[Buildroot] [PATCH] package/minijail: new package

José Pekkarinen jose.pekkarinen at unikie.com
Thu Jan 13 10:05:06 UTC 2022 

This patch adds package minijail

Minijail depends in a toolchain different from
uclibc thanks to it's lack of support for prlimits.

Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
---
[ v1 -> v2 ]
- Fixed hash file
- Fixed static assert patch
- Depend in toolchain distinct of uclibc
- Remove redundant host libpcap dependency
- Remove redundant parenthesis on MINIJAIL_BUILD_CMDS

 DEVELOPERS                                    |  1 +
 package/Config.in                             |  1 +
 ...te-static_assert-with-_Static_assert.patch | 35 +++++++++++++++++++
 package/minijail/Config.in                    | 12 +++++++
 package/minijail/minijail.hash                |  5 +++
 package/minijail/minijail.mk                  | 28 +++++++++++++++
 6 files changed, 82 insertions(+)
 create mode 100644 package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch
 create mode 100644 package/minijail/Config.in
 create mode 100644 package/minijail/minijail.hash
 create mode 100644 package/minijail/minijail.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 55f37dfe62..3631021077 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1515,6 +1515,7 @@ F:	support/testing/tests/package/test_zfs.py
 N:	José Pekkarinen <jose.pekkarinen at unikie.com>
 F:	package/alfred/
 F:	package/bmx7/
+F:	package/minijail/
 F:	package/python-aexpect/
 F:	package/softhsm2/
 F:	support/testing/tests/package/sample_python_aexpect.py
diff --git a/package/Config.in b/package/Config.in
index a1924f96df..3b11b003fb 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2556,6 +2556,7 @@ menu "System tools"
 	source "package/mender/Config.in"
 	source "package/mender-grubenv/Config.in"
 	source "package/mfoc/Config.in"
+	source "package/minijail/Config.in"
 	source "package/moby-buildkit/Config.in"
 	source "package/monit/Config.in"
 	source "package/multipath-tools/Config.in"
diff --git a/package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch b/package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch
new file mode 100644
index 0000000000..ff85995114
--- /dev/null
+++ b/package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch
@@ -0,0 +1,35 @@
+From 8a6d5a1c48b85fb49f0d68ec31ecc51fd22e7201 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Pekkarinen?= <jose.pekkarinen at unikie.com>
+Date: Wed, 12 Jan 2022 17:09:27 +0200
+Subject: [PATCH] Substitute static_assert with _Static_assert
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Substitute static_assert with _Static_assert
+
+static_assert behaves differently for uclibc
+toolchains. Substituting it with the standard
+_Static_assert builds on all toolchains tested.
+
+Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
+---
+ libminijail.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libminijail.c b/libminijail.c
+index b935dfd..b154f1c 100644
+--- a/libminijail.c
++++ b/libminijail.c
+@@ -2620,7 +2620,7 @@ static int fd_is_open(int fd)
+ 	return fcntl(fd, F_GETFD) != -1 || errno != EBADF;
+ }
+ 
+-static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
++_Static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
+ 	      "If true, ensure_no_fd_conflict will always find an unused fd.");
+ 
+ /* If parent_fd will be used by a child fd, move it to an unused fd. */
+-- 
+2.25.1
+
diff --git a/package/minijail/Config.in b/package/minijail/Config.in
new file mode 100644
index 0000000000..24d307ed54
--- /dev/null
+++ b/package/minijail/Config.in
@@ -0,0 +1,12 @@
+config BR2_PACKAGE_MINIJAIL
+	bool "minijail"
+	depends on !BR2_STATIC_LIBS # dlopen()
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC
+	select BR2_PACKAGE_LIBCAP
+	help
+	  Minijail is a sandboxing tool maintained by google.
+
+	  https://google.github.io/minijail/
+
+comment "minijail needs a glibc or musl toolchain with dynamic library support"
+	depends on BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_UCLIBC
diff --git a/package/minijail/minijail.hash b/package/minijail/minijail.hash
new file mode 100644
index 0000000000..d9f497a86c
--- /dev/null
+++ b/package/minijail/minijail.hash
@@ -0,0 +1,5 @@
+# Locally computed from https://github.com/google/minijail/releases/
+sha256  1ee5a5916491a32c121c7422b4d8c16481c0396a3acab34bf1c44589dcf810ae  linux-v17.tar.gz
+
+# Locally computed
+sha256  c6f439c5cf07263f71f01d29b79c79172ee529088e51ab434b22baad0988fe57  LICENSE
diff --git a/package/minijail/minijail.mk b/package/minijail/minijail.mk
new file mode 100644
index 0000000000..78898865fb
--- /dev/null
+++ b/package/minijail/minijail.mk
@@ -0,0 +1,28 @@
+################################################################################
+#
+# minijail
+#
+################################################################################
+
+MINIJAIL_VERSION = linux-v17
+MINIJAIL_SOURCE = $(MINIJAIL_VERSION).tar.gz
+MINIJAIL_SITE = "https://github.com/google/minijail/archive/refs/tags"
+MINIJAIL_LICENSE = BSD-Style
+MINIJAIL_LICENSE_FILES = LICENSE
+MINIJAIL_DEPENDENCIES=libcap
+
+define MINIJAIL_BUILD_CMDS
+	cd $(@D); \
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/$(d) CC="$(TARGET_CC)"
+endef
+
+define MINIJAIL_INSTALL_TARGET_CMDS
+	$(INSTALL) -m 0755 -D $(@D)/minijail0 \
+		$(TARGET_DIR)/usr/bin/minijail0
+	$(INSTALL) -m 0755 -D $(@D)/libminijailpreload.so \
+		$(TARGET_DIR)/lib/libminijailpreload.so
+	$(INSTALL) -m 0755 -D $(@D)/libminijail.so \
+		$(TARGET_DIR)/lib/libminijail.so
+endef
+
+$(eval $(generic-package))
-- 
2.25.1

More information about the buildroot mailing list