summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/bubblewrap/APKBUILD51
-rw-r--r--system/bubblewrap/musl-fixes.patch17
-rw-r--r--system/bubblewrap/realpath-workaround.patch19
3 files changed, 87 insertions, 0 deletions
diff --git a/system/bubblewrap/APKBUILD b/system/bubblewrap/APKBUILD
new file mode 100644
index 000000000..2f73d6f45
--- /dev/null
+++ b/system/bubblewrap/APKBUILD
@@ -0,0 +1,51 @@
+# Contributor: Timo Teräs <timo.teras@iki.fi>
+# Maintainer:
+pkgname=bubblewrap
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="Unprivileged sandboxing tool"
+url="https://github.com/projectatomic/bubblewrap"
+arch="all"
+options="!check suid" # ?
+license="LGPL-2.0+"
+makedepends="autoconf automake libcap-dev docbook-xsl"
+subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
+source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz
+ realpath-workaround.patch musl-fixes.patch"
+
+prepare() {
+ cd "$builddir"
+ NOCONFIGURE=1 ./autogen.sh
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --with-priv-mode=setuid
+ make
+}
+
+package() {
+ cd "$builddir"
+ make install DESTDIR="$pkgdir"
+}
+
+bashcomp() {
+ pkgdesc="Bash completions for $pkgname"
+ depends=""
+ install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
+
+ mkdir -p "$subpkgdir"/usr/share/
+ mv "$pkgdir"/usr/share/bash-completion/ "$subpkgdir"/usr/share/
+}
+
+sha512sums="746f10cd9f9852ca4679d589357402ec10c352e02f77384844a4657fd9b2952189a3299319fbefedd35358d39fd16ded63cc3db95041ed2091548183786b8b63 bubblewrap-0.2.0.tar.gz
+400a0446670ebf80f16739f1a7a2878aadc3099424f957ba09ec3df780506c23a11368f0578c9e352d7ca6473fa713df826fad7a20c50338aa5f9fa9ac6b84a4 realpath-workaround.patch
+f59cda3b09dd99db9ca6d97099a15bb2523e054063d677502317ae3165ba2e32105a0ae8f877afc3827bd28d093c9d9d413270f4c87d9fe5f26f3eee670d916e musl-fixes.patch"
diff --git a/system/bubblewrap/musl-fixes.patch b/system/bubblewrap/musl-fixes.patch
new file mode 100644
index 000000000..ecf626331
--- /dev/null
+++ b/system/bubblewrap/musl-fixes.patch
@@ -0,0 +1,17 @@
+--- a/config.h.in
++++ b/config.h.in
+@@ -102,3 +102,14 @@
+
+ /* Define to 1 if you need to in order for `stat' and other things to work. */
+ #undef _POSIX_SOURCE
++
++/* taken from glibc unistd.h and fixes musl */
++#ifndef TEMP_FAILURE_RETRY
++#define TEMP_FAILURE_RETRY(expression) \
++ (__extension__ \
++ ({ long int __result; \
++ do __result = (long int) (expression); \
++ while (__result == -1L && errno == EINTR); \
++ __result; }))
++#endif
++
diff --git a/system/bubblewrap/realpath-workaround.patch b/system/bubblewrap/realpath-workaround.patch
new file mode 100644
index 000000000..6f1e3b54b
--- /dev/null
+++ b/system/bubblewrap/realpath-workaround.patch
@@ -0,0 +1,19 @@
+Musl realpath() implementation currently depends on /proc which is
+not available when setting up pivot root. For the time being just
+fallback to given path if realpath() fails. If there was symlinks
+that would have required normalizing the following parse_mountinfo()
+will fail.
+
+diff --git a/bind-mount.c b/bind-mount.c
+index 7d3543f..c33b701 100644
+--- a/bind-mount.c
++++ b/bind-mount.c
+@@ -397,7 +397,7 @@ bind_mount (int proc_fd,
+ path, so to find it in the mount table we need to do that too. */
+ resolved_dest = realpath (dest, NULL);
+ if (resolved_dest == NULL)
+- return 2;
++ resolved_dest = strdup (dest);
+
+ mount_tab = parse_mountinfo (proc_fd, resolved_dest);
+ if (mount_tab[0].mountpoint == NULL)