diff options
Diffstat (limited to 'community/bubblewrap')
| -rwxr-xr-x | community/bubblewrap/build | 14 | ||||
| -rw-r--r-- | community/bubblewrap/checksums | 3 | ||||
| -rw-r--r-- | community/bubblewrap/depends | 2 | ||||
| -rw-r--r-- | community/bubblewrap/meta | 3 | ||||
| -rw-r--r-- | community/bubblewrap/patches/realpath-workaround.patch | 45 | ||||
| -rw-r--r-- | community/bubblewrap/sources | 2 | ||||
| -rw-r--r-- | community/bubblewrap/version | 1 |
7 files changed, 70 insertions, 0 deletions
diff --git a/community/bubblewrap/build b/community/bubblewrap/build new file mode 100755 index 00000000..dd52b4ba --- /dev/null +++ b/community/bubblewrap/build @@ -0,0 +1,14 @@ +#!/bin/sh -e + +export LDFLAGS="$LDFLAGS -static" +patch -p1 < realpath-workaround.patch + +./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --localstatedir=/var \ + --with-priv-mode=none \ + --disable-man + +make +make DESTDIR="$1" install diff --git a/community/bubblewrap/checksums b/community/bubblewrap/checksums new file mode 100644 index 00000000..b4132233 --- /dev/null +++ b/community/bubblewrap/checksums @@ -0,0 +1,3 @@ +%BLAKE3 +6cdacdd35a04acacb9da47137b89b17eb19e2885842a1969941665586429579d bubblewrap-0.8.0.tar.xz +374fbf869e7d8c20b5f5ee2ed0f35d37e6a7f6f77ac757b13d2972caf90c5c4d realpath-workaround.patch diff --git a/community/bubblewrap/depends b/community/bubblewrap/depends new file mode 100644 index 00000000..fb25d87c --- /dev/null +++ b/community/bubblewrap/depends @@ -0,0 +1,2 @@ +libcap +meson make diff --git a/community/bubblewrap/meta b/community/bubblewrap/meta new file mode 100644 index 00000000..12b6f945 --- /dev/null +++ b/community/bubblewrap/meta @@ -0,0 +1,3 @@ +description: Unprivileged sandboxing tool +license: LGPL-2.0-or-later +maintainer: Cem Keylan <cem@carbslinux.org> diff --git a/community/bubblewrap/patches/realpath-workaround.patch b/community/bubblewrap/patches/realpath-workaround.patch new file mode 100644 index 00000000..41c624f8 --- /dev/null +++ b/community/bubblewrap/patches/realpath-workaround.patch @@ -0,0 +1,45 @@ +diff --git a/bind-mount.c b/bind-mount.c +index 877b095..a4185fd 100644 +--- a/bind-mount.c ++++ b/bind-mount.c +@@ -24,6 +24,28 @@ + #include "utils.h" + #include "bind-mount.h" + ++#ifndef __GLIBC__ ++static char * ++normpath(char *path) ++{ ++ char *seg = NULL, *p = NULL; ++ ++ for (p = path, seg = NULL; *p; p++) { ++ if (strncmp(p, "/../", 4) == 0 || strncmp(p, "/..", 4) == 0) { ++ memmove(seg ? seg : p, p+3, strlen(p+3) + 1); ++ return normpath(path); ++ } else if (strncmp(p, "/./", 3) == 0 || strncmp(p, "/.", 3) == 0) { ++ memmove(p, p+2, strlen(p+2) + 1); ++ } else if (strncmp(p, "//", 2) == 0 || strncmp(p, "/", 2) == 0) { ++ memmove(p, p+1, strlen(p+1) + 1); ++ } ++ if (*p == '/') ++ seg = p; ++ } ++ return path; ++} ++#endif ++ + static char * + skip_token (char *line, bool eat_whitespace) + { +@@ -402,7 +424,11 @@ bind_mount (int proc_fd, + path, so to find it in the mount table we need to do that too. */ + resolved_dest = realpath (dest, NULL); + if (resolved_dest == NULL) ++#ifdef __GLIBC__ + return BIND_MOUNT_ERROR_REALPATH_DEST; ++#else ++ resolved_dest = normpath(strdup(dest)); ++#endif + + dest_fd = open (resolved_dest, O_PATH | O_CLOEXEC); + if (dest_fd < 0) diff --git a/community/bubblewrap/sources b/community/bubblewrap/sources new file mode 100644 index 00000000..8ba65a77 --- /dev/null +++ b/community/bubblewrap/sources @@ -0,0 +1,2 @@ +https://github.com/containers/bubblewrap/releases/download/v0.8.0/bubblewrap-0.8.0.tar.xz +patches/realpath-workaround.patch diff --git a/community/bubblewrap/version b/community/bubblewrap/version new file mode 100644 index 00000000..e1a64298 --- /dev/null +++ b/community/bubblewrap/version @@ -0,0 +1 @@ +0.8.0 1 |