main/bubblewrap: move from community

3 files changed, 88 insertions, 0 deletions

diff --git a/main/bubblewrap/APKBUILD b/main/bubblewrap/APKBUILD
new file mode 100644
index 0000000000..e2ecf4978d
--- /dev/null
+++ b/main/bubblewrap/APKBUILD
@@ -0,0 +1,52 @@
+# Contributor: Timo Teräs <timo.teras@iki.fi>
+# Maintainer: Timo Teräs <timo.teras@iki.fi>
+pkgname=bubblewrap
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="Unprivileged sandboxing tool"
+url="https://github.com/projectatomic/bubblewrap"
+arch="all"
+license="LGPL-2.0-or-later"
+options="!check suid"
+makedepends="autoconf automake libcap-dev docbook-xsl"
+subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
+source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz
+	realpath-workaround.patch musl-fixes.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+prepare() {
+	cd "$builddir"
+	NOCONFIGURE=1 ./autogen.sh
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--with-priv-mode=setuid
+	make
+}
+
+package() {
+	cd "$builddir"
+	make install DESTDIR="$pkgdir"
+}
+
+bashcomp() {
+	pkgdesc="Bash completions for $pkgname"
+	depends=""
+	install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
+
+	mkdir -p "$subpkgdir"/usr/share/
+	mv "$pkgdir"/usr/share/bash-completion/ "$subpkgdir"/usr/share/
+}
+
+sha512sums="746f10cd9f9852ca4679d589357402ec10c352e02f77384844a4657fd9b2952189a3299319fbefedd35358d39fd16ded63cc3db95041ed2091548183786b8b63  bubblewrap-0.2.0.tar.gz
+400a0446670ebf80f16739f1a7a2878aadc3099424f957ba09ec3df780506c23a11368f0578c9e352d7ca6473fa713df826fad7a20c50338aa5f9fa9ac6b84a4  realpath-workaround.patch
+f59cda3b09dd99db9ca6d97099a15bb2523e054063d677502317ae3165ba2e32105a0ae8f877afc3827bd28d093c9d9d413270f4c87d9fe5f26f3eee670d916e  musl-fixes.patch"
diff --git a/main/bubblewrap/musl-fixes.patch b/main/bubblewrap/musl-fixes.patch
new file mode 100644
index 0000000000..ecf6263310
--- /dev/null
+++ b/main/bubblewrap/musl-fixes.patch
@@ -0,0 +1,17 @@
+--- a/config.h.in
++++ b/config.h.in
+@@ -102,3 +102,14 @@
+ 
+ /* Define to 1 if you need to in order for `stat' and other things to work. */
+ #undef _POSIX_SOURCE
++
++/* taken from glibc unistd.h and fixes musl */
++#ifndef TEMP_FAILURE_RETRY
++#define TEMP_FAILURE_RETRY(expression) \
++  (__extension__                                                              \
++    ({ long int __result;                                                     \
++       do __result = (long int) (expression);                                 \
++       while (__result == -1L && errno == EINTR);                             \
++       __result; }))
++#endif
++
diff --git a/main/bubblewrap/realpath-workaround.patch b/main/bubblewrap/realpath-workaround.patch
new file mode 100644
index 0000000000..6f1e3b54b0
--- /dev/null
+++ b/main/bubblewrap/realpath-workaround.patch
@@ -0,0 +1,19 @@
+Musl realpath() implementation currently depends on /proc which is
+not available when setting up pivot root. For the time being just
+fallback to given path if realpath() fails. If there was symlinks
+that would have required normalizing the following parse_mountinfo()
+will fail.
+
+diff --git a/bind-mount.c b/bind-mount.c
+index 7d3543f..c33b701 100644
+--- a/bind-mount.c
++++ b/bind-mount.c
+@@ -397,7 +397,7 @@ bind_mount (int           proc_fd,
+      path, so to find it in the mount table we need to do that too. */
+   resolved_dest = realpath (dest, NULL);
+   if (resolved_dest == NULL)
+-    return 2;
++    resolved_dest = strdup (dest);
+ 
+   mount_tab = parse_mountinfo (proc_fd, resolved_dest);
+   if (mount_tab[0].mountpoint == NULL)