aboutsummaryrefslogtreecommitdiff
path: root/community
diff options
context:
space:
mode:
Diffstat (limited to 'community')
-rwxr-xr-xcommunity/bubblewrap/build14
-rw-r--r--community/bubblewrap/checksums3
-rw-r--r--community/bubblewrap/depends2
-rw-r--r--community/bubblewrap/meta3
-rw-r--r--community/bubblewrap/patches/realpath-workaround.patch45
-rw-r--r--community/bubblewrap/sources2
-rw-r--r--community/bubblewrap/version1
7 files changed, 70 insertions, 0 deletions
diff --git a/community/bubblewrap/build b/community/bubblewrap/build
new file mode 100755
index 00000000..dd52b4ba
--- /dev/null
+++ b/community/bubblewrap/build
@@ -0,0 +1,14 @@
+#!/bin/sh -e
+
+export LDFLAGS="$LDFLAGS -static"
+patch -p1 < realpath-workaround.patch
+
+./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --localstatedir=/var \
+ --with-priv-mode=none \
+ --disable-man
+
+make
+make DESTDIR="$1" install
diff --git a/community/bubblewrap/checksums b/community/bubblewrap/checksums
new file mode 100644
index 00000000..844f9972
--- /dev/null
+++ b/community/bubblewrap/checksums
@@ -0,0 +1,3 @@
+%BLAKE3
+f5bd7c85abb1b61e43d6eb9e1e077af4c5dee4e497b918af1ae7564001b1be19 bubblewrap-0.6.2.tar.xz
+374fbf869e7d8c20b5f5ee2ed0f35d37e6a7f6f77ac757b13d2972caf90c5c4d realpath-workaround.patch
diff --git a/community/bubblewrap/depends b/community/bubblewrap/depends
new file mode 100644
index 00000000..fb25d87c
--- /dev/null
+++ b/community/bubblewrap/depends
@@ -0,0 +1,2 @@
+libcap
+meson make
diff --git a/community/bubblewrap/meta b/community/bubblewrap/meta
new file mode 100644
index 00000000..12b6f945
--- /dev/null
+++ b/community/bubblewrap/meta
@@ -0,0 +1,3 @@
+description: Unprivileged sandboxing tool
+license: LGPL-2.0-or-later
+maintainer: Cem Keylan <cem@carbslinux.org>
diff --git a/community/bubblewrap/patches/realpath-workaround.patch b/community/bubblewrap/patches/realpath-workaround.patch
new file mode 100644
index 00000000..41c624f8
--- /dev/null
+++ b/community/bubblewrap/patches/realpath-workaround.patch
@@ -0,0 +1,45 @@
+diff --git a/bind-mount.c b/bind-mount.c
+index 877b095..a4185fd 100644
+--- a/bind-mount.c
++++ b/bind-mount.c
+@@ -24,6 +24,28 @@
+ #include "utils.h"
+ #include "bind-mount.h"
+
++#ifndef __GLIBC__
++static char *
++normpath(char *path)
++{
++ char *seg = NULL, *p = NULL;
++
++ for (p = path, seg = NULL; *p; p++) {
++ if (strncmp(p, "/../", 4) == 0 || strncmp(p, "/..", 4) == 0) {
++ memmove(seg ? seg : p, p+3, strlen(p+3) + 1);
++ return normpath(path);
++ } else if (strncmp(p, "/./", 3) == 0 || strncmp(p, "/.", 3) == 0) {
++ memmove(p, p+2, strlen(p+2) + 1);
++ } else if (strncmp(p, "//", 2) == 0 || strncmp(p, "/", 2) == 0) {
++ memmove(p, p+1, strlen(p+1) + 1);
++ }
++ if (*p == '/')
++ seg = p;
++ }
++ return path;
++}
++#endif
++
+ static char *
+ skip_token (char *line, bool eat_whitespace)
+ {
+@@ -402,7 +424,11 @@ bind_mount (int proc_fd,
+ path, so to find it in the mount table we need to do that too. */
+ resolved_dest = realpath (dest, NULL);
+ if (resolved_dest == NULL)
++#ifdef __GLIBC__
+ return BIND_MOUNT_ERROR_REALPATH_DEST;
++#else
++ resolved_dest = normpath(strdup(dest));
++#endif
+
+ dest_fd = open (resolved_dest, O_PATH | O_CLOEXEC);
+ if (dest_fd < 0)
diff --git a/community/bubblewrap/sources b/community/bubblewrap/sources
new file mode 100644
index 00000000..5488c524
--- /dev/null
+++ b/community/bubblewrap/sources
@@ -0,0 +1,2 @@
+https://github.com/containers/bubblewrap/releases/download/v0.6.2/bubblewrap-0.6.2.tar.xz
+patches/realpath-workaround.patch
diff --git a/community/bubblewrap/version b/community/bubblewrap/version
new file mode 100644
index 00000000..d39cc45a
--- /dev/null
+++ b/community/bubblewrap/version
@@ -0,0 +1 @@
+0.6.2 1