[Buildroot] [PATCH] package/minijail: new package
José Pekkarinen
jose.pekkarinen at unikie.com
Thu Jan 13 10:05:06 UTC 2022
This patch adds package minijail
Minijail depends in a toolchain different from
uclibc thanks to it's lack of support for prlimits.
Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
---
[ v1 -> v2 ]
- Fixed hash file
- Fixed static assert patch
- Depend in toolchain distinct of uclibc
- Remove redundant host libpcap dependency
- Remove redundant parenthesis on MINIJAIL_BUILD_CMDS
DEVELOPERS | 1 +
package/Config.in | 1 +
...te-static_assert-with-_Static_assert.patch | 35 +++++++++++++++++++
package/minijail/Config.in | 12 +++++++
package/minijail/minijail.hash | 5 +++
package/minijail/minijail.mk | 28 +++++++++++++++
6 files changed, 82 insertions(+)
create mode 100644 package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch
create mode 100644 package/minijail/Config.in
create mode 100644 package/minijail/minijail.hash
create mode 100644 package/minijail/minijail.mk
diff --git a/DEVELOPERS b/DEVELOPERS
index 55f37dfe62..3631021077 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1515,6 +1515,7 @@ F: support/testing/tests/package/test_zfs.py
N: José Pekkarinen <jose.pekkarinen at unikie.com>
F: package/alfred/
F: package/bmx7/
+F: package/minijail/
F: package/python-aexpect/
F: package/softhsm2/
F: support/testing/tests/package/sample_python_aexpect.py
diff --git a/package/Config.in b/package/Config.in
index a1924f96df..3b11b003fb 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2556,6 +2556,7 @@ menu "System tools"
source "package/mender/Config.in"
source "package/mender-grubenv/Config.in"
source "package/mfoc/Config.in"
+ source "package/minijail/Config.in"
source "package/moby-buildkit/Config.in"
source "package/monit/Config.in"
source "package/multipath-tools/Config.in"
diff --git a/package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch b/package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch
new file mode 100644
index 0000000000..ff85995114
--- /dev/null
+++ b/package/minijail/0001-Substitute-static_assert-with-_Static_assert.patch
@@ -0,0 +1,35 @@
+From 8a6d5a1c48b85fb49f0d68ec31ecc51fd22e7201 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Pekkarinen?= <jose.pekkarinen at unikie.com>
+Date: Wed, 12 Jan 2022 17:09:27 +0200
+Subject: [PATCH] Substitute static_assert with _Static_assert
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Substitute static_assert with _Static_assert
+
+static_assert behaves differently for uclibc
+toolchains. Substituting it with the standard
+_Static_assert builds on all toolchains tested.
+
+Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
+---
+ libminijail.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libminijail.c b/libminijail.c
+index b935dfd..b154f1c 100644
+--- a/libminijail.c
++++ b/libminijail.c
+@@ -2620,7 +2620,7 @@ static int fd_is_open(int fd)
+ return fcntl(fd, F_GETFD) != -1 || errno != EBADF;
+ }
+
+-static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
++_Static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
+ "If true, ensure_no_fd_conflict will always find an unused fd.");
+
+ /* If parent_fd will be used by a child fd, move it to an unused fd. */
+--
+2.25.1
+
diff --git a/package/minijail/Config.in b/package/minijail/Config.in
new file mode 100644
index 0000000000..24d307ed54
--- /dev/null
+++ b/package/minijail/Config.in
@@ -0,0 +1,12 @@
+config BR2_PACKAGE_MINIJAIL
+ bool "minijail"
+ depends on !BR2_STATIC_LIBS # dlopen()
+ depends on !BR2_TOOLCHAIN_USES_UCLIBC
+ select BR2_PACKAGE_LIBCAP
+ help
+ Minijail is a sandboxing tool maintained by google.
+
+ https://google.github.io/minijail/
+
+comment "minijail needs a glibc or musl toolchain with dynamic library support"
+ depends on BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_UCLIBC
diff --git a/package/minijail/minijail.hash b/package/minijail/minijail.hash
new file mode 100644
index 0000000000..d9f497a86c
--- /dev/null
+++ b/package/minijail/minijail.hash
@@ -0,0 +1,5 @@
+# Locally computed from https://github.com/google/minijail/releases/
+sha256 1ee5a5916491a32c121c7422b4d8c16481c0396a3acab34bf1c44589dcf810ae linux-v17.tar.gz
+
+# Locally computed
+sha256 c6f439c5cf07263f71f01d29b79c79172ee529088e51ab434b22baad0988fe57 LICENSE
diff --git a/package/minijail/minijail.mk b/package/minijail/minijail.mk
new file mode 100644
index 0000000000..78898865fb
--- /dev/null
+++ b/package/minijail/minijail.mk
@@ -0,0 +1,28 @@
+################################################################################
+#
+# minijail
+#
+################################################################################
+
+MINIJAIL_VERSION = linux-v17
+MINIJAIL_SOURCE = $(MINIJAIL_VERSION).tar.gz
+MINIJAIL_SITE = "https://github.com/google/minijail/archive/refs/tags"
+MINIJAIL_LICENSE = BSD-Style
+MINIJAIL_LICENSE_FILES = LICENSE
+MINIJAIL_DEPENDENCIES=libcap
+
+define MINIJAIL_BUILD_CMDS
+ cd $(@D); \
+ $(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/$(d) CC="$(TARGET_CC)"
+endef
+
+define MINIJAIL_INSTALL_TARGET_CMDS
+ $(INSTALL) -m 0755 -D $(@D)/minijail0 \
+ $(TARGET_DIR)/usr/bin/minijail0
+ $(INSTALL) -m 0755 -D $(@D)/libminijailpreload.so \
+ $(TARGET_DIR)/lib/libminijailpreload.so
+ $(INSTALL) -m 0755 -D $(@D)/libminijail.so \
+ $(TARGET_DIR)/lib/libminijail.so
+endef
+
+$(eval $(generic-package))
--
2.25.1
More information about the buildroot
mailing list