Merge pull request #815 from stefanor/lxc.generator-tweaks

stgraber · web-flow · commit 06a0fa20a065 · 2024-02-12T16:14:31.000-05:00
Tidy up lxc.generator a bit
diff --git a/distrobuilder/lxc.generator b/distrobuilder/lxc.generator
@@ -8,10 +8,11 @@ export LC_ALL=C
 ## Helper functions
 # is_lxc_container succeeds if we're running inside a LXC container
 is_lxc_container() {
-	grep -qa container=lxc /proc/1/environ
+	grep -q --text container=lxc /proc/1/environ
 }
 
 is_lxc_privileged_container() {
+	# The full positive 32-bit range is available
 	grep -qw 4294967295$ /proc/self/uid_map
 }
 
@@ -40,9 +41,10 @@ is_in_path() {
 fix_ro_paths() {
 	mkdir -p "/run/systemd/system/$1.d"
 	cat <<-EOF > "/run/systemd/system/$1.d/zzz-lxc-ropath.conf"
-[Service]
-BindReadOnlyPaths=/sys /proc
-EOF
+		# This file was created by distrobuilder
+		[Service]
+		BindReadOnlyPaths=/sys /proc
+		EOF
 }
 
 # fix_nm_link_state forces the network interface to a DOWN state ahead of NetworkManager starting up
@@ -57,19 +59,22 @@ fix_nm_link_state() {
 		return 0
 	fi
 	cat <<-EOF > /run/systemd/system/network-device-down.service
-[Unit]
-Description=Turn off network device
-Before=NetworkManager.service
-Before=systemd-networkd.service
-[Service]
-# do not turn off if there is a default route to 169.254.0.1, i.e. the device is a routed nic
-ExecCondition=/bin/sh -c '! /usr/bin/grep -qs 00000000.0100FEA9 /proc/net/route'
-ExecStart=-${ip_path} link set $1 down
-Type=oneshot
-RemainAfterExit=true
-[Install]
-WantedBy=default.target
-EOF
+		# This file was created by distrobuilder
+		[Unit]
+		Description=Turn off network device
+		Before=NetworkManager.service
+		Before=systemd-networkd.service
+
+		[Service]
+		# do not turn off if there is a default route to 169.254.0.1, i.e. the device is a routed nic
+		ExecCondition=/bin/sh -c '! /usr/bin/grep -qs 00000000.0100FEA9 /proc/net/route'
+		ExecStart=-${ip_path} link set $1 down
+		Type=oneshot
+		RemainAfterExit=true
+
+		[Install]
+		WantedBy=default.target
+		EOF
 	mkdir -p /run/systemd/system/default.target.wants
 	ln -sf /run/systemd/system/network-device-down.service /run/systemd/system/default.target.wants/network-device-down.service
 }
@@ -125,11 +130,12 @@ fix_systemd_udev_trigger() {
 
 	mkdir -p /run/systemd/system/systemd-udev-trigger.service.d
 	cat <<-EOF > /run/systemd/system/systemd-udev-trigger.service.d/zzz-lxc-override.conf
-[Service]
-ExecStart=
-ExecStart=-${cmd} trigger --type=subsystems --action=add
-ExecStart=-${cmd} trigger --type=devices --action=add
-EOF
+		# This file was created by distrobuilder
+		[Service]
+		ExecStart=
+		ExecStart=-${cmd} trigger --type=subsystems --action=add
+		ExecStart=-${cmd} trigger --type=devices --action=add
+		EOF
 }
 
 # fix_systemd_sysctl overrides the systemd-sysctl.service to use "ExecStart=-" instead of "ExecStart=".
@@ -138,10 +144,11 @@ fix_systemd_sysctl() {
 	! [ -e "${cmd}" ] && cmd=/lib/systemd/systemd-sysctl
 	mkdir -p /run/systemd/system/systemd-sysctl.service.d
 	cat <<-EOF > /run/systemd/system/systemd-sysctl.service.d/zzz-lxc-override.conf
-[Service]
-ExecStart=
-ExecStart=-${cmd}
-EOF
+		# This file was created by distrobuilder
+		[Service]
+		ExecStart=
+		ExecStart=-${cmd}
+		EOF
 }
 
 ## Main logic
@@ -167,6 +174,7 @@ done
 # Determine distro name and release
 ID=""
 if [ -e /etc/os-release ]; then
+	# shellcheck disable=SC1091
 	. /etc/os-release
 fi
 
@@ -211,15 +219,15 @@ fi
 if [ -d /etc/udev ]; then
 	mkdir -p /run/udev/rules.d
 	cat <<-EOF > /run/udev/rules.d/90-lxc-net.rules
-# This file was created by distrobuilder.
-#
-# Its purpose is to convince NetworkManager to treat the eth0 veth
-# interface like a regular Ethernet. NetworkManager ordinarily doesn't
-# like to manage the veth interfaces, because they are typically configured
-# by container management tooling for specialized purposes.
-
-ACTION=="add|change|move", ENV{ID_NET_DRIVER}=="veth", ENV{INTERFACE}=="eth[0-9]*", ENV{NM_UNMANAGED}="0"
-EOF
+		# This file was created by distrobuilder.
+		#
+		# Its purpose is to convince NetworkManager to treat the eth0 veth
+		# interface like a regular Ethernet. NetworkManager ordinarily doesn't
+		# like to manage the veth interfaces, because they are typically configured
+		# by container management tooling for specialized purposes.
+
+		ACTION=="add|change|move", ENV{ID_NET_DRIVER}=="veth", ENV{INTERFACE}=="eth[0-9]*", ENV{NM_UNMANAGED}="0"
+		EOF
 fi
 
 # Workarounds for NetworkManager in containers
