mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-12 06:06:53 -05:00
gnu: Add PRoot.
* gnu/packages/linux.scm (proot): New variable. * gnu/packages/patches/proot-test-fhs.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
This commit is contained in:
parent
77abe3f091
commit
62b28c0e7b
3 changed files with 202 additions and 0 deletions
|
@ -894,6 +894,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/portmidi-modular-build.patch \
|
||||
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
|
||||
%D%/packages/patches/procmail-CVE-2014-3618.patch \
|
||||
%D%/packages/patches/proot-test-fhs.patch \
|
||||
%D%/packages/patches/pt-scotch-build-parallelism.patch \
|
||||
%D%/packages/patches/pulseaudio-fix-mult-test.patch \
|
||||
%D%/packages/patches/pulseaudio-longer-test-timeout.patch \
|
||||
|
|
|
@ -80,6 +80,7 @@ (define-module (gnu packages linux)
|
|||
#:use-module (gnu packages python)
|
||||
#:use-module (gnu packages readline)
|
||||
#:use-module (gnu packages rrdtool)
|
||||
#:use-module (gnu packages samba)
|
||||
#:use-module (gnu packages slang)
|
||||
#:use-module (gnu packages storage)
|
||||
#:use-module (gnu packages texinfo)
|
||||
|
@ -3782,3 +3783,105 @@ (define-public libnftnl
|
|||
libnftnl has been previously known as libnftables. This library is currently
|
||||
used by nftables.")
|
||||
(license license:gpl2+)))
|
||||
|
||||
(define-public proot
|
||||
(package
|
||||
(name "proot")
|
||||
(version "5.1.0")
|
||||
(home-page "https://github.com/proot-me/PRoot")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append home-page "/archive/v" version ".tar.gz"))
|
||||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"11h30i83vdhc3khlj6hrh3a21sbmmz8nhfv09vkf6b9bcs1biz2h"))
|
||||
(patches (search-patches "proot-test-fhs.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
'(#:make-flags '("-C" "src")
|
||||
|
||||
#:phases (modify-phases %standard-phases
|
||||
(delete 'configure)
|
||||
(add-before 'build 'set-shell-file-name
|
||||
(lambda* (#:key inputs #:allow-other-keys)
|
||||
(substitute* (find-files "src" "\\.[ch]$")
|
||||
(("\"/bin/sh\"")
|
||||
(string-append "\""
|
||||
(assoc-ref inputs "bash")
|
||||
"/bin/sh\"")))
|
||||
#t))
|
||||
(add-before 'check 'fix-fhs-assumptions-in-tests
|
||||
(lambda _
|
||||
(substitute* "tests/test-c6b77b77.mk"
|
||||
(("/bin/bash") (which "bash"))
|
||||
(("/usr/bin/test") (which "test")))
|
||||
(substitute* '("tests/test-16573e73.c")
|
||||
(("/bin/([a-z-]+)" _ program)
|
||||
(which program)))
|
||||
|
||||
(substitute* (find-files "tests" "\\.sh$")
|
||||
;; Some of the tests try to "bind-mount" /bin/true.
|
||||
(("-b /bin/true:")
|
||||
(string-append "-b " (which "true") ":"))
|
||||
;; Likewise for /bin.
|
||||
(("-b /bin:") "-b /gnu:")
|
||||
;; Others try to run /bin/sh.
|
||||
(("/bin/sh") (which "sh"))
|
||||
;; Others assume /etc/fstab exists.
|
||||
(("/etc/fstab") "/etc/passwd"))
|
||||
|
||||
(substitute* "tests/GNUmakefile"
|
||||
(("-b /bin:") "-b /gnu:"))
|
||||
|
||||
;; XXX: This test fails in an obscure corner case, just
|
||||
;; skip it.
|
||||
(delete-file "tests/test-kkkkkkkk.c")
|
||||
|
||||
#t))
|
||||
(replace 'check
|
||||
(lambda _
|
||||
(let ((n (parallel-job-count)))
|
||||
;; For some reason we get lots of segfaults with
|
||||
;; seccomp support (x86_64, Linux-libre 4.11.0).
|
||||
(setenv "PROOT_NO_SECCOMP" "1")
|
||||
|
||||
;; Most of the tests expect "/bin" to be in $PATH so
|
||||
;; they can run things that live in $ROOTFS/bin.
|
||||
(setenv "PATH"
|
||||
(string-append (getenv "PATH") ":/bin"))
|
||||
|
||||
(zero? (system* "make" "check" "-C" "tests"
|
||||
;;"V=1"
|
||||
"-j" (number->string n))))))
|
||||
(replace 'install
|
||||
(lambda* (#:key outputs #:allow-other-keys)
|
||||
;; The 'install' rule does nearly nothing.
|
||||
(let ((out (assoc-ref outputs "out")))
|
||||
(and (zero?
|
||||
;; TODO: 'make install-care' (does not even
|
||||
;; build currently.)
|
||||
(system* "make" "-C" "src" "install"
|
||||
(string-append "PREFIX=" out)))
|
||||
(begin
|
||||
(install-file "doc/proot/man.1"
|
||||
(string-append out "/share"
|
||||
"/man/man1"))
|
||||
#t))))))))
|
||||
(native-inputs `(("which" ,which)
|
||||
|
||||
;; For 'mcookie', used by some of the tests.
|
||||
("util-linux" ,util-linux)))
|
||||
(inputs `(("talloc" ,talloc)))
|
||||
(synopsis "Unprivileged chroot, bind mount, and binfmt_misc")
|
||||
(description
|
||||
"PRoot is a user-space implementation of @code{chroot}, @code{mount --bind},
|
||||
and @code{binfmt_misc}. This means that users don't need any privileges or
|
||||
setup to do things like using an arbitrary directory as the new root
|
||||
filesystem, making files accessible somewhere else in the file system
|
||||
hierarchy, or executing programs built for another CPU architecture
|
||||
transparently through QEMU user-mode. Also, developers can use PRoot as a
|
||||
generic process instrumentation engine thanks to its extension mechanism.
|
||||
Technically PRoot relies on @code{ptrace}, an unprivileged system-call
|
||||
available in the kernel Linux.")
|
||||
(license license:gpl2+)))
|
||||
|
|
98
gnu/packages/patches/proot-test-fhs.patch
Normal file
98
gnu/packages/patches/proot-test-fhs.patch
Normal file
|
@ -0,0 +1,98 @@
|
|||
The test suite of PRoot makes many FHS assumptions, such as assuming
|
||||
that /bin, /bin/true, and /usr exist. This patch fixes these assumptions.
|
||||
|
||||
--- source/tests/GNUmakefile 2017-05-11 15:26:36.899115484 +0200
|
||||
+++ source/tests/GNUmakefile 2017-05-11 15:26:46.143063166 +0200
|
||||
@@ -121,7 +121,7 @@ $(ROOTFS_DIR):
|
||||
setup: $(ROOTFS_BIN)
|
||||
|
||||
$(ROOTFS)/bin/abs-true:
|
||||
- @ln -fs /bin/true $@
|
||||
+ @ln -fs `which true` $@
|
||||
|
||||
$(ROOTFS)/bin/rel-true:
|
||||
@ln -fs ./true $@
|
||||
|
||||
--- source/tests/test-d2175fc3.sh 2017-05-11 15:36:53.727617010 +0200
|
||||
+++ source/tests/test-d2175fc3.sh 2017-05-11 15:37:10.155523637 +0200
|
||||
@@ -2,8 +2,8 @@ if [ ! -x ${ROOTFS}/bin/readlink ] || [
|
||||
exit 125;
|
||||
fi
|
||||
|
||||
-${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
|
||||
+${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
|
||||
${PROOT} -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^\./true$'
|
||||
|
||||
-${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
|
||||
+${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
|
||||
${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^./true$'
|
||||
|
||||
--- source/tests/test-d1be631a.sh 2017-05-11 15:41:36.458008715 +0200
|
||||
+++ source/tests/test-d1be631a.sh 2017-05-11 15:41:38.921994686 +0200
|
||||
@@ -1,4 +1,4 @@
|
||||
-if [ -z `which mknod`] || [ `id -u` -eq 0 ]; then
|
||||
+if [ -z `which mknod` ] || [ `id -u` -eq 0 ]; then
|
||||
exit 125;
|
||||
fi
|
||||
|
||||
--- source/tests/test-5bed7141.c 2017-05-11 15:34:23.088472743 +0200
|
||||
+++ source/tests/test-5bed7141.c 2017-05-11 15:34:27.052450235 +0200
|
||||
@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
case 0: /* child */
|
||||
- status = chdir("/usr");
|
||||
+ status = chdir("/gnu");
|
||||
if (status < 0) {
|
||||
perror("chdir");
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
--- a/tests/test-092c5e26.sh
|
||||
+++ b/tests/test-092c5e26.sh
|
||||
@@ -24,7 +24,7 @@ fi
|
||||
|
||||
unset LD_LIBRARY_PATH
|
||||
|
||||
-env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
|
||||
+env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
|
||||
env PROOT_FORCE_FOREIGN_BINARY=1 ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
|
||||
|
||||
cat > ${ROOTFS}/${TMP_ABS} <<EOF
|
||||
@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
|
||||
|
||||
# Valgrind prepends "/bin/sh" in front of foreign binaries.
|
||||
if ! $(echo ${PROOT} | grep -q valgrind); then
|
||||
- env PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
|
||||
+ env PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
|
||||
${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH -0 ${TMP_ABS} ${TMP_ABS}$"
|
||||
fi
|
||||
|
||||
diff --git a/tests/test-5467b986.sh b/tests/test-5467b986.sh
|
||||
index c6ac71a..f616f1e 100644
|
||||
--- a/tests/test-5467b986.sh
|
||||
+++ b/tests/test-5467b986.sh
|
||||
@@ -30,8 +30,8 @@ ${PROOT} -v -1 -b /tmp:/b -b /tmp:/a -r ${ROOTFS} fchdir_getcwd /b | grep '^/[ab
|
||||
! ${PROOT} -w /bin -r ${ROOTFS} fchdir_getcwd true
|
||||
[ $? -eq 0 ]
|
||||
|
||||
-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/chdir_getcwd share | grep '^/usr/share$'
|
||||
-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$'
|
||||
+${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/chdir_getcwd store | grep '^/gnu/store$'
|
||||
+${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$'
|
||||
|
||||
-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/chdir_getcwd share | grep '^/usr/share$')
|
||||
-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$')
|
||||
+(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/chdir_getcwd store | grep '^/gnu/store$')
|
||||
+(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$')
|
||||
|
||||
--- a/tests/test-c15999f9.sh
|
||||
+++ b/tests/test-c15999f9.sh
|
||||
@@ -5,7 +5,7 @@ fi
|
||||
TMP=/tmp/$(mcookie)
|
||||
mkdir ${TMP}
|
||||
|
||||
-${PROOT} -b /bin/true:${TMP}/true /bin/true
|
||||
+${PROOT} -b `which true`:${TMP}/true `which true`
|
||||
! test -e ${TMP}/true
|
||||
[ $? -eq 0 ]
|
||||
|
Loading…
Reference in a new issue