From 6fd55f5f59d69f89cf76deb0d9f08fbd4ef3e2d2 Mon Sep 17 00:00:00 2001 From: Jakub Jirutka Date: Mon, 6 May 2024 00:46:05 +0200 Subject: [PATCH] testing/sydbox: new aport --- testing/sydbox/APKBUILD | 95 ++++++++++++++++++++++ testing/sydbox/make-fix-install.patch | 34 ++++++++ testing/sydbox/make-install-no-build.patch | 7 ++ testing/sydbox/no-systemd.patch | 9 ++ 4 files changed, 145 insertions(+) create mode 100644 testing/sydbox/APKBUILD create mode 100644 testing/sydbox/make-fix-install.patch create mode 100644 testing/sydbox/make-install-no-build.patch create mode 100644 testing/sydbox/no-systemd.patch diff --git a/testing/sydbox/APKBUILD b/testing/sydbox/APKBUILD new file mode 100644 index 00000000000..b975ce6b837 --- /dev/null +++ b/testing/sydbox/APKBUILD @@ -0,0 +1,95 @@ +# Contributor: Jakub Jirutka +# Maintainer: Jakub Jirutka +pkgname=sydbox +pkgver=3.18.4 +pkgrel=0 +pkgdesc="Rock-solid user-space kernel to sandbox applications on Linux" +url="https://gitlab.exherbo.org/sydbox/sydbox" +# armv7,ppc64le: fails to build "nc" crate +# s390x: fails to build "nix" crate +arch="all !armv7 !ppc64le !s390x" +license="GPL-3.0-or-later" +depends="" +makedepends=" + cargo + cargo-auditable + libseccomp-dev + linux-headers + scdoc + " +checkdepends="coreutils" +subpackages=" + $pkgname-oci + $pkgname-utils + $pkgname-vim::noarch + $pkgname-doc + " +source="https://gitlab.exherbo.org/sydbox/sydbox/-/archive/v$pkgver/sydbox-v$pkgver.tar.gz + make-install-no-build.patch + make-fix-install.patch + no-systemd.patch + " +builddir="$srcdir/$pkgname-v$pkgver" +options="!check" # FIXME: tests don't work on CI + +# Disable mimalloc and inline-more features. +_cargo_opts="--frozen --no-default-features --features elf,oci,utils" + +prepare() { + default_prepare + + # NOTE: --targetu="$CTARGET" doesn't work here. + cargo fetch --locked +} + +build() { + cargo auditable build $_cargo_opts --release + + cd lib + cargo auditable build --frozen --release +} + +check() { + cargo test $_cargo_opts +} + +package() { + make install DESTDIR="$pkgdir" PREFIX=/usr + + # Delete utils for running integration tests. + rm -rf "$pkgdir"/usr/bin/syd-test* + + install -D -m644 src/esyd.sh -t "$pkgdir"/usr/libexec/ + install -D -m644 data/user.syd-3 "$pkgdir"/usr/share/doc/$pkgname/user.syd-3.sample +} + +oci() { + pkgdesc="OCI container runtime from sydbox" + depends="$pkgname=$pkgver-r$pkgrel" + + amove usr/bin/syd-oci +} + +utils() { + pkgdesc="Sydbox utilities" + + local bin; for bin in $(ls -1 "$pkgdir"/usr/bin/); do + case "$bin" in + syd | syd-chk | syd-exec | syd-oci) ;; # main programs + *) amove usr/bin/$bin;; + esac + done +} + +vim() { + pkgdesc="$pkgdesc (vim syntax)" + + amove usr/share/vim +} + +sha512sums=" +e30c85d03cb079f7aa1ec2b936484eda4ee17ff9325de4bf49e13a0cba8920c0b22d601de916c962dcfdfd867cae0c5e034041f3c303b0a781cff8be2cc11098 sydbox-v3.18.4.tar.gz +12c413eeee89626ab28a1527a6a6dbbe2e981d6c18c7d1ad298336a29092261c537ae3bca3bc3390f50273d735918152ada98ec17bb821150ba6a2472598c4f0 make-install-no-build.patch +d5137c97556713289fb483c07ac75b0864678cb668b833c618abad1c8385baa28d4f948c8d65e7e304727134cfad9e1b5ef6488944c8c71cf93eab24ba4e3ae3 make-fix-install.patch +72a88b4df8f94e0d84e5fe48541d62a02f323d3f651db15b86068c676aaf12c10612027c6c9084b7c8372989c34cfb4060d1c96bc8b359a733b346459a3d2605 no-systemd.patch +" diff --git a/testing/sydbox/make-fix-install.patch b/testing/sydbox/make-fix-install.patch new file mode 100644 index 00000000000..3cfd04e4e00 --- /dev/null +++ b/testing/sydbox/make-fix-install.patch @@ -0,0 +1,34 @@ +--- a/Makefile ++++ b/Makefile +@@ -181,25 +181,25 @@ + $(MAKE) install-vim + install-man: $(MANS) + for man in $(MANS1); do \ +- $(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/; \ ++ $(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/; \ + done + for man in $(MANS2); do \ +- $(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man2/; \ ++ $(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man2/; \ + done + for man in $(MANS5); do \ +- $(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/; \ ++ $(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/; \ + done + for man in $(MANS7); do \ +- $(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man7/; \ ++ $(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man7/; \ + done + install-vim: $(VIMS) + $(INSTALL) -d $(DESTDIR)$(PREFIX)/$(VIMDIR)/ftdetect + for f in $(VIMS_FTD); do \ +- $(INSTALL) -pm 0644 $$f $(DESTDIR)$(PREFIX)/$(VIMDIR)/ftdetect/; \ ++ $(INSTALL) -D -pm 0644 $$f -t $(DESTDIR)$(PREFIX)/$(VIMDIR)/ftdetect/; \ + done + $(INSTALL) -d $(DESTDIR)$(PREFIX)/$(VIMDIR)/syntax + for f in $(VIMS_SYN); do \ +- $(INSTALL) -pm 0644 $$f $(DESTDIR)$(PREFIX)/$(VIMDIR)/syntax/; \ ++ $(INSTALL) -D -pm 0644 $$f -t $(DESTDIR)$(PREFIX)/$(VIMDIR)/syntax/; \ + done + uninstall: + for program in $(PROGRAMS); do \ diff --git a/testing/sydbox/make-install-no-build.patch b/testing/sydbox/make-install-no-build.patch new file mode 100644 index 00000000000..1cce85aec4b --- /dev/null +++ b/testing/sydbox/make-install-no-build.patch @@ -0,0 +1,7 @@ +--- a/Makefile ++++ b/Makefile +@@ -161,3 +161,3 @@ + done +-install: release ++install: + $(INSTALL) -d $(DESTDIR)$(PREFIX)/$(BINDIR)/ diff --git a/testing/sydbox/no-systemd.patch b/testing/sydbox/no-systemd.patch new file mode 100644 index 00000000000..416444a25ef --- /dev/null +++ b/testing/sydbox/no-systemd.patch @@ -0,0 +1,9 @@ +Disable "systemd" feature and also "v1" feature (legacy version of cgroups). + +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -93,2 +93,2 @@ +-libcgroups = { version = "0.3", optional = true } +-libcontainer = { version = "0.3", optional = true } ++libcgroups = { version = "0.3", optional = true, default-features = false, features = ["v2"] } ++libcontainer = { version = "0.3", optional = true, default-features = false, features = ["v2", "libseccomp"] }