commit: 9981dc903cb650313d13401a99c193be7a8cb4ee Author: David Coles <coles.david <AT> gmail <DOT> com> AuthorDate: Wed Jun 19 21:19:50 2019 +0000 Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> CommitDate: Wed Jun 19 21:20:19 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9981dc90
sys-apps/minijail: New package Copyright: Sony Interactive Entertainment Inc. Package-Manager: Portage-2.3.67, Repoman-2.3.14 Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org> sys-apps/minijail/Manifest | 1 + sys-apps/minijail/files/minijail-9-makefile.patch | 44 ++++++++++++++ sys-apps/minijail/metadata.xml | 10 ++++ sys-apps/minijail/minijail-9.ebuild | 71 +++++++++++++++++++++++ 4 files changed, 126 insertions(+) diff --git a/sys-apps/minijail/Manifest b/sys-apps/minijail/Manifest new file mode 100644 index 00000000000..96fa50c32ca --- /dev/null +++ b/sys-apps/minijail/Manifest @@ -0,0 +1 @@ +DIST minijail-9.tar.gz 118700 BLAKE2B 7d2959d5dd71bd9d8d8a0b7c278dab66771740f73acec20f19502da33990ca858796b4734676ffedc404cef72eee8c419c669ba7092ac00cbafa2e410564aba2 SHA512 6d05fbe8615f410e8314045d11f7a3638f563f3311f7d52b5a0c47cad8692d11b0a7db4fbb45141b56453a9beb0de7683d58e5298f0a27029aa017539bb48717 diff --git a/sys-apps/minijail/files/minijail-9-makefile.patch b/sys-apps/minijail/files/minijail-9-makefile.patch new file mode 100644 index 00000000000..6ec44a8079a --- /dev/null +++ b/sys-apps/minijail/files/minijail-9-makefile.patch @@ -0,0 +1,44 @@ +diff --git a/Makefile b/Makefile +index 54ee978..a50ee9a 100644 +--- a/Makefile ++++ b/Makefile +@@ -46,8 +46,8 @@ ifeq ($(USE_SYSTEM_GTEST),no) + GTEST_CXXFLAGS := -std=gnu++14 + GTEST_LIBS := gtest.a + else +-GTEST_CXXFLAGS := $(shell gtest-config --cxxflags) +-GTEST_LIBS := $(shell gtest-config --libs) ++GTEST_CXXFLAGS ?= $(shell gtest-config --cxxflags) ++GTEST_LIBS ?= $(shell gtest-config --libs) + endif + + CORE_OBJECT_FILES := libminijail.o syscall_filter.o signal_handler.o \ +@@ -73,6 +73,7 @@ clean: CLEAN(minijail0) + + + CC_LIBRARY(libminijail.so): LDLIBS += -lcap ++CC_LIBRARY(libminijail.so): LDFLAGS += -Wl,-soname,libminijail.so + CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES) + clean: CLEAN(libminijail.so) + +@@ -91,6 +92,7 @@ TEST(CXX_BINARY(libminijail_unittest)): CC_LIBRARY(libminijailpreload.so) + + + CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl ++CC_LIBRARY(libminijailpreload.so): LDFLAGS += -Wl,-soname,libminijail.so + CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES) + clean: CLEAN(libminijailpreload.so) + +diff --git a/common.mk b/common.mk +index 77879d8..1cd815b 100644 +--- a/common.mk ++++ b/common.mk +@@ -323,7 +323,7 @@ COMMON_CFLAGS := -Wall -Wunused -Wno-unused-parameter -Werror -Wformat=2 \ + -fno-strict-aliasing $(SSP_CFLAGS) -O1 + CXXFLAGS += $(COMMON_CFLAGS) $(COMMON_CFLAGS-$(CXXDRIVER)) -std=gnu++14 + CFLAGS += $(COMMON_CFLAGS) $(COMMON_CFLAGS-$(CDRIVER)) -std=gnu11 +-CPPFLAGS += -D_FORTIFY_SOURCE=2 ++CPPFLAGS += + + # Enable large file support. + CPPFLAGS += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE diff --git a/sys-apps/minijail/metadata.xml b/sys-apps/minijail/metadata.xml new file mode 100644 index 00000000000..aa105de6900 --- /dev/null +++ b/sys-apps/minijail/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + </maintainer> + <maintainer type="person"> + <email>[email protected]</email> + </maintainer> +</pkgmetadata> diff --git a/sys-apps/minijail/minijail-9.ebuild b/sys-apps/minijail/minijail-9.ebuild new file mode 100644 index 00000000000..3daec8d2d3b --- /dev/null +++ b/sys-apps/minijail/minijail-9.ebuild @@ -0,0 +1,71 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit linux-info toolchain-funcs + +DESCRIPTION="helper binary and library for sandboxing & restricting privs of service" +HOMEPAGE="https://android.googlesource.com/platform/external/minijail"; + +# Use GitHub mirror as Gitiles doesn't generate stable tarballs. +SRC_URI="https://github.com/google/${PN}/archive/linux-v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+seccomp test" + +RDEPEND="sys-libs/libcap-ng:=" +DEPEND="${RDEPEND} + test? ( + virtual/pkgconfig + >=dev-cpp/gtest-1.8.0:= + )" + +S="${WORKDIR}/${PN}-linux-v${PV}" + +PATCHES=( + "${FILESDIR}/minijail-9-makefile.patch" +) + +pkg_pretend() { + local CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS + ~SECCOMP ~SECCOMP_FILTER ~CGROUPS" + check_extra_config +} + +src_configure() { + export LIBDIR="/usr/$(get_libdir)" + export USE_seccomp="$(usex seccomp)" + export USE_SYSTEM_GTEST=yes + export GTEST_CXXFLAGS="$(pkg-config --cflags gtest_main)" + export GTEST_LIBS="$(pkg-config --libs gtest_main)" +} + +src_compile() { + tc-env_build emake VERBOSE=1 all parse_seccomp_policy +} + +src_test() { + GTEST_FILTER="-NamespaceTest.test_tmpfs_userns:NamespaceTest.test_namespaces" \ + tc-env_build emake VERBOSE=1 tests +} + +src_install() { + dosbin minijail0 + dolib.so libminijail{,preload}.so + dobin parse_seccomp_policy + + doman minijail0.[15] + + local include_dir="/usr/include" + + "${S}"/platform2_preinstall.sh "${PV}" "${include_dir}" + insinto "/usr/$(get_libdir)/pkgconfig" + doins libminijail.pc + + insinto "${include_dir}" + doins libminijail.h + doins scoped_minijail.h +}
