diff --git a/gnu/local.mk b/gnu/local.mk index e7c670793c..5c48e1ba46 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -894,6 +894,7 @@ dist_patch_DATA = \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ %D%/packages/patches/procmail-CVE-2014-3618.patch \ + %D%/packages/patches/proot-test-fhs.patch \ %D%/packages/patches/pt-scotch-build-parallelism.patch \ %D%/packages/patches/pulseaudio-fix-mult-test.patch \ %D%/packages/patches/pulseaudio-longer-test-timeout.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 61aaf53329..94464d592a 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -80,6 +80,7 @@ #:use-module (gnu packages python) #:use-module (gnu packages readline) #:use-module (gnu packages rrdtool) + #:use-module (gnu packages samba) #:use-module (gnu packages slang) #:use-module (gnu packages storage) #:use-module (gnu packages texinfo) @@ -3782,3 +3783,105 @@ programming interface to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by nftables.") (license license:gpl2+))) + +(define-public proot + (package + (name "proot") + (version "5.1.0") + (home-page "https://github.com/proot-me/PRoot") + (source (origin + (method url-fetch) + (uri (string-append home-page "/archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "11h30i83vdhc3khlj6hrh3a21sbmmz8nhfv09vkf6b9bcs1biz2h")) + (patches (search-patches "proot-test-fhs.patch")))) + (build-system gnu-build-system) + (arguments + '(#:make-flags '("-C" "src") + + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-before 'build 'set-shell-file-name + (lambda* (#:key inputs #:allow-other-keys) + (substitute* (find-files "src" "\\.[ch]$") + (("\"/bin/sh\"") + (string-append "\"" + (assoc-ref inputs "bash") + "/bin/sh\""))) + #t)) + (add-before 'check 'fix-fhs-assumptions-in-tests + (lambda _ + (substitute* "tests/test-c6b77b77.mk" + (("/bin/bash") (which "bash")) + (("/usr/bin/test") (which "test"))) + (substitute* '("tests/test-16573e73.c") + (("/bin/([a-z-]+)" _ program) + (which program))) + + (substitute* (find-files "tests" "\\.sh$") + ;; Some of the tests try to "bind-mount" /bin/true. + (("-b /bin/true:") + (string-append "-b " (which "true") ":")) + ;; Likewise for /bin. + (("-b /bin:") "-b /gnu:") + ;; Others try to run /bin/sh. + (("/bin/sh") (which "sh")) + ;; Others assume /etc/fstab exists. + (("/etc/fstab") "/etc/passwd")) + + (substitute* "tests/GNUmakefile" + (("-b /bin:") "-b /gnu:")) + + ;; XXX: This test fails in an obscure corner case, just + ;; skip it. + (delete-file "tests/test-kkkkkkkk.c") + + #t)) + (replace 'check + (lambda _ + (let ((n (parallel-job-count))) + ;; For some reason we get lots of segfaults with + ;; seccomp support (x86_64, Linux-libre 4.11.0). + (setenv "PROOT_NO_SECCOMP" "1") + + ;; Most of the tests expect "/bin" to be in $PATH so + ;; they can run things that live in $ROOTFS/bin. + (setenv "PATH" + (string-append (getenv "PATH") ":/bin")) + + (zero? (system* "make" "check" "-C" "tests" + ;;"V=1" + "-j" (number->string n)))))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + ;; The 'install' rule does nearly nothing. + (let ((out (assoc-ref outputs "out"))) + (and (zero? + ;; TODO: 'make install-care' (does not even + ;; build currently.) + (system* "make" "-C" "src" "install" + (string-append "PREFIX=" out))) + (begin + (install-file "doc/proot/man.1" + (string-append out "/share" + "/man/man1")) + #t)))))))) + (native-inputs `(("which" ,which) + + ;; For 'mcookie', used by some of the tests. + ("util-linux" ,util-linux))) + (inputs `(("talloc" ,talloc))) + (synopsis "Unprivileged chroot, bind mount, and binfmt_misc") + (description + "PRoot is a user-space implementation of @code{chroot}, @code{mount --bind}, +and @code{binfmt_misc}. This means that users don't need any privileges or +setup to do things like using an arbitrary directory as the new root +filesystem, making files accessible somewhere else in the file system +hierarchy, or executing programs built for another CPU architecture +transparently through QEMU user-mode. Also, developers can use PRoot as a +generic process instrumentation engine thanks to its extension mechanism. +Technically PRoot relies on @code{ptrace}, an unprivileged system-call +available in the kernel Linux.") + (license license:gpl2+))) diff --git a/gnu/packages/patches/proot-test-fhs.patch b/gnu/packages/patches/proot-test-fhs.patch new file mode 100644 index 0000000000..d3896addd6 --- /dev/null +++ b/gnu/packages/patches/proot-test-fhs.patch @@ -0,0 +1,98 @@ +The test suite of PRoot makes many FHS assumptions, such as assuming +that /bin, /bin/true, and /usr exist. This patch fixes these assumptions. + +--- source/tests/GNUmakefile 2017-05-11 15:26:36.899115484 +0200 ++++ source/tests/GNUmakefile 2017-05-11 15:26:46.143063166 +0200 +@@ -121,7 +121,7 @@ $(ROOTFS_DIR): + setup: $(ROOTFS_BIN) + + $(ROOTFS)/bin/abs-true: +- @ln -fs /bin/true $@ ++ @ln -fs `which true` $@ + + $(ROOTFS)/bin/rel-true: + @ln -fs ./true $@ + +--- source/tests/test-d2175fc3.sh 2017-05-11 15:36:53.727617010 +0200 ++++ source/tests/test-d2175fc3.sh 2017-05-11 15:37:10.155523637 +0200 +@@ -2,8 +2,8 @@ if [ ! -x ${ROOTFS}/bin/readlink ] || [ + exit 125; + fi + +-${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$' ++${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`" + ${PROOT} -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^\./true$' + +-${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$' ++${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`" + ${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^./true$' + +--- source/tests/test-d1be631a.sh 2017-05-11 15:41:36.458008715 +0200 ++++ source/tests/test-d1be631a.sh 2017-05-11 15:41:38.921994686 +0200 +@@ -1,4 +1,4 @@ +-if [ -z `which mknod`] || [ `id -u` -eq 0 ]; then ++if [ -z `which mknod` ] || [ `id -u` -eq 0 ]; then + exit 125; + fi + +--- source/tests/test-5bed7141.c 2017-05-11 15:34:23.088472743 +0200 ++++ source/tests/test-5bed7141.c 2017-05-11 15:34:27.052450235 +0200 +@@ -80,7 +80,7 @@ int main(int argc, char *argv[]) + exit(EXIT_FAILURE); + + case 0: /* child */ +- status = chdir("/usr"); ++ status = chdir("/gnu"); + if (status < 0) { + perror("chdir"); + exit(EXIT_FAILURE); + +--- a/tests/test-092c5e26.sh ++++ b/tests/test-092c5e26.sh +@@ -24,7 +24,7 @@ fi + + unset LD_LIBRARY_PATH + +-env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$" ++env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$" + env PROOT_FORCE_FOREIGN_BINARY=1 ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$" + + cat > ${ROOTFS}/${TMP_ABS} <