app-containers/lxd: allow 5.0.3 to pull images from lxc image server

 - the LTS version of LXD is still allowed to pull images. Add upstream
   (Canonical) fixes to lxd-5.0.3.

Signed-off-by: Joonas Niilola <juippis@gentoo.org>

3 files changed, 321 insertions, 0 deletions

diff --git a/app-containers/lxd/files/lxd-5.0.3-pr-12834-dont-stop-parsing-image-info.patch b/app-containers/lxd/files/lxd-5.0.3-pr-12834-dont-stop-parsing-image-info.patch
new file mode 100644
index 000000000000..768e4d160132
--- /dev/null
+++ b/app-containers/lxd/files/lxd-5.0.3-pr-12834-dont-stop-parsing-image-info.patch
@@ -0,0 +1,79 @@
+From fe71f2135bdc3aa6ea28de7ed1ac324f7d689ed6 Mon Sep 17 00:00:00 2001
+From: Thomas Parrott <thomas.parrott@canonical.com>
+Date: Wed, 7 Feb 2024 16:53:29 +0000
+Subject: [PATCH 1/2] shared/simplestreams/products: Fix regression in parsing
+ version files
+
+Don't stop when finding first matching version file because the index is parsed
+in random order and LXD calls it multiple times when figuring out which image
+file to download and so stopping early can cause mismatches when trying to match
+a converted alias to a specific file fingerprint.
+
+Introduced with 3e9acc4
+
+Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
+(cherry picked from commit 3681d5e54649fcc2fc9375b6820c1133f140228d)
+---
+ shared/simplestreams/products.go | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/shared/simplestreams/products.go b/shared/simplestreams/products.go
+index a07e4d5b1b5b..542051403899 100644
+--- a/shared/simplestreams/products.go
++++ b/shared/simplestreams/products.go
+@@ -279,8 +279,6 @@ func (s *Products) ToLXD() ([]api.Image, map[string][][]string) {
+ 					if err != nil {
+ 						continue
+ 					}
+-
+-					break // Stop at first compatible item found.
+ 				} else if shared.StringInSlice(item.FileType, lxdCompatItems) {
+ 					// Locate the root files
+ 					for _, subItem := range version.Items {
+@@ -291,8 +289,6 @@ func (s *Products) ToLXD() ([]api.Image, map[string][][]string) {
+ 							}
+ 						}
+ 					}
+-
+-					break // Stop at first compatible item found.
+ 				}
+ 			}
+ 		}
+
+From d3253e4cbc85b97e3bc6dba9a27fd2ab0c4d8685 Mon Sep 17 00:00:00 2001
+From: Thomas Parrott <thomas.parrott@canonical.com>
+Date: Wed, 7 Feb 2024 10:28:36 +0000
+Subject: [PATCH 2/2] shared/simplestreams/simplestreams: Improve error
+ messages
+
+Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
+(cherry picked from commit 56364f5a97373155d5e6a5a6b10d06d16a25fb3c)
+---
+ shared/simplestreams/simplestreams.go | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/shared/simplestreams/simplestreams.go b/shared/simplestreams/simplestreams.go
+index 3f3255cac913..68e1d96278a3 100644
+--- a/shared/simplestreams/simplestreams.go
++++ b/shared/simplestreams/simplestreams.go
+@@ -377,7 +377,7 @@ func (s *SimpleStreams) GetFiles(fingerprint string) (map[string]DownloadableFil
+ 		}
+ 	}
+ 
+-	return nil, fmt.Errorf("Couldn't find the requested image")
++	return nil, fmt.Errorf("Couldn't find the requested image for fingerprint %q", fingerprint)
+ }
+ 
+ // ListAliases returns a list of image aliases for the provided image fingerprint.
+@@ -501,9 +501,9 @@ func (s *SimpleStreams) GetImage(fingerprint string) (*api.Image, error) {
+ 	}
+ 
+ 	if len(matches) == 0 {
+-		return nil, fmt.Errorf("The requested image couldn't be found")
++		return nil, fmt.Errorf("The requested image couldn't be found for fingerprint %q", fingerprint)
+ 	} else if len(matches) > 1 {
+-		return nil, fmt.Errorf("More than one match for the provided partial fingerprint")
++		return nil, fmt.Errorf("More than one match for the provided partial fingerprint %q", fingerprint)
+ 	}
+ 
+ 	return &matches[0], nil
diff --git a/app-containers/lxd/files/lxd-5.0.3-pr-12847-ignore-incus-archives.patch b/app-containers/lxd/files/lxd-5.0.3-pr-12847-ignore-incus-archives.patch
new file mode 100644
index 000000000000..76a6a1476de8
--- /dev/null
+++ b/app-containers/lxd/files/lxd-5.0.3-pr-12847-ignore-incus-archives.patch
@@ -0,0 +1,26 @@
+From 55bd4024dbfc315c0f57da57f2f9bd9c5c97dad1 Mon Sep 17 00:00:00 2001
+From: Din Music <din.music@canonical.com>
+Date: Thu, 18 Jan 2024 17:08:36 +0100
+Subject: [PATCH] shared/simplestreams/products: Search only for lxd archives
+
+Signed-off-by: Din Music <din.music@canonical.com>
+(cherry picked from commit 0c9253da9448475e6de60dd345c67c0179884f13)
+---
+ shared/simplestreams/products.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/shared/simplestreams/products.go b/shared/simplestreams/products.go
+index 542051403899..d80d8e7be251 100644
+--- a/shared/simplestreams/products.go
++++ b/shared/simplestreams/products.go
+@@ -10,8 +10,8 @@ import (
+ 	"github.com/canonical/lxd/shared/osarch"
+ )
+ 
+-var lxdCompatCombinedItems = []string{"lxd_combined.tar.gz", "incus_combined.tar.gz"}
+-var lxdCompatItems = []string{"lxd.tar.xz", "incus.tar.xz"}
++var lxdCompatCombinedItems = []string{"lxd_combined.tar.gz"}
++var lxdCompatItems = []string{"lxd.tar.xz"}
+ 
+ // Products represents the base of download.json.
+ type Products struct {
diff --git a/app-containers/lxd/lxd-5.0.3-r1.ebuild b/app-containers/lxd/lxd-5.0.3-r1.ebuild
new file mode 100644
index 000000000000..0cb951baf4e3
--- /dev/null
+++ b/app-containers/lxd/lxd-5.0.3-r1.ebuild
@@ -0,0 +1,216 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1 go-module linux-info optfeature systemd verify-sig
+
+DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
+HOMEPAGE="https://ubuntu.com/lxd https://github.com/canonical/lxd"
+SRC_URI="https://github.com/canonical/lxd/releases/download/${P}/${P}.tar.gz
+	verify-sig? ( https://github.com/canonical/lxd/releases/download/${P}/${P}.tar.gz.asc
+)"
+
+LICENSE="Apache-2.0 BSD LGPL-3 MIT"
+SLOT="0/lts"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="apparmor nls"
+
+DEPEND="acct-group/lxd
+	app-arch/xz-utils
+	>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
+	dev-db/sqlite:3
+	>=dev-libs/dqlite-1.13.0:=
+	dev-libs/lzo
+	>=dev-libs/raft-0.17.1:=[lz4]
+	>=dev-util/xdelta-3.0[lzma(+)]
+	net-dns/dnsmasq[dhcp]
+	sys-libs/libcap
+	virtual/udev"
+RDEPEND="${DEPEND}
+	|| (
+			net-firewall/nftables[json]
+			(
+				net-firewall/ebtables
+				net-firewall/iptables
+			)
+	)
+	sys-apps/iproute2
+	sys-fs/fuse:*
+	>=sys-fs/lxcfs-5.0.0
+	sys-fs/squashfs-tools[lzma]
+	virtual/acl"
+BDEPEND="dev-lang/go
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-canonical )"
+
+CONFIG_CHECK="
+	~CGROUPS
+	~IPC_NS
+	~NET_NS
+	~PID_NS
+
+	~SECCOMP
+	~USER_NS
+	~UTS_NS
+
+	~KVM
+	~MACVTAP
+	~VHOST_VSOCK
+"
+
+ERROR_IPC_NS="CONFIG_IPC_NS is required."
+ERROR_NET_NS="CONFIG_NET_NS is required."
+ERROR_PID_NS="CONFIG_PID_NS is required."
+ERROR_SECCOMP="CONFIG_SECCOMP is required."
+ERROR_UTS_NS="CONFIG_UTS_NS is required."
+
+WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
+WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
+WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
+
+# Go magic.
+QA_PREBUILT="/usr/bin/fuidshift
+	/usr/bin/lxc
+	/usr/bin/lxc-to-lxd
+	/usr/bin/lxd-agent
+	/usr/bin/lxd-benchmark
+	/usr/bin/lxd-migrate
+	/usr/sbin/lxd"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/canonical.asc
+
+# The testsuite must be run as root.
+# make: *** [Makefile:156: check] Error 1
+RESTRICT="test"
+
+GOPATH="${S}/_dist"
+
+PATCHES=(
+	"${FILESDIR}"/lxd-5.0.3-remove-shellcheck-buildsystem-checks.patch
+	"${FILESDIR}"/lxd-5.0.3-pr-12834-dont-stop-parsing-image-info.patch
+	"${FILESDIR}"/lxd-5.0.3-pr-12847-ignore-incus-archives.patch
+)
+
+src_prepare() {
+	export GOPATH="${S}/_dist"
+
+	default
+
+	sed -i \
+		-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/lxd:g" \
+		-e "s:make:make ${MAKEOPTS}:g" \
+		Makefile || die
+
+	# Fix hardcoded ovmf file path, see bug 763180
+	sed -i \
+		-e "s:/usr/share/OVMF:/usr/share/edk2-ovmf:g" \
+		-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
+		doc/environment.md \
+		lxd/apparmor/instance.go \
+		lxd/apparmor/instance_qemu.go \
+		lxd/instance/drivers/driver_qemu.go || die "Failed to fix hardcoded ovmf paths."
+
+	# Fix hardcoded virtfs-proxy-helper file path, see bug 798924
+	sed -i \
+		-e "s:/usr/lib/qemu/virtfs-proxy-helper:/usr/libexec/virtfs-proxy-helper:g" \
+		lxd/device/device_utils_disk.go || die "Failed to fix virtfs-proxy-helper path."
+
+	cp "${FILESDIR}"/lxd-4.0.9-r1.service "${T}"/lxd.service || die
+	if use apparmor; then
+		sed -i \
+			'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
+			"${T}"/lxd.service || die
+	fi
+
+	# Disable -Werror's from go modules.
+	find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
+}
+
+src_configure() { :; }
+
+src_compile() {
+	export GOPATH="${S}/_dist"
+	export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
+
+	for k in fuidshift lxd-benchmark lxc lxc-to-lxd; do
+		go install -v -x "${S}/${k}" || die "failed compiling ${k}"
+	done
+
+	go install -v -x -tags libsqlite3 "${S}"/lxd || die "Failed to build the daemon"
+
+	# Needs to be built statically
+	CGO_ENABLED=0 go install -v -tags netgo "${S}"/lxd-migrate
+	CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/lxd-agent
+
+	use nls && emake build-mo
+}
+
+src_test() {
+	emake check
+}
+
+src_install() {
+	export GOPATH="${S}/_dist"
+	local bindir="_dist/bin"
+
+	dosbin ${bindir}/lxd
+
+	for l in fuidshift lxd-agent lxd-benchmark lxd-migrate lxc lxc-to-lxd; do
+		dobin ${bindir}/${l}
+	done
+
+	newbashcomp scripts/bash/lxd-client lxc
+
+	newconfd "${FILESDIR}"/lxd-4.0.0.confd lxd
+	newinitd "${FILESDIR}"/lxd-5.0.2-r1.initd lxd
+
+	systemd_dounit "${T}"/lxd.service
+	systemd_newunit "${FILESDIR}"/lxd-containers-4.0.0.service lxd-containers.service
+	systemd_newunit "${FILESDIR}"/lxd-4.0.0.socket lxd.socket
+
+	dodoc AUTHORS
+	dodoc -r doc/*
+	use nls && domo po/*.mo
+}
+
+pkg_postinst() {
+	elog
+	elog "Consult https://wiki.gentoo.org/wiki/LXD for more information,"
+	elog "including a Quick Start."
+	elog "For virtual machine support, see:"
+	elog "https://wiki.gentoo.org/wiki/LXD#Virtual_machines"
+	elog
+	elog "Please run 'lxc-checkconfig' to see all optional kernel features."
+	elog
+	optfeature "virtual machine support" app-emulation/qemu[spice,usbredir,virtfs]
+	optfeature "btrfs storage backend" sys-fs/btrfs-progs
+	optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
+	optfeature "full lxd-migrate support" net-misc/rsync
+	optfeature "lvm2 storage backend" sys-fs/lvm2
+	optfeature "zfs storage backend" sys-fs/zfs
+	elog
+	elog "Be sure to add your local user to the lxd group."
+
+	if [[ ${REPLACING_VERSIONS} ]] &&
+	ver_test ${REPLACING_VERSIONS} -lt 5.0.1 &&
+	has_version app-emulation/qemu[spice,usbredir,virtfs]; then
+		ewarn ""
+		ewarn "You're updating from <5.0.1. Due to incompatible API updates in the lxd-agent"
+		ewarn "product, you'll have to restart any running virtual machines before they work"
+		ewarn "properly."
+		ewarn ""
+		ewarn "Run: 'lxc restart your-vm' after the update for your vm's managed by lxd."
+		ewarn ""
+	fi
+
+	if [[ ${REPLACING_VERSIONS} ]] &&
+	has_version "sys-apps/openrc"; then
+		elog ""
+		elog "The new init.d script will attempt to mount "
+		elog "  /sys/fs/cgroup/systemd"
+		elog "by default, which is needed to run systemd containers with openrc host."
+		elog "See the /etc/init.d/lxd file for requirements."
+		elog ""
+	fi
+}