testing/sydbox: new aport

2025-07-12 18:59:50 +03:00 · 2024-05-06 00:46:05 +02:00 · 2024-05-06 00:46:05 +02:00 · 6fd55f5f59
commit 6fd55f5f59
parent 4dd0189f2f
4 changed files with 145 additions and 0 deletions
--- a/testing/sydbox/APKBUILD
+++ b/testing/sydbox/APKBUILD
@ -0,0 +1,95 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+pkgname=sydbox
+pkgver=3.18.4
+pkgrel=0
+pkgdesc="Rock-solid user-space kernel to sandbox applications on Linux"
+url="https://gitlab.exherbo.org/sydbox/sydbox"
+# armv7,ppc64le: fails to build "nc" crate
+# s390x: fails to build "nix" crate
+arch="all !armv7 !ppc64le !s390x"
+license="GPL-3.0-or-later"
+depends=""
+makedepends="
+	cargo
+	cargo-auditable
+	libseccomp-dev
+	linux-headers
+	scdoc
+	"
+checkdepends="coreutils"
+subpackages="
+	$pkgname-oci
+	$pkgname-utils
+	$pkgname-vim::noarch
+	$pkgname-doc
+	"
+source="https://gitlab.exherbo.org/sydbox/sydbox/-/archive/v$pkgver/sydbox-v$pkgver.tar.gz
+	make-install-no-build.patch
+	make-fix-install.patch
+	no-systemd.patch
+	"
+builddir="$srcdir/$pkgname-v$pkgver"
+options="!check"  # FIXME: tests don't work on CI
+
+# Disable mimalloc and inline-more features.
+_cargo_opts="--frozen --no-default-features --features elf,oci,utils"
+
+prepare() {
+	default_prepare
+
+	# NOTE: --targetu="$CTARGET" doesn't work here.
+	cargo fetch --locked
+}
+
+build() {
+	cargo auditable build $_cargo_opts --release
+
+	cd lib
+	cargo auditable build --frozen --release
+}
+
+check() {
+	cargo test $_cargo_opts
+}
+
+package() {
+	make install DESTDIR="$pkgdir" PREFIX=/usr
+
+	# Delete utils for running integration tests.
+	rm -rf "$pkgdir"/usr/bin/syd-test*
+
+	install -D -m644 src/esyd.sh -t "$pkgdir"/usr/libexec/
+	install -D -m644 data/user.syd-3 "$pkgdir"/usr/share/doc/$pkgname/user.syd-3.sample
+}
+
+oci() {
+	pkgdesc="OCI container runtime from sydbox"
+	depends="$pkgname=$pkgver-r$pkgrel"
+
+	amove usr/bin/syd-oci
+}
+
+utils() {
+	pkgdesc="Sydbox utilities"
+
+	local bin; for bin in $(ls -1 "$pkgdir"/usr/bin/); do
+		case "$bin" in
+			syd | syd-chk | syd-exec | syd-oci) ;;  # main programs
+			*) amove usr/bin/$bin;;
+		esac
+	done
+}
+
+vim() {
+	pkgdesc="$pkgdesc (vim syntax)"
+
+	amove usr/share/vim
+}
+
+sha512sums="
+e30c85d03cb079f7aa1ec2b936484eda4ee17ff9325de4bf49e13a0cba8920c0b22d601de916c962dcfdfd867cae0c5e034041f3c303b0a781cff8be2cc11098  sydbox-v3.18.4.tar.gz
+12c413eeee89626ab28a1527a6a6dbbe2e981d6c18c7d1ad298336a29092261c537ae3bca3bc3390f50273d735918152ada98ec17bb821150ba6a2472598c4f0  make-install-no-build.patch
+d5137c97556713289fb483c07ac75b0864678cb668b833c618abad1c8385baa28d4f948c8d65e7e304727134cfad9e1b5ef6488944c8c71cf93eab24ba4e3ae3  make-fix-install.patch
+72a88b4df8f94e0d84e5fe48541d62a02f323d3f651db15b86068c676aaf12c10612027c6c9084b7c8372989c34cfb4060d1c96bc8b359a733b346459a3d2605  no-systemd.patch
+"
--- a/testing/sydbox/make-fix-install.patch
+++ b/testing/sydbox/make-fix-install.patch
@ -0,0 +1,34 @@
+--- a/Makefile
+++ b/Makefile
+@@ -181,25 +181,25 @@
+ 	$(MAKE) install-vim
+ install-man: $(MANS)
+ 	for man in $(MANS1); do \
+-		$(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/; \
+		$(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/; \
+ 	done
+ 	for man in $(MANS2); do \
+-		$(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man2/; \
+		$(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man2/; \
+ 	done
+ 	for man in $(MANS5); do \
+-		$(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/; \
+		$(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/; \
+ 	done
+ 	for man in $(MANS7); do \
+-		$(INSTALL) -pm 0644 $$man $(DESTDIR)$(PREFIX)/$(MANDIR)/man7/; \
+		$(INSTALL) -D -pm 0644 $$man -t $(DESTDIR)$(PREFIX)/$(MANDIR)/man7/; \
+ 	done
+ install-vim: $(VIMS)
+ 	$(INSTALL) -d $(DESTDIR)$(PREFIX)/$(VIMDIR)/ftdetect
+ 	for f in $(VIMS_FTD); do \
+-		$(INSTALL) -pm 0644 $$f $(DESTDIR)$(PREFIX)/$(VIMDIR)/ftdetect/; \
+		$(INSTALL) -D -pm 0644 $$f -t $(DESTDIR)$(PREFIX)/$(VIMDIR)/ftdetect/; \
+ 	done
+ 	$(INSTALL) -d $(DESTDIR)$(PREFIX)/$(VIMDIR)/syntax
+ 	for f in $(VIMS_SYN); do \
+-		$(INSTALL) -pm 0644 $$f $(DESTDIR)$(PREFIX)/$(VIMDIR)/syntax/; \
+		$(INSTALL) -D -pm 0644 $$f -t $(DESTDIR)$(PREFIX)/$(VIMDIR)/syntax/; \
+ 	done
+ uninstall:
+ 	for program in $(PROGRAMS); do \
--- a/testing/sydbox/make-install-no-build.patch
+++ b/testing/sydbox/make-install-no-build.patch
@ -0,0 +1,7 @@
+--- a/Makefile
+++ b/Makefile
+@@ -161,3 +161,3 @@
+ 	done
+-install: release
+install:
+ 	$(INSTALL) -d $(DESTDIR)$(PREFIX)/$(BINDIR)/
--- a/testing/sydbox/no-systemd.patch
+++ b/testing/sydbox/no-systemd.patch
@ -0,0 +1,9 @@
+Disable "systemd" feature and also "v1" feature (legacy version of cgroups).
+
+--- a/Cargo.toml
+++ b/Cargo.toml
+@@ -93,2 +93,2 @@
+-libcgroups = { version = "0.3", optional = true }
+-libcontainer = { version = "0.3", optional = true }
+libcgroups = { version = "0.3", optional = true, default-features = false, features = ["v2"] }
+libcontainer = { version = "0.3", optional = true, default-features = false, features = ["v2", "libseccomp"] }