mirror of
https://gitlab.postmarketos.org/postmarketOS/pmaports.git
synced 2025-07-25 15:55:11 +03:00
e927f76a7a
AKMS builds modules in a sandbox using bubblewrap. Bubblewrap unfortunately does not work in chroot environment, thus breaking pmbootstrap. While a PR has been proposed upstream, history shows that upstream takes a while to consider PRs. Thus, to unblock usage of AKMS, this adds a patched version that allows disabling of sandbox using `--no-sandbox` argument or by adding `use_sandbox=false` to `/etc/akms.conf`. When building in chroot environment, sandboxing is automatically disabled. The aport handles conflicts with akms by setting `pkgver=9999$_pkgver`, thus always overriding Alpine's package. Upstream PR: https://github.com/jirutka/akms/pull/19 Part-of: https://gitlab.postmarketos.org/postmarketOS/pmaports/-/merge_requests/6604
130 lines
4.8 KiB
Diff
130 lines
4.8 KiB
Diff
From fec9704aa8455ec17c8672c0b2a1ee1abf5f3688 Mon Sep 17 00:00:00 2001
|
|
From: Antoine Martin <dev@ayakael.net>
|
|
Date: Thu, 5 Jun 2025 13:12:05 -0400
|
|
Subject: [PATCH 1/2] Add `use_sandbox boolean` and `--[no]-sandbox` option to
|
|
disable sandbox
|
|
|
|
Some environments does not support bubblewrap (i.e. chroot). To address
|
|
this limitations, this adds `use_sandbox` boolean and `--[no]-sandbox`
|
|
option to AKMS to disable sandboxing.
|
|
|
|
diff --git a/akms b/akms
|
|
index 3e613b3..95d66c8 100755
|
|
--- a/akms
|
|
+++ b/akms
|
|
@@ -64,6 +64,11 @@
|
|
# created on top of /, or on the host system. Default is to use overlay
|
|
# unless disabled in /etc/akms.conf.
|
|
#
|
|
+# --[no-]sandbox
|
|
+# Whether to install build dependencies and build modules in a sandbox
|
|
+# using bubblewrap. Default is to use sandbox unless disabled in
|
|
+# /etc/akms.conf.
|
|
+#
|
|
# --skip-cleanup
|
|
# Don't unmount and delete root overlay used for building and don't
|
|
# uninstall build dependencies.
|
|
@@ -581,6 +586,9 @@ build_module() {
|
|
local build_root=
|
|
[ -d "$TEMP_DIR/overlay" ] && build_root="$TEMP_DIR/overlay"
|
|
|
|
+ local runas_sandbox=
|
|
+ $OPT_SANDBOX && runas_sandbox=true
|
|
+
|
|
rm -Rf "$builddir"
|
|
# NOTE: The module sources must be available in the builddir, see
|
|
# https://gitlab.alpinelinux.org/alpine/aports/-/issues/16718.
|
|
@@ -588,8 +596,7 @@ build_module() {
|
|
chown -R "$BUILD_USER" "$builddir" || return 1
|
|
|
|
runas "$BUILD_USER" \
|
|
- --sandbox "${build_root:-/}" \
|
|
- --bind "$builddir" "$builddir" \
|
|
+ ${runas_sandbox:+--sandbox "${build_root:-/}" --bind "$builddir" "$builddir"} \
|
|
srcdir="$srcdir" \
|
|
builddir="$builddir" \
|
|
kernel_ver="$kernel" \
|
|
@@ -857,13 +864,14 @@ OPT_KEEP_UNINSTALLED=$(to_bool "${keep_uninstalled:-false}")
|
|
OPT_KERNEL=
|
|
OPT_LOGLEVEL=${log_level:-info}
|
|
OPT_OVERLAY=$(to_bool "${use_overlayfs:-true}")
|
|
+OPT_SANDBOX=$(to_bool "${use_sandbox:-true}")
|
|
OPT_REBUILD=false
|
|
OPT_STATE='all'
|
|
OPT_SKIP_CLEANUP=false
|
|
|
|
opts=$(getopt -n $PROGNAME \
|
|
-o fKk:qrs:vVh \
|
|
- -l force,keep,no-keep,kernel:,overlay,no-overlay,quiet,rebuild,skip-cleanup,state:,verbose,version,help \
|
|
+ -l force,keep,no-keep,kernel:,overlay,no-overlay,sandbox,no-sandbox,quiet,rebuild,skip-cleanup,state:,verbose,version,help \
|
|
-- "$@") || exit 1
|
|
eval set -- "$opts"
|
|
|
|
@@ -877,6 +885,8 @@ while [ $# -gt 0 ]; do
|
|
-q | --quiet) OPT_LOGLEVEL='warn';;
|
|
--overlay) OPT_OVERLAY=true;;
|
|
--no-overlay) OPT_OVERLAY=false;;
|
|
+ --sandbox) OPT_SANDBOX=true;;
|
|
+ --no-sandbox) OPT_SANDBOX=false;;
|
|
-r | --rebuild) OPT_REBUILD=true;;
|
|
--skip-cleanup) OPT_SKIP_CLEANUP=true;;
|
|
-s | --state) OPT_STATE=$2; n=2;;
|
|
@@ -895,7 +905,7 @@ fi
|
|
setup_logger "$OPT_LOGLEVEL"
|
|
|
|
readonly ACTION OPT_FORCE OPT_KEEP_UNINSTALLED OPT_KERNEL OPT_LOGLEVEL
|
|
-readonly OPT_OVERLAY OPT_REBUILD OPT_STATE OPT_SKIP_CLEANUP
|
|
+readonly OPT_OVERLAY OPT_SANDBOX OPT_REBUILD OPT_STATE OPT_SKIP_CLEANUP
|
|
|
|
umask 022
|
|
|
|
diff --git a/akms.8.adoc b/akms.8.adoc
|
|
index 10206be..b64d85a 100644
|
|
--- a/akms.8.adoc
|
|
+++ b/akms.8.adoc
|
|
@@ -138,6 +138,10 @@ Rebuild (and install) the module even if it has been already built.
|
|
Whether to install the build dependencies into the root overlay created on top of `/`, or on the host system.
|
|
This option overrides parameter *use_overlayfs* specified in {akms-conf} (enabled by default).
|
|
|
|
+*--[no-]sandbox*::
|
|
+Whether to install build dependencies and build modules in a sandbox using bubblewrap. Default is to use sandbox unless disabled in /etc/akms.conf.
|
|
+This option overrides parameter *use_sandbox* specified in {akms-conf} (enabled by default)
|
|
+
|
|
*--skip-cleanup*::
|
|
Do not unmount and delete the root overlay used for building and do not uninstall the build dependencies.
|
|
|
|
diff --git a/akms.conf.5.adoc b/akms.conf.5.adoc
|
|
index a6c90a2..539af14 100644
|
|
--- a/akms.conf.5.adoc
|
|
+++ b/akms.conf.5.adoc
|
|
@@ -114,6 +114,9 @@ Specifies whether to install the module`'s build dependencies into a disposable
|
|
+
|
|
The default value is `"yes"`.
|
|
|
|
+*use_sandbox*::
|
|
+Specifies whether to install the module`'s build dependencies into a sanbox or directly on the host system.
|
|
+
|
|
*MAKEFLAGS*::
|
|
Specifies the flags to be passed to `make(1)` to build a kernel module.
|
|
+
|
|
--
|
|
2.49.0
|
|
|
|
diff --git a/akms.kernel-hook.orig b/akms.kernel-hook
|
|
index f86c43a1d4..64c776a5d3 100755
|
|
--- a/akms.kernel-hook.orig
|
|
+++ b/akms.kernel-hook
|
|
@@ -17,6 +17,12 @@ if [ "$OLD_VERSION" ]; then
|
|
fi
|
|
fi
|
|
if [ "$NEW_VERSION" ]; then
|
|
- akms install -k "$NEW_VERSION-$FLAVOR" all || rc=1
|
|
+ if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
|
|
+ echo ">>> AKMS is running in chroot environment, disabling overlay and sandboxing"
|
|
+ echo ">>> Please make sure module build dependencies are already installed"
|
|
+ akms install --no-overlay --no-sandbox -k $NEW_VERSION-$FLAVOR all || rc=1
|
|
+ else
|
|
+ akms install -k $NEW_VERSION-$FLAVOR all || rc=1
|
|
+ fi
|
|
fi
|
|
exit $rc
|