Ignore the LXC image that has been created. Change the mirror used to download the packages

won't work in unpriv CTs and mark the systemctl status as failed.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

.gitignore

@@ -1,9 +1,9 @@
 rootfs
 config
 logfile
-PVE
 .veid
 pacman.conf
 pkgcache
 rootfs
 aab.conf
+archlinux_base_*

Makefile

@@ -16,7 +16,7 @@ aab.conf:
 	echo 'Version: $(VERSION)' >> aab.conf
 	echo 'Section: system' >> aab.conf
 	echo 'Maintainer: Proxmox Support Team <support@proxmox.com>' >> aab.conf
-	echo 'Source: http://archlinux.cu.be/$$repo/os/$$arch' >> aab.conf
+	echo 'Source: https://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch' >> aab.conf
 	echo 'Architecture: $(ARCH)' >> aab.conf
 	echo 'Description: ArchLinux base image.' >> aab.conf
 	echo " ArchLinux template with the 'base' group and the 'openssh' package installed." >> aab.conf
@@ -51,3 +51,4 @@ clean:
 .PHONY: distclean
 distclean:
 	@$(PERL) ./aab dist-clean
+	rm -rf archlinux*.tar*

PVE/AAB.pm

@@ -11,7 +11,7 @@ use IPC::Open2;
 use IPC::Open3;
 use UUID;
 use Cwd;
-my @BASE_PACKAGES = qw(base openssh vi nano);
+my @BASE_PACKAGES = qw(base openssh vi nano python);
 my @BASE_EXCLUDES = qw(
     e2fsprogs
     jfsutils
@@ -50,6 +50,17 @@ sub write_file {
     $fh->close;
 }
 
+sub read_file {
+    my ($filename) = @_;
+
+    my $fh = IO::File->new ("<$filename") or die "failed to read $filename - $!\n";
+    my $rec = '';
+    while (defined (my $line = <$fh>)) {
+	$rec .= $line;
+    };
+    return $rec;
+}
+
 sub copy_file {
     my ($a, $b) = @_;
     copy($a, $b) or die "failed to copy $a => $b: $!";
@@ -169,7 +180,7 @@ sub __sample_config {
 
     return <<"CFG";
 lxc.arch = $arch
-lxc.include = /usr/share/lxc/config/archlinux.common.conf
+lxc.include = /usr/share/lxc/config/common.conf
 lxc.uts.name = localhost
 lxc.rootfs.path = $self->{rootfs}
 lxc.mount.entry = $self->{pkgcache} $self->{pkgdir} none bind 0 0
@@ -478,6 +489,12 @@ sub mask_systemd_unit {
     symln '/dev/null', "$root/etc/systemd/system/$unit";
 }
 
+sub enable_systemd_unit {
+    my ($self, $unit) = @_;
+    my $root = $self->{rootfs};
+    symln "/usr/lib/systemd/system/$unit", "$root/etc/systemd/system/multi-user.target.wants/$unit";
+}
+
 sub bootstrap {
     my ($self, $include, $exclude) = @_;
     my $root = $self->{rootfs};
@@ -567,9 +584,14 @@ sub bootstrap {
     $self->ve_command(['pacman', '-S', '--needed', '--noconfirm', '--', @$packages]);
 
     print "Masking problematic systemd units...\n";
-    for  my $unit (qw(sys-kernel-config.mount sys-kernel-debug.mount)) {
+    for  my $unit (qw(sys-kernel-config.mount sys-kernel-debug.mount systemd-journald-audit.socket systemd-resolved.service)) {
 	$self->mask_systemd_unit($unit);
     }
+
+    print "Enable systemd services...\n";
+    for my $unit (qw(sshd.service)) {
+        $self->enable_systemd_unit($unit);
+    }
 }
 
 # devices needed for gnupg to function:
@@ -675,8 +697,10 @@ sub finalize {
     unlink $file;
     rename_file($file.'.aab_orig', $file);
 
-    print "Removing weak temporary pacman keyring...\n";
-    rmtree("$rootdir/etc/pacman.d/gnupg");
+    # experienced user can change it anytime and others do well to start out with an updatable system..
+    my $mirrors = eval { read_file($file) } // '';
+    $mirrors = "\nServer = https://geo.mirror.pkgbuild.com/\$repo/os/\$arch\n\n" . $mirrors;
+    write_file($mirrors, $file, 0644);
 
     my $sizestr = $self->run_command("du -sm $rootdir", undef, 1);
     my $size;

README

@@ -1,27 +0,0 @@
-Usage example:
-
-1) Create an aab.conf file describing your template.
-
---- Example aab.conf:
-Name: base
-Version: 2015-08-21-1
-Section: optional
-Maintainer: Your Name
-Headline: ArchLinux base image.
-Architecture: x86_64
-Source: http://archlinux.cu.be/$repo/os/$arch
---- End of example
-
-2) Run as root:
-
-  # ./aab init
-  # ./aab bootstrap
-
-3) Maybe install additional packages
-
-  # ./aab install base-devel
-
-4) Create the archive and clean up:
-
-  # ./aab finalize
-  # ./aab cleanup

README.md

@@ -0,0 +1,48 @@
+# Arch Linux Appliance Builder
+
+This is a fork of [Proxmox AAB project](https://git.proxmox.com/) with the goal of building an updated Arch Linux LXC template for use with PVE, also to prevent removal of `pacman keyring`; disable `systemd-resolved` and enable `sshd`.
+
+## Requirements for building
+The best way to build this template is running inside of an Arch Linux environment and will need the following packages: **`lxc make perl-uuid`**
+
+Also to prevent an error when starting the container, you need to enable devices cgroup since LXC will apply [device cgroup limits](https://github.com/lxc/lxc/issues/2268#issuecomment-380019126).
+
+```Shell
+mount -o remount,rw /sys/fs/cgroup
+mkdir /sys/fs/cgroup/devices
+mount -t cgroup devices -o devices /sys/fs/cgroup/devices
+mount -o remount,ro /sys/fs/cgroup
+```
+
+## To enable/disable services and install additional packages
+
+Go to the file `PVE/AAB.pm` and search for the following lines:
+- Add new packages: `my @BASE_PACKAGES`
+- Disable service: `print "Masking problematic systemd units...\n";`
+- Enable serivce: `print "Enable systemd services...\n";`
+
+## Usage
+
+### with Make
+  - `make aab.conf`
+  - run as root `make build-current`
+  - go drink mate or kofi while is creating and compacting the template
+  - when done will have the following file `archlinux-base_${DATE}-1_${ARCH}.tar.zst`
+  - upload to your PVE and enjoy~
+
+### or step by step
+
+### 1. Create an aab.conf file describing your template.
+  - `make aab.conf`
+  - edit the source argument inside of `aab.conf` and change to a mirror of your choice
+
+### 2. Run as root:
+  - `./aab init`
+  - `./aab bootstrap`
+
+### 3. Maybe install additional packages
+  - `./aab install base-devel`
+
+### 4. Create the archive and clean up:
+  - `./aab finalize`
+  - `./aab cleanup`