package/bubblewrap: new package

Bubblewrap is a sandboxing tool based on kernel namespaces, typically used as lower-level infastructure by other end-user tools e.g. Flatpak. https://github.com/containers/bubblewrap Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> [Peter: needs mmu and !musl toolchain] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-09-20 18:31:04 +03:00 · 2019-09-20 18:31:04 +03:00 · 0f4bdc8fd1
commit 0f4bdc8fd1
parent a4d38f029f
5 changed files with 60 additions and 0 deletions
--- a/1
+++ b/1
@ -81,6 +81,7 @@ F:	package/jack1/

 N:	Adrian Perez de Castro <aperez@igalia.com>
 F:	package/brotli/
+F:	package/bubblewrap/
 F:	package/cog/
 F:	package/libepoxy/
 F:	package/libwpe/
--- a/package/Config.in
+++ b/package/Config.in
@ -2237,6 +2237,7 @@ menu "System tools"
 	source "package/atop/Config.in"
 	source "package/attr/Config.in"
 	source "package/audit/Config.in"
+	source "package/bubblewrap/Config.in"
 	source "package/cgroupfs-mount/Config.in"
 	source "package/circus/Config.in"
 	source "package/coreutils/Config.in"
--- a/package/bubblewrap/Config.in
+++ b/package/bubblewrap/Config.in
@ -0,0 +1,13 @@
+config BR2_PACKAGE_BUBBLEWRAP
+	bool "bubblewrap"
+	depends on BR2_TOOLCHAIN_USES_UCLIBC || BR2_TOOLCHAIN_USES_GLIBC # TEMP_FAILURE_RETRY
+	depends on BR2_USE_MMU # fork()
+	select BR2_PACKAGE_LIBCAP
+	help
+	  Unprivileged sandbox tool based on Linux namespaces.
+
+	  https://github.com/projectatomic/bubblewrap
+
+comment "bubblewrap needs a glibc or uclibc toolchain"
+	depends on !(BR2_TOOLCHAIN_USES_UCLIBC || BR2_TOOLCHAIN_USES_GLIBC)
+	depends on BR2_USE_MMU
--- a/package/bubblewrap/bubblewrap.hash
+++ b/package/bubblewrap/bubblewrap.hash
@ -0,0 +1,5 @@
+# Locally computed:
+sha256 c6a45f51794a908b76833b132471397a7413f07620af08e76c273d9f7b364dff bubblewrap-0.3.3.tar.xz
+
+# Hash for license files:
+sha256 b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c COPYING
--- a/package/bubblewrap/bubblewrap.mk
+++ b/package/bubblewrap/bubblewrap.mk
@ -0,0 +1,40 @@
+################################################################################
+#
+# bubblewrap
+#
+################################################################################
+
+BUBBLEWRAP_VERSION = 0.3.3
+BUBBLEWRAP_SITE = https://github.com/containers/bubblewrap/releases/download/v$(BUBBLEWRAP_VERSION)
+BUBBLEWRAP_SOURCE = bubblewrap-$(BUBBLEWRAP_VERSION).tar.xz
+BUBBLEWRAP_DEPENDENCIES = host-pkgconf libcap
+
+BUBBLEWRAP_LICENSE = LGPL-2.0+
+BUBBLEWRAP_LICENSE_FILES = COPYING
+
+BUBBLEWRAP_CONF_OPTS = \
+	--enable-require-userns=no \
+	--disable-man \
+	--disable-sudo \
+	--with-priv-mode=none
+
+ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y)
+BUBBLEWRAP_CONF_OPTS += --with-bash-completion-dir=/usr/share/bash-completion/completions
+else
+BUBBLEWRAP_CONF_OPTS += --without-bash-completion-dir
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+BUBBLEWRAP_CONF_OPTS += --enable-selinux
+BUBBLEWRAP_DEPENDENCIES += libselinux
+else
+BUBBLEWRAP_CONF_OPTS += --disable-selinux
+endif
+
+# We need to mark bwrap as setuid, in case the kernel
+# has user namespaces disabled for non-root users.
+define BUBBLEWRAP_PERMISSIONS
+	/usr/bin/bwrap f 1755 0 0 - - - - -
+endef
+
+$(eval $(autotools-package))