nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: Add PRoot. 

* gnu/packages/linux.scm (proot): New variable.
* gnu/packages/patches/proot-test-fhs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
master
Ludovic Courtès 2017-05-11 17:48:58 +02:00 committed by Ludovic Courtès
parent 77abe3f091
commit 62b28c0e7b
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
3 changed files with 202 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -894,6 +894,7 @@ dist_patch_DATA = \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
%D%/packages/patches/procmail-CVE-2014-3618.patch \
%D%/packages/patches/proot-test-fhs.patch \
%D%/packages/patches/pt-scotch-build-parallelism.patch \
%D%/packages/patches/pulseaudio-fix-mult-test.patch \
%D%/packages/patches/pulseaudio-longer-test-timeout.patch \

103
gnu/packages/linux.scm
View File

@ -80,6 +80,7 @@
#:use-module (gnu packages python)
#:use-module (gnu packages readline)
#:use-module (gnu packages rrdtool)
#:use-module (gnu packages samba)
#:use-module (gnu packages slang)
#:use-module (gnu packages storage)
#:use-module (gnu packages texinfo)
@ -3782,3 +3783,105 @@ programming interface to the in-kernel nf_tables subsystem. The library
libnftnl has been previously known as libnftables. This library is currently
used by nftables.")
(license license:gpl2+)))
(define-public proot
(package
(name "proot")
(version "5.1.0")
(home-page "https://github.com/proot-me/PRoot")
(source (origin
(method url-fetch)
(uri (string-append home-page "/archive/v" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"11h30i83vdhc3khlj6hrh3a21sbmmz8nhfv09vkf6b9bcs1biz2h"))
(patches (search-patches "proot-test-fhs.patch"))))
(build-system gnu-build-system)
(arguments
'(#:make-flags '("-C" "src")
#:phases (modify-phases %standard-phases
(delete 'configure)
(add-before 'build 'set-shell-file-name
(lambda* (#:key inputs #:allow-other-keys)
(substitute* (find-files "src" "\\.[ch]$")
(("\"/bin/sh\"")
(string-append "\""
(assoc-ref inputs "bash")
"/bin/sh\"")))
#t))
(add-before 'check 'fix-fhs-assumptions-in-tests
(lambda _
(substitute* "tests/test-c6b77b77.mk"
(("/bin/bash") (which "bash"))
(("/usr/bin/test") (which "test")))
(substitute* '("tests/test-16573e73.c")
(("/bin/([a-z-]+)" _ program)
(which program)))
(substitute* (find-files "tests" "\\.sh$")
;; Some of the tests try to "bind-mount" /bin/true.
(("-b /bin/true:")
(string-append "-b " (which "true") ":"))
;; Likewise for /bin.
(("-b /bin:") "-b /gnu:")
;; Others try to run /bin/sh.
(("/bin/sh") (which "sh"))
;; Others assume /etc/fstab exists.
(("/etc/fstab") "/etc/passwd"))
(substitute* "tests/GNUmakefile"
(("-b /bin:") "-b /gnu:"))
;; XXX: This test fails in an obscure corner case, just
;; skip it.
(delete-file "tests/test-kkkkkkkk.c")
#t))
(replace 'check
(lambda _
(let ((n (parallel-job-count)))
;; For some reason we get lots of segfaults with
;; seccomp support (x86_64, Linux-libre 4.11.0).
(setenv "PROOT_NO_SECCOMP" "1")
;; Most of the tests expect "/bin" to be in $PATH so
;; they can run things that live in $ROOTFS/bin.
(setenv "PATH"
(string-append (getenv "PATH") ":/bin"))
(zero? (system* "make" "check" "-C" "tests"
;;"V=1"
"-j" (number->string n))))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
;; The 'install' rule does nearly nothing.
(let ((out (assoc-ref outputs "out")))
(and (zero?
;; TODO: 'make install-care' (does not even
;; build currently.)
(system* "make" "-C" "src" "install"
(string-append "PREFIX=" out)))
(begin
(install-file "doc/proot/man.1"
(string-append out "/share"
"/man/man1"))
#t))))))))
(native-inputs `(("which" ,which)
;; For 'mcookie', used by some of the tests.
("util-linux" ,util-linux)))
(inputs `(("talloc" ,talloc)))
(synopsis "Unprivileged chroot, bind mount, and binfmt_misc")
(description
"PRoot is a user-space implementation of @code{chroot}, @code{mount --bind},
and @code{binfmt_misc}. This means that users don't need any privileges or
setup to do things like using an arbitrary directory as the new root
filesystem, making files accessible somewhere else in the file system
hierarchy, or executing programs built for another CPU architecture
transparently through QEMU user-mode. Also, developers can use PRoot as a
generic process instrumentation engine thanks to its extension mechanism.
Technically PRoot relies on @code{ptrace}, an unprivileged system-call
available in the kernel Linux.")
(license license:gpl2+)))

98
gnu/packages/patches/proot-test-fhs.patch Normal file
View File

@ -0,0 +1,98 @@
The test suite of PRoot makes many FHS assumptions, such as assuming
that /bin, /bin/true, and /usr exist. This patch fixes these assumptions.
--- source/tests/GNUmakefile 2017-05-11 15:26:36.899115484 +0200
+++ source/tests/GNUmakefile 2017-05-11 15:26:46.143063166 +0200
@@ -121,7 +121,7 @@ $(ROOTFS_DIR):
setup: $(ROOTFS_BIN)
$(ROOTFS)/bin/abs-true:
- @ln -fs /bin/true $@
+ @ln -fs `which true` $@
$(ROOTFS)/bin/rel-true:
@ln -fs ./true $@
--- source/tests/test-d2175fc3.sh 2017-05-11 15:36:53.727617010 +0200
+++ source/tests/test-d2175fc3.sh 2017-05-11 15:37:10.155523637 +0200
@@ -2,8 +2,8 @@ if [ ! -x ${ROOTFS}/bin/readlink ] || [
exit 125;
fi
-${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
+${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
${PROOT} -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^\./true$'
-${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
+${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^./true$'
--- source/tests/test-d1be631a.sh 2017-05-11 15:41:36.458008715 +0200
+++ source/tests/test-d1be631a.sh 2017-05-11 15:41:38.921994686 +0200
@@ -1,4 +1,4 @@
-if [ -z `which mknod`] || [ `id -u` -eq 0 ]; then
+if [ -z `which mknod` ] || [ `id -u` -eq 0 ]; then
exit 125;
fi
--- source/tests/test-5bed7141.c 2017-05-11 15:34:23.088472743 +0200
+++ source/tests/test-5bed7141.c 2017-05-11 15:34:27.052450235 +0200
@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
case 0: /* child */
- status = chdir("/usr");
+ status = chdir("/gnu");
if (status < 0) {
perror("chdir");
exit(EXIT_FAILURE);
--- a/tests/test-092c5e26.sh
+++ b/tests/test-092c5e26.sh
@@ -24,7 +24,7 @@ fi
unset LD_LIBRARY_PATH
-env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
+env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
env PROOT_FORCE_FOREIGN_BINARY=1 ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
cat > ${ROOTFS}/${TMP_ABS} <<EOF
@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
# Valgrind prepends "/bin/sh" in front of foreign binaries.
if ! $(echo ${PROOT} | grep -q valgrind); then
- env PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
+ env PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH -0 ${TMP_ABS} ${TMP_ABS}$"
fi
diff --git a/tests/test-5467b986.sh b/tests/test-5467b986.sh
index c6ac71a..f616f1e 100644
--- a/tests/test-5467b986.sh
+++ b/tests/test-5467b986.sh
@@ -30,8 +30,8 @@ ${PROOT} -v -1 -b /tmp:/b -b /tmp:/a -r ${ROOTFS} fchdir_getcwd /b | grep '^/[ab
! ${PROOT} -w /bin -r ${ROOTFS} fchdir_getcwd true
[ $? -eq 0 ]
-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/chdir_getcwd share | grep '^/usr/share$'
-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$'
+${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/chdir_getcwd store | grep '^/gnu/store$'
+${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$'
-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/chdir_getcwd share | grep '^/usr/share$')
-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$')
+(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/chdir_getcwd store | grep '^/gnu/store$')
+(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$')
--- a/tests/test-c15999f9.sh
+++ b/tests/test-c15999f9.sh
@@ -5,7 +5,7 @@ fi
TMP=/tmp/$(mcookie)
mkdir ${TMP}
-${PROOT} -b /bin/true:${TMP}/true /bin/true
+${PROOT} -b `which true`:${TMP}/true `which true`
! test -e ${TMP}/true
[ $? -eq 0 ]