summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludovic.courtes@inria.fr>2017-05-11 17:48:58 +0200
committerLudovic Courtès <ludo@gnu.org>2017-05-11 18:05:42 +0200
commit62b28c0e7b4b20e22c24cd5ba09ce439b73dd236 (patch)
treee7994dbe861d6f39c1fe9246b411f06cbd51c567
parent77abe3f091b4eaa7e75ec338fefc9c70531b708f (diff)
downloadguix-62b28c0e7b4b20e22c24cd5ba09ce439b73dd236.tar.gz
gnu: Add PRoot.
* gnu/packages/linux.scm (proot): New variable.
* gnu/packages/patches/proot-test-fhs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/linux.scm103
-rw-r--r--gnu/packages/patches/proot-test-fhs.patch98
3 files changed, 202 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index e7c670793c..5c48e1ba46 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -894,6 +894,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
   %D%/packages/patches/procmail-CVE-2014-3618.patch		\
+  %D%/packages/patches/proot-test-fhs.patch			\
   %D%/packages/patches/pt-scotch-build-parallelism.patch	\
   %D%/packages/patches/pulseaudio-fix-mult-test.patch		\
   %D%/packages/patches/pulseaudio-longer-test-timeout.patch	\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 61aaf53329..94464d592a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -80,6 +80,7 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages rrdtool)
+  #:use-module (gnu packages samba)
   #:use-module (gnu packages slang)
   #:use-module (gnu packages storage)
   #:use-module (gnu packages texinfo)
@@ -3782,3 +3783,105 @@ programming interface to the in-kernel nf_tables subsystem.  The library
 libnftnl has been previously known as libnftables.  This library is currently
 used by nftables.")
     (license license:gpl2+)))
+
+(define-public proot
+  (package
+    (name "proot")
+    (version "5.1.0")
+    (home-page "https://github.com/proot-me/PRoot")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append home-page "/archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "11h30i83vdhc3khlj6hrh3a21sbmmz8nhfv09vkf6b9bcs1biz2h"))
+              (patches (search-patches "proot-test-fhs.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags '("-C" "src")
+
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (add-before 'build 'set-shell-file-name
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      (substitute* (find-files "src" "\\.[ch]$")
+                        (("\"/bin/sh\"")
+                         (string-append "\""
+                                        (assoc-ref inputs "bash")
+                                        "/bin/sh\"")))
+                      #t))
+                  (add-before 'check 'fix-fhs-assumptions-in-tests
+                    (lambda _
+                      (substitute* "tests/test-c6b77b77.mk"
+                        (("/bin/bash") (which "bash"))
+                        (("/usr/bin/test") (which "test")))
+                      (substitute* '("tests/test-16573e73.c")
+                        (("/bin/([a-z-]+)" _ program)
+                         (which program)))
+
+                      (substitute* (find-files "tests" "\\.sh$")
+                        ;; Some of the tests try to "bind-mount" /bin/true.
+                        (("-b /bin/true:")
+                         (string-append "-b " (which "true") ":"))
+                        ;; Likewise for /bin.
+                        (("-b /bin:") "-b /gnu:")
+                        ;; Others try to run /bin/sh.
+                        (("/bin/sh") (which "sh"))
+                        ;; Others assume /etc/fstab exists.
+                        (("/etc/fstab") "/etc/passwd"))
+
+                      (substitute* "tests/GNUmakefile"
+                        (("-b /bin:") "-b /gnu:"))
+
+                      ;; XXX: This test fails in an obscure corner case, just
+                      ;; skip it.
+                      (delete-file "tests/test-kkkkkkkk.c")
+
+                      #t))
+                  (replace 'check
+                    (lambda _
+                      (let ((n (parallel-job-count)))
+                        ;; For some reason we get lots of segfaults with
+                        ;; seccomp support (x86_64, Linux-libre 4.11.0).
+                        (setenv "PROOT_NO_SECCOMP" "1")
+
+                        ;; Most of the tests expect "/bin" to be in $PATH so
+                        ;; they can run things that live in $ROOTFS/bin.
+                        (setenv "PATH"
+                                (string-append (getenv "PATH") ":/bin"))
+
+                        (zero? (system* "make" "check" "-C" "tests"
+                                        ;;"V=1"
+                                        "-j" (number->string n))))))
+                  (replace 'install
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; The 'install' rule does nearly nothing.
+                      (let ((out (assoc-ref outputs "out")))
+                        (and (zero?
+                              ;; TODO: 'make install-care' (does not even
+                              ;; build currently.)
+                              (system* "make" "-C" "src" "install"
+                                       (string-append "PREFIX=" out)))
+                             (begin
+                               (install-file "doc/proot/man.1"
+                                             (string-append out "/share"
+                                                            "/man/man1"))
+                               #t))))))))
+    (native-inputs `(("which" ,which)
+
+                     ;; For 'mcookie', used by some of the tests.
+                     ("util-linux" ,util-linux)))
+    (inputs `(("talloc" ,talloc)))
+    (synopsis "Unprivileged chroot, bind mount, and binfmt_misc")
+    (description
+     "PRoot is a user-space implementation of @code{chroot}, @code{mount --bind},
+and @code{binfmt_misc}.  This means that users don't need any privileges or
+setup to do things like using an arbitrary directory as the new root
+filesystem, making files accessible somewhere else in the file system
+hierarchy, or executing programs built for another CPU architecture
+transparently through QEMU user-mode.  Also, developers can use PRoot as a
+generic process instrumentation engine thanks to its extension mechanism.
+Technically PRoot relies on @code{ptrace}, an unprivileged system-call
+available in the kernel Linux.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/patches/proot-test-fhs.patch b/gnu/packages/patches/proot-test-fhs.patch
new file mode 100644
index 0000000000..d3896addd6
--- /dev/null
+++ b/gnu/packages/patches/proot-test-fhs.patch
@@ -0,0 +1,98 @@
+The test suite of PRoot makes many FHS assumptions, such as assuming
+that /bin, /bin/true, and /usr exist.  This patch fixes these assumptions.
+
+--- source/tests/GNUmakefile	2017-05-11 15:26:36.899115484 +0200
++++ source/tests/GNUmakefile	2017-05-11 15:26:46.143063166 +0200
+@@ -121,7 +121,7 @@ $(ROOTFS_DIR):
+ setup: $(ROOTFS_BIN)
+ 
+ $(ROOTFS)/bin/abs-true:
+-	@ln -fs /bin/true $@
++	@ln -fs `which true`  $@
+ 
+ $(ROOTFS)/bin/rel-true:
+ 	@ln -fs ./true $@
+
+--- source/tests/test-d2175fc3.sh	2017-05-11 15:36:53.727617010 +0200
++++ source/tests/test-d2175fc3.sh	2017-05-11 15:37:10.155523637 +0200
+@@ -2,8 +2,8 @@ if [ ! -x  ${ROOTFS}/bin/readlink ] || [
+     exit 125;
+ fi
+ 
+-${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
++${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
+ ${PROOT} -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^\./true$'
+ 
+-${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
++${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
+ ${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^./true$'
+
+--- source/tests/test-d1be631a.sh	2017-05-11 15:41:36.458008715 +0200
++++ source/tests/test-d1be631a.sh	2017-05-11 15:41:38.921994686 +0200
+@@ -1,4 +1,4 @@
+-if [ -z `which mknod`] || [ `id -u` -eq 0 ]; then
++if [ -z `which mknod` ] || [ `id -u` -eq 0 ]; then
+     exit 125;
+ fi
+ 
+--- source/tests/test-5bed7141.c	2017-05-11 15:34:23.088472743 +0200
++++ source/tests/test-5bed7141.c	2017-05-11 15:34:27.052450235 +0200
+@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
+ 		exit(EXIT_FAILURE);
+ 
+ 	case 0: /* child */
+-		status = chdir("/usr");
++		status = chdir("/gnu");
+ 		if (status < 0) {
+ 			perror("chdir");
+ 			exit(EXIT_FAILURE);
+
+--- a/tests/test-092c5e26.sh
++++ b/tests/test-092c5e26.sh
+@@ -24,7 +24,7 @@ fi
+ 
+ unset LD_LIBRARY_PATH
+ 
+-env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
++env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
+ env PROOT_FORCE_FOREIGN_BINARY=1 ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
+ 
+ cat > ${ROOTFS}/${TMP_ABS} <<EOF
+@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
+ 
+ # Valgrind prepends "/bin/sh" in front of foreign binaries.
+ if ! $(echo ${PROOT} | grep -q valgrind); then
+-    env PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
++    env PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
+     ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS}                | grep "^-U LD_LIBRARY_PATH -0 ${TMP_ABS} ${TMP_ABS}$"
+ fi
+ 
+diff --git a/tests/test-5467b986.sh b/tests/test-5467b986.sh
+index c6ac71a..f616f1e 100644
+--- a/tests/test-5467b986.sh
++++ b/tests/test-5467b986.sh
+@@ -30,8 +30,8 @@ ${PROOT} -v -1 -b /tmp:/b -b /tmp:/a -r ${ROOTFS} fchdir_getcwd /b | grep '^/[ab
+ ! ${PROOT} -w /bin -r ${ROOTFS} fchdir_getcwd true
+ [ $? -eq 0 ]
+ 
+-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/chdir_getcwd share  | grep '^/usr/share$'
+-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$'
++${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/chdir_getcwd store  | grep '^/gnu/store$'
++${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$'
+ 
+-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/chdir_getcwd share  | grep '^/usr/share$')
+-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$')
++(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/chdir_getcwd store  | grep '^/gnu/store$')
++(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$')
+
+--- a/tests/test-c15999f9.sh
++++ b/tests/test-c15999f9.sh
+@@ -5,7 +5,7 @@ fi
+ TMP=/tmp/$(mcookie)
+ mkdir ${TMP}
+ 
+-${PROOT} -b /bin/true:${TMP}/true /bin/true
++${PROOT} -b `which true`:${TMP}/true `which true`
+ ! test -e ${TMP}/true
+ [ $? -eq 0 ]
+