From f6cc6c6f3e19e72049d1a23a21d37d9c777a23b6 Mon Sep 17 00:00:00 2001 From: Duncaen Date: Sun, 25 Oct 2015 22:55:47 +0100 Subject: [PATCH] firejail: rebuild with upstream patches --- srcpkgs/firejail/files/musl_defs.h | 33 --------- .../patches/firejail-0.9.32-musl.patch | 69 +++++++++++++++++++ .../patches/firejail-0.9.32-seccomp.patch | 37 ++++++++++ srcpkgs/firejail/template | 22 +----- 4 files changed, 107 insertions(+), 54 deletions(-) delete mode 100644 srcpkgs/firejail/files/musl_defs.h create mode 100644 srcpkgs/firejail/patches/firejail-0.9.32-musl.patch create mode 100644 srcpkgs/firejail/patches/firejail-0.9.32-seccomp.patch diff --git a/srcpkgs/firejail/files/musl_defs.h b/srcpkgs/firejail/files/musl_defs.h deleted file mode 100644 index a24e715d84e..00000000000 --- a/srcpkgs/firejail/files/musl_defs.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _MUSL_DEFS_H -#define _MUSL_DEFS_H - -#include - -#define __NEED_FILE -#define __NEED_dev_t -#define __NEED_ino_t -#define __NEED_mode_t -#define __NEED_nlink_t -#define __NEED_uid_t -#define __NEED_gid_t -#define __NEED_off_t -#define __NEED_time_t -#define __NEED_blksize_t -#define __NEED_blkcnt_t -#define __NEED_struct_timespec - -#include -#include - -#ifdef __cplusplus -#define NULL 0L -#else -#define NULL ((void*)0) -#endif - -int printf(const char *format, ...); -int sprintf(char *buffer, const char *format, ...); -char *fgets(char *buffer, int size, FILE *fp); - -#endif - diff --git a/srcpkgs/firejail/patches/firejail-0.9.32-musl.patch b/srcpkgs/firejail/patches/firejail-0.9.32-musl.patch new file mode 100644 index 00000000000..0ceaea07120 --- /dev/null +++ b/srcpkgs/firejail/patches/firejail-0.9.32-musl.patch @@ -0,0 +1,69 @@ +From 14b435a43ab54a718f1a899573fe1ce6bb06fe7a Mon Sep 17 00:00:00 2001 +From: Duncaen +Date: Sun, 25 Oct 2015 15:30:09 +0100 +Subject: [PATCH] libtrace: only include fopen64, freopen64 and stat64 if + __GLIBC__ is defined + +--- + src/libtrace/libtrace.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git src/libtrace/libtrace.c src/libtrace/libtrace.c +index 1eb1cf9..12a8c7f 100644 +--- src/libtrace/libtrace.c ++++ src/libtrace/libtrace.c +@@ -312,6 +312,7 @@ FILE *fopen(const char *pathname, const char *mode) { + return rv; + } + ++#ifdef __GLIBC__ + FILE *fopen64(const char *pathname, const char *mode) { + if (!orig_fopen64) + orig_fopen64 = (orig_fopen_t)dlsym(RTLD_NEXT, "fopen64"); +@@ -320,6 +321,7 @@ FILE *fopen64(const char *pathname, const char *mode) { + printf("%u:%s:fopen64 %s\n", pid(), name(), pathname); + return rv; + } ++#endif /* __GLIBC__ */ + + + // freopen +@@ -334,6 +336,7 @@ FILE *freopen(const char *pathname, const char *mode, FILE *stream) { + return rv; + } + ++#ifdef __GLIBC__ + typedef FILE *(*orig_freopen64_t)(const char *pathname, const char *mode, FILE *stream); + static orig_freopen64_t orig_freopen64 = NULL; + FILE *freopen64(const char *pathname, const char *mode, FILE *stream) { +@@ -344,6 +347,7 @@ FILE *freopen64(const char *pathname, const char *mode, FILE *stream) { + printf("%u:%s:freopen64 %s\n", pid(), name(), pathname); + return rv; + } ++#endif /* __GLIBC__ */ + + // unlink + typedef int (*orig_unlink_t)(const char *pathname); +@@ -414,6 +418,7 @@ int stat(const char *pathname, struct stat *buf) { + return rv; + } + ++#ifdef __GLIBC__ + typedef int (*orig_stat64_t)(const char *pathname, struct stat64 *buf); + static orig_stat64_t orig_stat64 = NULL; + int stat64(const char *pathname, struct stat64 *buf) { +@@ -424,6 +429,7 @@ int stat64(const char *pathname, struct stat64 *buf) { + printf("%u:%s:stat %s\n", pid(), name(), pathname); + return rv; + } ++#endif /* __GLIBC__ */ + + + // access +@@ -625,4 +631,4 @@ int setresgid(gid_t rgid, gid_t egid, gid_t sgid) { + printf("%u:%s:setresgid %d %d %d\n", pid(), name(), rgid, egid, sgid); + + return rv; +-} +\ No newline at end of file ++} diff --git a/srcpkgs/firejail/patches/firejail-0.9.32-seccomp.patch b/srcpkgs/firejail/patches/firejail-0.9.32-seccomp.patch new file mode 100644 index 00000000000..c2813fa4ce7 --- /dev/null +++ b/srcpkgs/firejail/patches/firejail-0.9.32-seccomp.patch @@ -0,0 +1,37 @@ +From 8014c8d3aa022c851443cbb4226a9481684c9704 Mon Sep 17 00:00:00 2001 +From: netblue30 +Date: Sat, 24 Oct 2015 09:41:11 -0400 +Subject: [PATCH] fixed compilation error for --disable-seccomp + +--- + src/firejail/main.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git src/firejail/main.c src/firejail/main.c +index 422a391..e76f1b4 100644 +--- src/firejail/main.c ++++ src/firejail/main.c +@@ -396,7 +396,9 @@ int main(int argc, char **argv) { + int arg_cgroup = 0; + int custom_profile = 0; // custom profile loaded + int arg_noprofile = 0; // use generic.profile if none other found/specified ++#ifdef HAVE_SECCOMP + int highest_errno = errno_highest_nr(); ++#endif + + // check if we already have a sandbox running + int rv = check_kernel_procs(); +@@ -1366,11 +1368,13 @@ int main(int argc, char **argv) { + waitpid(child, NULL, 0); + + // free globals ++#ifdef HAVE_SECCOMP + if (arg_seccomp_list_errno) { + for (i = 0; i < highest_errno; i++) + free(arg_seccomp_list_errno[i]); + free(arg_seccomp_list_errno); + } ++#endif + + myexit(0); + diff --git a/srcpkgs/firejail/template b/srcpkgs/firejail/template index eaa17706fa7..44fd76c747b 100644 --- a/srcpkgs/firejail/template +++ b/srcpkgs/firejail/template @@ -1,7 +1,7 @@ # Template file for 'firejail' pkgname=firejail version=0.9.32 -revision=1 +revision=2 build_style=gnu-configure build_pie=yes conf_files=" @@ -53,23 +53,3 @@ case "$XBPS_TARGET_MACHINE" in configure_args+=" --disable-seccomp" ;; esac - -pre_configure() { - sed -i ${wrksrc}/src/firejail/errno.c -e 's;#ifdef HAVE_SECCOMP;#if 1;' - case "$XBPS_TARGET_MACHINE" in - *-musl) # XXX: dirty hack - very limited stdio.h definitions - # to avoid redefinition of intercepted libc functions - cp ${FILESDIR}/musl_defs.h ${wrksrc}/src/libtrace - # Include our header instead of stdio.h and sys/stat.h - # Use struct stat instead of struct stat64 (they are equal) - sed -i ${wrksrc}/src/libtrace/libtrace.c \ - -e 's;#include ;#include "musl_defs.h";' \ - -e 's;#include ;;' \ - -e 's;struct stat64;struct stat;g' - esac -} - -pre_install() { - # remove hardcoded strip(1) - sed -i '/strip .*/d' Makefile -}