mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README
commit 68bf0e0ab1be977c3d2e5c321d24290b6f1dc560
parent 1c0b272573f3f2c6bae16181820fcffd4dbdd9fe
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Wed, 26 Nov 2025 05:15:03 +0000

prototype sandbox bootstrap

Diffstat:

Mcommitlist.sha1 | 1-


Mfilelist.sha256 | 2++


Afiles/abspaths.awk | 92+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Afiles/sandbox-rootns.in | 24++++++++++++++++++++++++


Mtemplates/package_sets | 5+++--


Mtemplates/pkg/lnstools:bootstrap | 3+++


Atemplates/pkg/pthbs-sandbox-rootns | 43+++++++++++++++++++++++++++++++++++++++++++


Rtemplates/pkg/sandbox_root -> templates/pkg/sandbox_rootfs | 0


Rtemplates/pkg/pthbs_sandbox_ns.environment -> templates/pkg/sandbox_rootns.environment | 0


Mvariants/ccx-x86_64/lnstools:bootstrap | 3+++


Avariants/ccx-x86_64/pthbs-sandbox-rootns | 46++++++++++++++++++++++++++++++++++++++++++++++


Dvariants/ccx-x86_64/pthbs_sandbox_ns.environment | 4----


Rvariants/ccx-x86_64/sandbox_root -> variants/ccx-x86_64/sandbox_rootfs | 0


Avariants/ccx-x86_64/sandbox_rootns.environment | 5+++++


Mvariants/root-x86_64/lnstools:bootstrap | 3+++


Avariants/root-x86_64/pthbs-sandbox-rootns | 46++++++++++++++++++++++++++++++++++++++++++++++


Dvariants/root-x86_64/pthbs_sandbox_ns.environment | 4----


Rvariants/root-x86_64/sandbox_root -> variants/root-x86_64/sandbox_rootfs | 0


Avariants/root-x86_64/sandbox_rootns.environment | 5+++++


19 files changed, 275 insertions(+), 11 deletions(-)

diff --git a/commitlist.sha1 b/commitlist.sha1
@@ -1773,7 +1773,6 @@ b80c36da9d70158f9a38cfb9af9bb58a323a5796  sources/libelf
 cf90fc56dcb91d473a08582239bfdf941ef1e10b  sources/libelf
 e12821ffb205f41fa8319ad109762a06e121c141  sources/libelf
 fd2af33bd4b64be5221116f85dcf4cd220eb9a1c  sources/libelf
-0253d2bcae9a5fe32fe14ae79a8b0f18ce5fe066  sources/lnstools
 7fbfb934cdaa187a063a4df41498c06c46d4a6a9  sources/lnstools
 409db79b3e7e5fc6b73305471d9bbb6ac5c14036  sources/logincaps
 41039418205b48bda59372fb7c49453852853e8a  sources/logincaps
diff --git a/filelist.sha256 b/filelist.sha256
@@ -1,3 +1,4 @@
+b85634a91129f85a5aad5cae51d4084dd7ce62544b5585f0899058576c16451f  files/abspaths.awk
 9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4  files/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
 ebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9  files/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
 1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b  files/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
@@ -53,6 +54,7 @@ ff3ddd131d73fee6838b11a6c4773bdb85c5f60fdd4b9ac4120ced021c341417  files/noobjtoo
 2a782825cd870e1fdf77a579c80701c0530bc6d8fa94100cab24bf31f0f457d3  files/s6_clone_newpid.patch
 c7d3e7ef077d7673567d2f0c34ba2ebd689dab1250286ab482a3064c73ff7d7c  files/s6_clone_newpid.patch.old
 64488d8562a4e98a3b299f095bb2550cff6a3d743dc2b9c5aaeea03e5b83ec33  files/s6_ftrigr_max.patch
+df0c24312e4941b1035a6292504fbf569f0f8b81b083835d7df84586decef25c  files/sandbox-rootns.in
 37d93db7135d47852dbe763f1b18b3aeab142431a6f5268a17fc700387a326e4  files/strace-6.5-static.patch
 07c3c30dab68c905d5608124e729592a30b2c087f24e7b76940f5321786128b1  files/update-links
 664430d033e0b491a5ed90cb39cb17cddb57ac0be9f3f2bf014264f3c17d55df  files/user-env
diff --git a/files/abspaths.awk b/files/abspaths.awk
@@ -0,0 +1,92 @@
+#!/bin/awk -f
+
+function die(msg) {
+	print msg >>"/dev/stderr"
+	exit 1
+}
+
+function s(re, t, str) {
+	gsub(re, t, str)
+	return str
+}
+
+function set_prog(i,    m, name, path) {
+	if(ARGV[i] == "no_paths") {
+		no_paths = 1
+		return
+	}
+	m = match(ARGV[i], "=")
+	if(!m) {
+		die("invalid argument: #"i" '"arg"'")
+	}
+	name = substr(ARGV[i], 1, m-1)
+	path = substr(ARGV[i], m+1)
+	paths[name] = path
+	# print "paths[\""name"\"] = \""path"\"" >>"/dev/stderr"
+}
+
+function get(arg,    m, fmt, exe, exe_path) {
+	# print "get(\""arg"\")" >>"/dev/stderr"
+	m = match(arg, ":")
+	if(!m) {
+		die("invalid token in " FILENAME ":" FNR)
+	}
+	fmt = substr(arg, 1, m-1)
+	exe = substr(arg, m+1)
+	# print "exe=\""exe"\" -> \"" paths[exe] "\" " (exe in paths) >>"/dev/stderr"
+	if(!(exe in paths)) {
+		die("program '"exe"' wasn't specified, used by " FILENAME ":" FNR)
+	}
+	exe_path = paths[exe]
+	# print "length(\"" exe_path "\") = " length(exe_path) >>"/dev/stderr"
+	if(no_paths && fmt != "shebang") {
+		exe_path = s(".*/", "", length(exe_path) ? exe_path : exe)
+	}
+	if(!length(exe_path)) {
+		die("program '"exe"' wasn't found, used by " FILENAME ":" FNR)
+	}
+	if(fmt == "shebang") {
+		return exe_path
+	} else if(fmt == "shquote") {
+		if(exe_path !~ "[^-+,_./:@0-9A-Za-z]") {
+			return exe_path
+		}
+		return "'" s("'", "'\\''", exe_path) "'"
+	} else if(fmt == "elquote") {
+		if(exe_path !~ "[^][!%&'()*+,_./:;<=>?@^|0-9A-Za-z-]") {
+			return exe_path
+		}
+		return "\"" s("\"", "\\\"", s("\\", "\\\\", exe_path)) "\""
+	} else {
+		die("unknown format '"exe"', used by " FILENAME ":" FNR)
+	}
+}
+
+function parse_line(line,    m, pre, tok) {
+	while(length(line)) {
+		m = match(line, /[ -~]*/)
+		if(!m) { break }
+		pre = substr(line, 1, m-1)
+		tok = substr(line, m+1, RLENGTH-2)
+		line = substr(line, m+RLENGTH)
+		printf("%s%s", pre, get(tok))
+	}
+	print line
+}
+
+BEGIN {
+	for(i=2; i<ARGC; i++) {
+		set_prog(i)
+		# ARGV[i] = ""
+	}
+	ARGC = 2
+}
+
+{ parse_line($0) }
+
+# BEGIN {
+# 	print "--- begin ---"
+# }
+# END {
+# 	print "--- end ---"
+# }
diff --git a/files/sandbox-rootns.in b/files/sandbox-rootns.in
@@ -0,0 +1,24 @@
+#!shebang:execlineb -S0
+elquote:multisubstitute {
+	define pthbs_source /home/ccx/git/mrrl/pthbs
+	define pthbs_cache /home/ccx/git/mrrl/cache
+	importas -iuS sandbox_pthbs_versions
+	importas -iuS sandbox_pthbs_workdir
+	importas -iuS sandbox_pthbs_pkgdir
+	importas -iuS sandbox_workdir
+	importas -iuS sandbox_envdir
+}
+elquote:if {
+	elquote:mkdir -p ${sandbox_workdir}/.tmp ${sandbox_pthbs_workdir}/root
+}
+${pthbs_cache}/venv/bin/python ${pthbs_source}/sandbox/ns_sandbox.py
+--mode=root
+--untar=elquote:root.tar
+--chdir=${sandbox_workdir}
+--versions=${sandbox_pthbs_versions}
+--extra-mount=tmpfs:${sandbox_pthbs_workdir}
+--extra-mount=ro_bind:${sandbox_pthbs_pkgdir}:${sandbox_pthbs_pkgdir}
+--extra-mount=rw_bind:${sandbox_workdir}:${sandbox_workdir}
+--extra-mount=rw_bind:${sandbox_workdir}/.tmp:/tmp
+-- ${sandbox_pthbs_workdir}/root
+$@
diff --git a/templates/package_sets b/templates/package_sets
@@ -106,9 +106,10 @@
 #+{{pkg_install_name("busybox:modutils")}}
 {%- endmacro %}
 
-{% macro pthbs_sandbox_ns_environment() -%}
+{% macro sandbox_rootns_environment() -%}
 #+{{pkg_install_name("lnstools:bootstrap")}}
-#+{{pkg_install_name("sandbox_root")}}
+#+{{pkg_install_name("sandbox_rootfs")}}
+#+{{pkg_install_name("pthbs-sandbox-rootns")}}
 {%- endmacro %}
 
 {% macro bootstrap_environment() -%}
diff --git a/templates/pkg/lnstools:bootstrap b/templates/pkg/lnstools:bootstrap
@@ -11,7 +11,10 @@
 {% endblock package_deps -%}
 {% block configure -%}
 export CC="$pthbs_build_environment/command/{{triplet}}-gcc"
+export CPATH="$pthbs_build_environment/include"
+export LIBRARY_PATH="$pthbs_build_environment/library"
 sh ./configure "--prefix=$prefix" --enable-absolute-paths
+
 {% endblock configure -%}
 {% block genlinks_begin %}
 	x["./command/lns-lockdown"]=1
diff --git a/templates/pkg/pthbs-sandbox-rootns b/templates/pkg/pthbs-sandbox-rootns
@@ -0,0 +1,43 @@
+{%- set src_dir="." -%}
+{% extends "generic" %}
+{%- block template_deps %}{% endblock %}
+{% block package_deps -%}
+#@pragma:nosandbox
+#+{{pkg_install_name("busybox:bootstrap")}}
+#+{{pkg_install_name("execline:bootstrap")}}
+#+{{pkg_install_name("lnstools:bootstrap")}}
+#+{{pkg_install_name("sandbox_rootfs")}}
+#@sha256:{{ files["abspaths.awk"] }}:abspaths.awk
+#@sha256:{{ files["sandbox-rootns.in"] }}:sandbox-rootns.in
+{%- endblock package_deps -%}
+{% block build_and_install -%}
+# busybox
+prog_mkdir=$(which mkdir)
+
+# execline
+prog_multisubstitute=$(which multisubstitute)
+prog_if=$(which if)
+
+# lnstools
+prog_lns_lockdown=$(which lns-lockdown)
+prog_lns_envuidgid=$(which lns-envuidgid)
+prog_lns_applyuidgid=$(which lns-applyuidgid)
+prog_lns_pidns=$(which lns-pidns)
+
+rootfs="$pthbs_build_environment/pthbs/sandbox/root.tar"
+
+awk -f ./abspaths.awk ./sandbox-rootns.in >./sanbox-rootns \
+	root.tar="$rootfs"
+
+install -d "$dest/pthbs/sandbox"
+install -t "$dest/pthbs/sandbox" ./sandbox-rootns
+
+{% endblock build_and_install %}
+{%- block finish -%}
+{{ super() -}}
+cd "$dest"
+ls -lh ./pthbs/sandbox/sandbox-rootns
+printf '%s\t%s\n' >.install-links.new ./pthbs/sandbox/sandbox-rootns ./pthbs/sandbox/sandbox-rootns
+mv .install-links.new .install-links
+
+{% endblock finish %}
diff --git a/templates/pkg/sandbox_root b/templates/pkg/sandbox_rootfs
diff --git a/templates/pkg/pthbs_sandbox_ns.environment b/templates/pkg/sandbox_rootns.environment
diff --git a/variants/ccx-x86_64/lnstools:bootstrap b/variants/ccx-x86_64/lnstools:bootstrap
@@ -15,8 +15,11 @@ dest=${pthbs_destdir%/}${prefix}
 cd 'lnstools'
 
 export CC="$pthbs_build_environment/command/x86_64-linux-musl-gcc"
+export CPATH="$pthbs_build_environment/include"
+export LIBRARY_PATH="$pthbs_build_environment/library"
 sh ./configure "--prefix=$prefix" --enable-absolute-paths
 
+
 make -j${JOBS:-1} -l$((1+${JOBS:-1}))
 
 make DESTDIR="$pthbs_destdir" install
diff --git a/variants/ccx-x86_64/pthbs-sandbox-rootns b/variants/ccx-x86_64/pthbs-sandbox-rootns
@@ -0,0 +1,46 @@
+#!/usr/bin/env pthbs-build
+#@pragma:nosandbox
+#+busybox.a0af8a5860e7fa278d39404f06a382633b7e2122d85c16bb2e22b1804cdd1654
+#+execline.d0beb2314484ba9847cafda7dfe3f44f4c43f0c375fcbfb3331ef05e5b8752e5
+#+lnstools.1ac76ce123ec40e19c22500c0cd7d0f5ead7a51a938e86bd2b572d33ce1eea59
+#+sandbox_rootfs.168f1712671189ed454639d31e217e5b652dc98f08de317589ede91bc223931f
+#@sha256:b85634a91129f85a5aad5cae51d4084dd7ce62544b5585f0899058576c16451f:abspaths.awk
+#@sha256:df0c24312e4941b1035a6292504fbf569f0f8b81b083835d7df84586decef25c:sandbox-rootns.in
+
+# - build script start -
+
+prefix=/home/ccx/versions/$pthbs_package
+dest=${pthbs_destdir%/}${prefix}
+cd '.'
+
+
+# busybox
+prog_mkdir=$(which mkdir)
+
+# execline
+prog_multisubstitute=$(which multisubstitute)
+prog_if=$(which if)
+
+# lnstools
+prog_lns_lockdown=$(which lns-lockdown)
+prog_lns_envuidgid=$(which lns-envuidgid)
+prog_lns_applyuidgid=$(which lns-applyuidgid)
+prog_lns_pidns=$(which lns-pidns)
+
+rootfs="$pthbs_build_environment/pthbs/sandbox/root.tar"
+
+awk -f ./abspaths.awk ./sandbox-rootns.in >./sanbox-rootns \
+	root.tar="$rootfs"
+
+install -d "$dest/pthbs/sandbox"
+install -t "$dest/pthbs/sandbox" ./sandbox-rootns
+
+
+
+
+cd "$dest"
+ls -lh ./pthbs/sandbox/sandbox-rootns
+printf '%s\t%s\n' >.install-links.new ./pthbs/sandbox/sandbox-rootns ./pthbs/sandbox/sandbox-rootns
+mv .install-links.new .install-links
+
+
diff --git a/variants/ccx-x86_64/pthbs_sandbox_ns.environment b/variants/ccx-x86_64/pthbs_sandbox_ns.environment
@@ -1,3 +0,0 @@
-#!/usr/bin/env pthbs-build
-#+lnstools.d0eb53de0351a3fa74683aa2cdccbdcf88088607240b25fb9805714a045a39d0
-#+sandbox_root.168f1712671189ed454639d31e217e5b652dc98f08de317589ede91bc223931f-
\ No newline at end of file
diff --git a/variants/ccx-x86_64/sandbox_root b/variants/ccx-x86_64/sandbox_rootfs
diff --git a/variants/ccx-x86_64/sandbox_rootns.environment b/variants/ccx-x86_64/sandbox_rootns.environment
@@ -0,0 +1,4 @@
+#!/usr/bin/env pthbs-build
+#+lnstools.1ac76ce123ec40e19c22500c0cd7d0f5ead7a51a938e86bd2b572d33ce1eea59
+#+sandbox_rootfs.168f1712671189ed454639d31e217e5b652dc98f08de317589ede91bc223931f
+#+pthbs-sandbox-rootns.d4e7fdcdf0c9b313288ed67d8a88c2d47d1433fd898bb56f1a0aa5d4827691c6+
\ No newline at end of file
diff --git a/variants/root-x86_64/lnstools:bootstrap b/variants/root-x86_64/lnstools:bootstrap
@@ -15,8 +15,11 @@ dest=${pthbs_destdir%/}${prefix}
 cd 'lnstools'
 
 export CC="$pthbs_build_environment/command/x86_64-linux-musl-gcc"
+export CPATH="$pthbs_build_environment/include"
+export LIBRARY_PATH="$pthbs_build_environment/library"
 sh ./configure "--prefix=$prefix" --enable-absolute-paths
 
+
 make -j${JOBS:-1} -l$((1+${JOBS:-1}))
 
 make DESTDIR="$pthbs_destdir" install
diff --git a/variants/root-x86_64/pthbs-sandbox-rootns b/variants/root-x86_64/pthbs-sandbox-rootns
@@ -0,0 +1,46 @@
+#!/usr/bin/env pthbs-build
+#@pragma:nosandbox
+#+busybox.73a23c9ea571875b0e9e166a6974b6b314b540c8c247783d9cf96e10a59fcd73
+#+execline.af0c8cfaacb871066cf86080e71ee5f804e2e9d8fa2369bac3f889100824c741
+#+lnstools.1df54404532327089c08504f1d5a31d2a6013d1f110750e4a0a1a7911f56b815
+#+sandbox_rootfs.4df3e4c199ff9c6155d879ee3b03732db266035354c1fa17f7bd63b94dfa4f32
+#@sha256:b85634a91129f85a5aad5cae51d4084dd7ce62544b5585f0899058576c16451f:abspaths.awk
+#@sha256:df0c24312e4941b1035a6292504fbf569f0f8b81b083835d7df84586decef25c:sandbox-rootns.in
+
+# - build script start -
+
+prefix=/versions/$pthbs_package
+dest=${pthbs_destdir%/}${prefix}
+cd '.'
+
+
+# busybox
+prog_mkdir=$(which mkdir)
+
+# execline
+prog_multisubstitute=$(which multisubstitute)
+prog_if=$(which if)
+
+# lnstools
+prog_lns_lockdown=$(which lns-lockdown)
+prog_lns_envuidgid=$(which lns-envuidgid)
+prog_lns_applyuidgid=$(which lns-applyuidgid)
+prog_lns_pidns=$(which lns-pidns)
+
+rootfs="$pthbs_build_environment/pthbs/sandbox/root.tar"
+
+awk -f ./abspaths.awk ./sandbox-rootns.in >./sanbox-rootns \
+	root.tar="$rootfs"
+
+install -d "$dest/pthbs/sandbox"
+install -t "$dest/pthbs/sandbox" ./sandbox-rootns
+
+
+
+
+cd "$dest"
+ls -lh ./pthbs/sandbox/sandbox-rootns
+printf '%s\t%s\n' >.install-links.new ./pthbs/sandbox/sandbox-rootns ./pthbs/sandbox/sandbox-rootns
+mv .install-links.new .install-links
+
+
diff --git a/variants/root-x86_64/pthbs_sandbox_ns.environment b/variants/root-x86_64/pthbs_sandbox_ns.environment
@@ -1,3 +0,0 @@
-#!/usr/bin/env pthbs-build
-#+lnstools.bb06370926edc327eaa3ef1bdd56389b011ebf9ae6c9167dffc79a21f30e6c3a
-#+sandbox_root.4df3e4c199ff9c6155d879ee3b03732db266035354c1fa17f7bd63b94dfa4f32-
\ No newline at end of file
diff --git a/variants/root-x86_64/sandbox_root b/variants/root-x86_64/sandbox_rootfs
diff --git a/variants/root-x86_64/sandbox_rootns.environment b/variants/root-x86_64/sandbox_rootns.environment
@@ -0,0 +1,4 @@
+#!/usr/bin/env pthbs-build
+#+lnstools.1df54404532327089c08504f1d5a31d2a6013d1f110750e4a0a1a7911f56b815
+#+sandbox_rootfs.4df3e4c199ff9c6155d879ee3b03732db266035354c1fa17f7bd63b94dfa4f32
+#+pthbs-sandbox-rootns.4c5f05891a6ebdc93c02db1c51fa8c726f57b6451052db0d99ee3e6280daaa9f+
\ No newline at end of file