diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2017-01-09 14:29:41 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2017-01-09 14:29:41 +0200 |
| commit | eccdcd1f61c356290c89c86e43a7e4f9098de8ad (patch) | |
| tree | 1758fdffd41da57b37c62f51c8cd94c1a889d96f /community/bubblewrap | |
| parent | 5a6b203b0c00f5e286794e63ec45a7f988b4851b (diff) | |
| download | aports-eccdcd1f61c356290c89c86e43a7e4f9098de8ad.tar.bz2 aports-eccdcd1f61c356290c89c86e43a7e4f9098de8ad.tar.xz | |
community/bubblewrap: use setuid mode and fix realpath issue
caps install mode was removed, so use setuid mode
Diffstat (limited to 'community/bubblewrap')
| -rw-r--r-- | community/bubblewrap/APKBUILD | 17 | ||||
| -rw-r--r-- | community/bubblewrap/realpath-workaround.patch | 19 |
2 files changed, 30 insertions, 6 deletions
diff --git a/community/bubblewrap/APKBUILD b/community/bubblewrap/APKBUILD index 26340f6436..c60ba9f8aa 100644 --- a/community/bubblewrap/APKBUILD +++ b/community/bubblewrap/APKBUILD @@ -2,17 +2,19 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=bubblewrap pkgver=0.1.5 -pkgrel=0 +pkgrel=1 pkgdesc="Unprivileged sandboxing tool" url="https://github.com/projectatomic/bubblewrap" arch="all" license="LGPL2+" +options="suid" depends="" depends_dev="" makedepends="autoconf automake libcap-dev docbook-xsl $depends_dev" install="" subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch" -source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz" +source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz + realpath-workaround.patch" builddir="$srcdir/bubblewrap-$pkgver" prepare() { @@ -30,7 +32,7 @@ build() { --mandir=/usr/share/man \ --infodir=/usr/share/info \ --localstatedir=/var \ - --with-priv-mode=caps \ + --with-priv-mode=setuid \ || return 1 make || return 1 } @@ -49,6 +51,9 @@ bashcomp() { mv "$pkgdir"/usr/share/bash-completion/ "$subpkgdir"/usr/share/ || return 1 } -md5sums="a709841b318bb02b243055625495e282 bubblewrap-0.1.5.tar.gz" -sha256sums="0a5a716a223dd4c93ccb45b1eb513a59f427f44c6a8675881de5954c026b8d7e bubblewrap-0.1.5.tar.gz" -sha512sums="df023942b2194552f9cdff348680a1e5287a674543df89ed1368f089ccca3db5524aa7b353e7f6c61575e9bcfab2318b8169c38c5a803879850abb16524e4458 bubblewrap-0.1.5.tar.gz" +md5sums="a709841b318bb02b243055625495e282 bubblewrap-0.1.5.tar.gz +469c4aa58c265d17fe2abd1690fdd952 realpath-workaround.patch" +sha256sums="0a5a716a223dd4c93ccb45b1eb513a59f427f44c6a8675881de5954c026b8d7e bubblewrap-0.1.5.tar.gz +cb291dd80a76bcec31a07e382f0f7e2606dd5b3e19d87a7b201728972607d069 realpath-workaround.patch" +sha512sums="df023942b2194552f9cdff348680a1e5287a674543df89ed1368f089ccca3db5524aa7b353e7f6c61575e9bcfab2318b8169c38c5a803879850abb16524e4458 bubblewrap-0.1.5.tar.gz +400a0446670ebf80f16739f1a7a2878aadc3099424f957ba09ec3df780506c23a11368f0578c9e352d7ca6473fa713df826fad7a20c50338aa5f9fa9ac6b84a4 realpath-workaround.patch" diff --git a/community/bubblewrap/realpath-workaround.patch b/community/bubblewrap/realpath-workaround.patch new file mode 100644 index 0000000000..6f1e3b54b0 --- /dev/null +++ b/community/bubblewrap/realpath-workaround.patch @@ -0,0 +1,19 @@ +Musl realpath() implementation currently depends on /proc which is +not available when setting up pivot root. For the time being just +fallback to given path if realpath() fails. If there was symlinks +that would have required normalizing the following parse_mountinfo() +will fail. + +diff --git a/bind-mount.c b/bind-mount.c +index 7d3543f..c33b701 100644 +--- a/bind-mount.c ++++ b/bind-mount.c +@@ -397,7 +397,7 @@ bind_mount (int proc_fd, + path, so to find it in the mount table we need to do that too. */ + resolved_dest = realpath (dest, NULL); + if (resolved_dest == NULL) +- return 2; ++ resolved_dest = strdup (dest); + + mount_tab = parse_mountinfo (proc_fd, resolved_dest); + if (mount_tab[0].mountpoint == NULL) |