logo

overlay

My own overlay for experimentations, use with caution, no support is provided 
commit: 7afcc55a9e42d95dc42306ab42738703195b1b57
parent: 5818d414f9bae88bb4783e76cc769d1d78542dfa
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Wed, 22 Jan 2020 14:32:59 +0100

sys-apps/bubblewrap: Version bump, 0.4.0


Diffstat:


Asys-apps/bubblewrap/Manifest1+


Asys-apps/bubblewrap/bubblewrap-0.4.0.ebuild47+++++++++++++++++++++++++++++++++++++++++++++++


Asys-apps/bubblewrap/files/bubblewrap-0.4.0_realpath-workaround.patch55+++++++++++++++++++++++++++++++++++++++++++++++++++++++


Asys-apps/bubblewrap/metadata.xml11+++++++++++


4 files changed, 114 insertions(+), 0 deletions(-)

diff --git a/sys-apps/bubblewrap/Manifest b/sys-apps/bubblewrap/Manifest
@@ -0,0 +1 @@
+DIST bubblewrap-0.4.0.tar.xz 214304 BLAKE2B 9849bafba234b524af77c97156e0b33818adf864b207fedf72b4e306f0cec3c74a11d0486ce03485a7556c0a3acf1afd06d7ca735c67415215eafba691fba7f9 SHA512 119e7dbd82f273ca05496433d1c3070ec7ce629c63546abced92e801ba95ffae60f7198ff607d95040f20dc23df896700d83f65430ba4422e8e40e376370f910
diff --git a/sys-apps/bubblewrap/bubblewrap-0.4.0.ebuild b/sys-apps/bubblewrap/bubblewrap-0.4.0.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit bash-completion-r1 linux-info
+
+DESCRIPTION="Unprivileged sandboxing tool, namespaces-powered chroot-like solution"
+HOMEPAGE="https://github.com/containers/bubblewrap"
+SRC_URI="https://github.com/containers/${PN}/releases/download/v${PV}/${P}.tar.xz"
+
+LICENSE="LGPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+IUSE="selinux +suid"
+
+RDEPEND="
+	sys-libs/libseccomp
+	sys-libs/libcap
+	selinux? ( >=sys-libs/libselinux-2.1.9 )
+"
+DEPEND="${RDEPEND}
+	app-text/docbook-xml-dtd:4.3
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	virtual/pkgconfig
+"
+
+# tests require root priviledge
+RESTRICT="test"
+
+PATCHES=( "${FILESDIR}/${P}_realpath-workaround.patch" )
+
+pkg_setup() {
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		CONFIG_CHECK="~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS"
+		linux-info_pkg_setup
+	fi
+}
+
+src_configure() {
+	econf \
+		$(use_enable selinux) \
+		"--enable-man" \
+		"--with-bash-completion-dir=$(get_bashcompdir)" \
+		"--with-priv-mode=$(usex suid setuid none)"
+}
diff --git a/sys-apps/bubblewrap/files/bubblewrap-0.4.0_realpath-workaround.patch b/sys-apps/bubblewrap/files/bubblewrap-0.4.0_realpath-workaround.patch
@@ -0,0 +1,55 @@
+https://git.alpinelinux.org/aports/plain/main/bubblewrap/realpath-workaround.patch
+
+Musl realpath() implementation currently depends on /proc which is
+not available when setting up pivot root. For the time being just
+fallback to a naive normalization algorithm originated from
+VoidLinux' xbps. If there was path that would have required advanced
+normalizing as provided by realpath() the following parse_mountinfo()
+will fail.
+
+
+diff --git bind-mount.c.orig bind-mount.c
+index 045fa0e..d05b540 100644
+--- ./bind-mount.c.orig
++++ ./bind-mount.c
+@@ -23,6 +23,28 @@
+ #include "utils.h"
+ #include "bind-mount.h"
+ 
++#ifndef __GLIBC__
++static char *
++normpath(char *path)
++{
++  char *seg = NULL, *p = NULL;
++
++  for (p = path, seg = NULL; *p; p++) {
++    if (strncmp(p, "/../", 4) == 0 || strncmp(p, "/..", 4) == 0) {
++      memmove(seg ? seg : p, p+3, strlen(p+3) + 1);
++      return normpath(path);
++    } else if (strncmp(p, "/./", 3) == 0 || strncmp(p, "/.", 3) == 0) {
++      memmove(p, p+2, strlen(p+2) + 1);
++    } else if (strncmp(p, "//", 2) == 0 || strncmp(p, "/", 2) == 0) {
++      memmove(p, p+1, strlen(p+1) + 1);
++    }
++    if (*p == '/')
++      seg = p;
++  }
++  return path;
++}
++#endif
++
+ static char *
+ skip_token (char *line, bool eat_whitespace)
+ {
+@@ -397,7 +419,11 @@ bind_mount (int           proc_fd,
+      path, so to find it in the mount table we need to do that too. */
+   resolved_dest = realpath (dest, NULL);
+   if (resolved_dest == NULL)
++#ifdef __GLIBC__
+     return 2;
++#else
++    resolved_dest = normpath(strdup(dest));
++#endif
+ 
+   mount_tab = parse_mountinfo (proc_fd, resolved_dest);
+   if (mount_tab[0].mountpoint == NULL)
diff --git a/sys-apps/bubblewrap/metadata.xml b/sys-apps/bubblewrap/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>gnome@gentoo.org</email>
+		<name>Gentoo GNOME Desktop</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">projectatomic/bubblewrap</remote-id>
+	</upstream>
+</pkgmetadata>