mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

container-bin-image (2368B)

      1 #!/usr/bin/env pthbs-build
      2 #+busybox.539513a18a06a21e4660004fea30f3658959c5c7f54488b66b5fee7120b0c27c
      3 #+busybox-diffutils.b820ef7a40bea977a2bf740425ae15b2d9a21097bcf3a2f5ec77c21782b9deb8
      4 #+busybox-login.2617cecf78203fa460783d8f1e5e98489d8fa429b88f719e9974df4fe38833dd
      5 #+execline.bbdee27ba351e082ed15132d873419815cb0bc19523a36af84571eab05c0e836
      6 #+s6.f8253c2abb58178ecb00dce8c7ddf1f2a9442f92cc684a89bac43678e8b032ef
      7 #+ccx-utils.895907fc5aa97534dfb9e6231e3b9f5f4404a5aadacda0b2911f01453ada0035
      8 #+applyuidgid-caps.609c9e659531b4d16585be07d16508576c81e091617aeb2d8f0f08edb9ee6a71
      9 #+easyseccomp.177082c9471a5c372d2e981eba9c3f07757287a076ebc06fc85f71944a6a9a7d
     10 #+mlog.154ac4db8c95c0affea4172e4d72078e695e9cb453617fd1a22c94f22b68861f
     11 #+abduco.60e1ab61f3416f31557b84218a8d97bad13b3289fdc595b40aaafcfc903290b7
     12 #+nawk.2a62eb4547baabf59f72cd608b89989dd042746b3b8d7380af7b64460ae0d46b
     13 #@sha256:b9236c0fd504ffbc56f65d0522d2acadcd2683380eaa6f1873e8201eaa7388a5:default-policy.easyseccomp
     14 
     15 img="$pthbs_destdir/versions/$pthbs_package/container-bin-image"
     16 mkdir -p "$img"
     17 easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
     18 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
     19 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
     20 easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
     21 easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
     22 cd "$img"
     23 
     24 # first commands without argv0 aliases
     25 for cmd in "${PATH%%:*}"/*; do
     26 	rp=$(realpath "$cmd")
     27 	base=$(basename "$rp")
     28 	if test $base = "${cmd##*/}"; then
     29 		if test -e "./$base"; then
     30 			printf "fatal: duplicate command file: '%s'\n" "$base"
     31 			exit 1
     32 		fi
     33 		cp -p "$rp" ./
     34 	fi
     35 done
     36 
     37 # now alias using symlinks
     38 for cmd in "${PATH%%:*}"/*; do
     39 	rp=$(realpath "$cmd")
     40 	base=$(basename "$rp")
     41 	if ! test $base = "${cmd##*/}"; then
     42 		if ! test -f "./$base"; then
     43 			cp -p "$rp" ./
     44 		fi
     45 		ln -s "./$base" "./${cmd##*/}"
     46 	fi
     47 done
     48 
     49 for cmd in if busybox umount chpst spawn-pty ptsname applyuidgid-caps; do
     50 	if ! test -x "./$cmd"; then
     51 		printf "fatal: expected command not found: '%s'\n" "$cmd"
     52 		exit 1
     53 	fi
     54 done
     55 ./true
     56 ./seccomp-run ./seccomp-default.bpf ./true
     57 
     58 
     59 touch "$pthbs_destdir/versions/$pthbs_package/.install-links"