACCT
+	~CGROUP_DEVICE
+	~CGROUP_FREEZER
+
+	~CGROUP_SCHED
+	~CPUSETS
+	~IPC_NS
+	~MACVLAN
+
+	~MEMCG
+	~NAMESPACES
+	~NET_NS
+	~PID_NS
+
+	~POSIX_MQUEUE
+	~USER_NS
+	~UTS_NS
+	~VETH"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
+ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
+
+DOCS=( AUTHORS CONTRIBUTING MAINTAINERS README.md doc/FAQ.txt )
+
+PATCHES=( "${FILESDIR}"/lxc-5.0.0-dont-depend-on-static-libcap.patch )
+
+pkg_setup() {
+	linux-info_pkg_setup
+}
+
+src_configure() {
+	local emesonargs=(
+		-Dcoverity-build=false
+		-Doss-fuzz=false
+
+		-Dcommands=true
+		-Dmemfd-rexec=true
+		-Dthread-safety=true
+
+		$(meson_use apparmor)
+		$(meson_use caps capabilities)
+		$(meson_use examples)
+		$(meson_use io-uring io-uring-event-loop)
+		$(meson_use man)
+		$(meson_use pam pam-cgroup)
+		$(meson_use seccomp)
+		$(meson_use selinux)
+		$(meson_use ssl openssl)
+		$(meson_use test tests)
+		$(meson_use tools)
+
+		-Ddata-path=/var/lib/lxc
+		-Ddoc-path=/usr/share/doc/${PF}
+		-Dlog-path=/var/log/lxc
+		-Drootfs-mount-path=/var/lib/lxc/rootfs
+		-Druntime-path=/run
+	)
+
+	if use systemd; then
+		local emesonargs+=( -Dinit-script="systemd" )
+	else
+		local emesonargs+=( -Dinit-script="sysvinit" )
+	fi
+
+	use tools && local emesonargs+=( -Dcapabilities=true )
+
+	meson_src_configure
+}
+
+src_install() {
+	meson_src_install
+
+	# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
+	mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir."
+
+	if use tools; then
+		bashcomp_alias lxc-start lxc-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,usernsexec,wait}
+	else
+		bashcomp_alias lxc-start lxc-usernsexec
+	fi
+
+	keepdir /var/lib/cache/lxc /var/lib/lib/lxc
+
+	find "${ED}" -name '*.la' -delete -o -name '*.a' -delete || die
+
+	# Replace upstream sysvinit/systemd files.
+	if use systemd; then
+		rm -r "${ED}"/lib/systemd || die "Failed to remove systemd lib dir"
+	else
+		rm "${ED}"/etc/init.d/lxc-{containers,net} || die "Failed to remove sysvinit scripts"
+	fi
+
+	newinitd "${FILESDIR}/${PN}.initd.8" ${PN}
+	systemd_newunit "${FILESDIR}"/lxc-monitord.service.5.0.0 lxc-monitord.service
+	systemd_newunit "${FILESDIR}"/lxc-net.service.5.0.0 lxc-net.service
+	systemd_newunit "${FILESDIR}"/lxc.service-5.0.0 lxc.service
+	systemd_newunit "${FILESDIR}"/lxc_at.service.5.0.0 "lxc@.service"
+
+	if ! use apparmor; then
+		sed -i '/lxc-apparmor-load/d' "${ED}"/lib/systemd/system/lxc.service || die "Failed to remove apparmor references from lxc.service systemd unit."
+	fi
+}
+
+pkg_postinst() {
+	elog "Please refer to "
+	elog "https://wiki.gentoo.org/wiki/LXC for introduction and usage guide."
+	elog
+	elog "Run 'lxc-checkconfig' to see optional kernel features."
+	elog
+
+	optfeature "automatic template scripts" app-containers/lxc-templates
+	optfeature "Debian-based distribution container image support" dev-util/debootstrap
+	optfeature "snapshot & restore functionality" sys-process/criu
+}