diff options
-rw-r--r-- | system/bubblewrap/APKBUILD | 51 | ||||
-rw-r--r-- | system/bubblewrap/musl-fixes.patch | 17 | ||||
-rw-r--r-- | system/bubblewrap/realpath-workaround.patch | 19 |
3 files changed, 87 insertions, 0 deletions
diff --git a/system/bubblewrap/APKBUILD b/system/bubblewrap/APKBUILD new file mode 100644 index 000000000..2f73d6f45 --- /dev/null +++ b/system/bubblewrap/APKBUILD @@ -0,0 +1,51 @@ +# Contributor: Timo Teräs <timo.teras@iki.fi> +# Maintainer: +pkgname=bubblewrap +pkgver=0.2.0 +pkgrel=0 +pkgdesc="Unprivileged sandboxing tool" +url="https://github.com/projectatomic/bubblewrap" +arch="all" +options="!check suid" # ? +license="LGPL-2.0+" +makedepends="autoconf automake libcap-dev docbook-xsl" +subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch" +source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz + realpath-workaround.patch musl-fixes.patch" + +prepare() { + cd "$builddir" + NOCONFIGURE=1 ./autogen.sh + default_prepare +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --with-priv-mode=setuid + make +} + +package() { + cd "$builddir" + make install DESTDIR="$pkgdir" +} + +bashcomp() { + pkgdesc="Bash completions for $pkgname" + depends="" + install_if="$pkgname=$pkgver-r$pkgrel bash-completion" + + mkdir -p "$subpkgdir"/usr/share/ + mv "$pkgdir"/usr/share/bash-completion/ "$subpkgdir"/usr/share/ +} + +sha512sums="746f10cd9f9852ca4679d589357402ec10c352e02f77384844a4657fd9b2952189a3299319fbefedd35358d39fd16ded63cc3db95041ed2091548183786b8b63 bubblewrap-0.2.0.tar.gz +400a0446670ebf80f16739f1a7a2878aadc3099424f957ba09ec3df780506c23a11368f0578c9e352d7ca6473fa713df826fad7a20c50338aa5f9fa9ac6b84a4 realpath-workaround.patch +f59cda3b09dd99db9ca6d97099a15bb2523e054063d677502317ae3165ba2e32105a0ae8f877afc3827bd28d093c9d9d413270f4c87d9fe5f26f3eee670d916e musl-fixes.patch" diff --git a/system/bubblewrap/musl-fixes.patch b/system/bubblewrap/musl-fixes.patch new file mode 100644 index 000000000..ecf626331 --- /dev/null +++ b/system/bubblewrap/musl-fixes.patch @@ -0,0 +1,17 @@ +--- a/config.h.in ++++ b/config.h.in +@@ -102,3 +102,14 @@ + + /* Define to 1 if you need to in order for `stat' and other things to work. */ + #undef _POSIX_SOURCE ++ ++/* taken from glibc unistd.h and fixes musl */ ++#ifndef TEMP_FAILURE_RETRY ++#define TEMP_FAILURE_RETRY(expression) \ ++ (__extension__ \ ++ ({ long int __result; \ ++ do __result = (long int) (expression); \ ++ while (__result == -1L && errno == EINTR); \ ++ __result; })) ++#endif ++ diff --git a/system/bubblewrap/realpath-workaround.patch b/system/bubblewrap/realpath-workaround.patch new file mode 100644 index 000000000..6f1e3b54b --- /dev/null +++ b/system/bubblewrap/realpath-workaround.patch @@ -0,0 +1,19 @@ +Musl realpath() implementation currently depends on /proc which is +not available when setting up pivot root. For the time being just +fallback to given path if realpath() fails. If there was symlinks +that would have required normalizing the following parse_mountinfo() +will fail. + +diff --git a/bind-mount.c b/bind-mount.c +index 7d3543f..c33b701 100644 +--- a/bind-mount.c ++++ b/bind-mount.c +@@ -397,7 +397,7 @@ bind_mount (int proc_fd, + path, so to find it in the mount table we need to do that too. */ + resolved_dest = realpath (dest, NULL); + if (resolved_dest == NULL) +- return 2; ++ resolved_dest = strdup (dest); + + mount_tab = parse_mountinfo (proc_fd, resolved_dest); + if (mount_tab[0].mountpoint == NULL) |