diff --git a/srcpkgs/buildah/patches/ostree_remove_selinux.patch b/srcpkgs/buildah/patches/ostree_remove_selinux.patch new file mode 100644 index 00000000000..39dd44e8961 --- /dev/null +++ b/srcpkgs/buildah/patches/ostree_remove_selinux.patch @@ -0,0 +1,142 @@ +--- vendor/github.com/containers/image/ostree/ostree_dest.go 2018-05-20 11:56:16.000000000 +0300 ++++ vendor/github.com/containers/image/ostree/ostree_dest.go 2018-05-23 22:26:34.159967970 +0300 +@@ -15,31 +15,25 @@ + "os/exec" + "path/filepath" + "strconv" +- "strings" +- "syscall" + "time" +- "unsafe" + + "github.com/containers/image/manifest" + "github.com/containers/image/types" + "github.com/containers/storage/pkg/archive" + "github.com/opencontainers/go-digest" +- selinux "github.com/opencontainers/selinux/go-selinux" + "github.com/ostreedev/ostree-go/pkg/otbuiltin" + "github.com/pkg/errors" + "github.com/vbatts/tar-split/tar/asm" + "github.com/vbatts/tar-split/tar/storage" + ) + +-// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux ++// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 + // #include + // #include + // #include + // #include + // #include + // #include +-// #include +-// #include + import "C" + + type blobToImport struct { +@@ -158,7 +152,7 @@ + return types.BlobInfo{Digest: computedDigest, Size: size}, nil + } + +-func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, usermode bool) error { ++func fixFiles(dir string, usermode bool) error { + entries, err := ioutil.ReadDir(dir) + if err != nil { + return err +@@ -173,42 +167,13 @@ + continue + } + +- if selinuxHnd != nil { +- relPath, err := filepath.Rel(root, fullpath) +- if err != nil { +- return err +- } +- // Handle /exports/hostfs as a special case. Files under this directory are copied to the host, +- // thus we benefit from maintaining the same SELinux label they would have on the host as we could +- // use hard links instead of copying the files. +- relPath = fmt.Sprintf("/%s", strings.TrimPrefix(relPath, "exports/hostfs/")) +- +- relPathC := C.CString(relPath) +- defer C.free(unsafe.Pointer(relPathC)) +- var context *C.char +- +- res, err := C.selabel_lookup_raw(selinuxHnd, &context, relPathC, C.int(info.Mode()&os.ModePerm)) +- if int(res) < 0 && err != syscall.ENOENT { +- return errors.Wrapf(err, "cannot selabel_lookup_raw %s", relPath) +- } +- if int(res) == 0 { +- defer C.freecon(context) +- fullpathC := C.CString(fullpath) +- defer C.free(unsafe.Pointer(fullpathC)) +- res, err = C.lsetfilecon_raw(fullpathC, context) +- if int(res) < 0 { +- return errors.Wrapf(err, "cannot setfilecon_raw %s", fullpath) +- } +- } +- } +- + if info.IsDir() { + if usermode { + if err := os.Chmod(fullpath, info.Mode()|0700); err != nil { + return err + } + } +- err = fixFiles(selinuxHnd, root, fullpath, usermode) ++ err = fixFiles(fullpath, usermode) + if err != nil { + return err + } +@@ -264,7 +229,7 @@ + return digester.Digest(), written, nil + } + +-func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error { ++func (d *ostreeImageDestination) importBlob(repo *otbuiltin.Repo, blob *blobToImport) error { + // TODO: This can take quite some time, and should ideally be cancellable using a context.Context. + + ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex()) +@@ -287,7 +252,7 @@ + if err := archive.UntarPath(blob.BlobPath, destinationPath); err != nil { + return err + } +- if err := fixFiles(selinuxHnd, destinationPath, destinationPath, false); err != nil { ++ if err := fixFiles(destinationPath, false); err != nil { + return err + } + } else { +@@ -296,7 +261,7 @@ + return err + } + +- if err := fixFiles(selinuxHnd, destinationPath, destinationPath, true); err != nil { ++ if err := fixFiles(destinationPath, true); err != nil { + return err + } + } +@@ -404,17 +369,6 @@ + return err + } + +- var selinuxHnd *C.struct_selabel_handle +- +- if os.Getuid() == 0 && selinux.GetEnabled() { +- selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0) +- if selinuxHnd == nil { +- return errors.Wrapf(err, "cannot open the SELinux DB") +- } +- +- defer C.selabel_close(selinuxHnd) +- } +- + checkLayer := func(hash string) error { + blob := d.blobs[hash] + // if the blob is not present in d.blobs then it is already stored in OSTree, +@@ -422,7 +376,7 @@ + if blob == nil { + return nil + } +- err := d.importBlob(selinuxHnd, repo, blob) ++ err := d.importBlob(repo, blob) + if err != nil { + return err + } diff --git a/srcpkgs/buildah/template b/srcpkgs/buildah/template new file mode 100644 index 00000000000..481c75e8455 --- /dev/null +++ b/srcpkgs/buildah/template @@ -0,0 +1,34 @@ +# Template file for 'buildah' +pkgname=buildah +version=1.5 +revision=1 +build_style=go +go_import_path="github.com/containers/buildah" +go_package="${go_import_path}/cmd/buildah" +hostmakedepends="pkg-config go-md2man" +makedepends="libostree-devel libbtrfs-devel device-mapper-devel gpgme-devel + libassuan-devel libseccomp-devel" +depends="runc skopeo" +short_desc="A tool that facilitates building OCI images" +maintainer="Cameron Nemo " +license="Apache-2.0" +homepage="https://github.com/containers/buildah" +distfiles="${homepage}/archive/v${version}.tar.gz" +checksum=7da4226c0e1d4d6a925bb0d1ee565530c560e955a479ba26f8d4fe87c8004f51 + +case "$XBPS_TARGET_ARCH" in + *-musl) broken="/lib/libmount.so.1: undefined reference to getrandom" ;; +esac + +post_build() { + make -C docs +} + +post_install() { + vinstall contrib/completions/bash/buildah 644 /usr/share/bash-completion/completions + vinstall tests/registries.conf 644 /etc/containers + for _i in docs/*.1; do + vman $_i + done + vlicense LICENSE +}