amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

pack: "-RR" produces PRoot-enabled relocatable binaries.

Browse source 
* gnu/packages/aux-files/run-in-namespace.c (exec_with_proot): New
function.
(main): When 'clone' fails, call 'rm_rf'.
[PROOT_PROGRAM]: When 'clone' fails, call 'exec_with_proot'.
* guix/scripts/pack.scm (wrapped-package): Add #:proot?.
[proot]: New procedure.
[build]: Compile with -DPROOT_PROGRAM when PROOT? is true.
* guix/scripts/pack.scm (%options): Set the 'relocatable?' value to
'proot when "-R" is passed several times.
(guix-pack): Pass #:proot? to 'wrapped-package'.
* tests/guix-pack-relocatable.sh: Use "-RR" on Intel systems that lack
user namespace support.
* doc/guix.texi (Invoking guix pack): Document -RR.
This commit is contained in:
Ludovic Courtès 2019-03-14 17:02:53 +01:00 committed by Ludovic Courtès
parent c9b3a72b67
commit 99aec37a78
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
4 changed files with 119 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

47
gnu/packages/aux-files/run-in-namespace.c
View file

@ -1,5 +1,5 @@
/* GNU Guix --- Functional package management for GNU
Copyright (C) 2018 Ludovic Courtès <ludo@gnu.org>
Copyright (C) 2018, 2019 Ludovic Courtès <ludo@gnu.org>
This file is part of GNU Guix.
@ -211,6 +211,46 @@ disallow_setgroups (pid_t pid)
close (fd);
}
#ifdef PROOT_PROGRAM
/* Execute the wrapped program with PRoot, passing it ARGC and ARGV, and
"bind-mounting" STORE in the right place. */
static void
exec_with_proot (const char *store, int argc, char *argv[])
{
int proot_specific_argc = 4;
int proot_argc = argc + proot_specific_argc;
char *proot_argv[proot_argc], *proot;
char bind_spec[strlen (store) + 1 + sizeof "@STORE_DIRECTORY@"];
strcpy (bind_spec, store);
strcat (bind_spec, ":");
strcat (bind_spec, "@STORE_DIRECTORY@");
proot = concat (store, PROOT_PROGRAM);
proot_argv[0] = proot;
proot_argv[1] = "-b";
proot_argv[2] = bind_spec;
proot_argv[3] = "@WRAPPED_PROGRAM@";
for (int i = 0; i < argc; i++)
proot_argv[i + proot_specific_argc] = argv[i + 1];
proot_argv[proot_argc] = NULL;
/* Seccomp support seems to invariably lead to segfaults; disable it by
default. */
setenv ("PROOT_NO_SECCOMP", "1", 0);
int err = execv (proot, proot_argv);
if (err < 0)
assert_perror (errno);
}
#endif
int
main (int argc, char *argv[])
@ -274,6 +314,10 @@ main (int argc, char *argv[])
break;
case -1:
rm_rf (new_root);
#ifdef PROOT_PROGRAM
exec_with_proot (store, argc, argv);
#else
fprintf (stderr, "%s: error: 'clone' failed: %m\n", argv[0]);
fprintf (stderr, "\
This may be because \"user namespaces\" are not supported on this system.\n\
@ -281,6 +325,7 @@ Consequently, we cannot run '@WRAPPED_PROGRAM@',\n\
unless you move it to the '@STORE_DIRECTORY@' directory.\n\
\n\
Please refer to the 'guix pack' documentation for more information.\n");
#endif
return EXIT_FAILURE;
default: