# Fixme: Does the stack need to be executable? Is mktemp actually a # problem (src/syscall/socket.c)? # proot.x86_64: W: executable-stack /usr/bin/proot # proot.x86_64: E: call-to-mktemp /usr/bin/proot # Fixme: a bunch of tests are skipped # Fixme: Get CARE going -- see test failures. %global commit 6694d34c83c2b6f2d47686bbe70e828580df9b56 %global shortcommit %(c=%{commit}; echo ${c:0:7}) Name: proot Version: 5.1.0 Release: 5.git%shortcommit%{?dist} Summary: chroot, mount --bind, and binfmt_misc without privilege/setup License: GPLv2+ URL: https://proot-me.github.io/ %if 0%{?commit:1} Source0: https://github.com/proot-me/PRoot/archive/%commit/%name-%shortcommit.tar.gz %else Source0: https://github.com/proot-me/PRoot/archive/v%version.tar.gz#/proot-%version.tar.gz %endif # Debian patches Patch1: proot-arm64.patch Patch2: proot-fix-use-of-size.patch Patch3: proot-man-syntax.patch Patch4: proot-Use-LC_ALL-instead-of-LANG.patch Patch5: proot-Add-kill-on-exit-option.patch Patch6: 0001-fix-event.c-for-seccomp-and-ptrace.patch BuildRequires: libtalloc-devel glibc-static # For tests BuildRequires: gdb which valgrind swig gcc %if 0%{?el6}%{?el7} BuildRequires: python-devel %else BuildRequires: python2-devel %endif ExclusiveArch: x86_64 %ix86 aarch64 %arm # el6 libarchive is too old # Fixme: but CARE tests are failing anyhow %if 0 %{!?el6:%global care 1} %endif %description PRoot is a user-space implementation of chroot, mount --bind, and binfmt_misc. This means that users don't need any privileges or setup to do things like using an arbitrary directory as the new root filesystem, making files accessible somewhere else in the filesystem hierarchy, or executing programs built for another CPU architecture transparently through QEMU user-mode. Also, developers can use PRoot as a generic Linux process instrumentation engine thanks to its extension mechanism, see CARE for an example. Technically PRoot relies on ptrace, an unprivileged system-call available in every Linux kernel. %if 0%{?care} %package -n care Summary: Make programs for Linux reproducible on all Linux-based systems BuildRequires: uthash-devel libarchive-devel ExclusiveArch: x86_64 %ix86 aarch64 %arm %description -n care CARE monitors the execution of the specified command to create an archive that contains all the material required to re-execute it in the same context. That way, the command will be reproducible everywhere, even on Linux systems that are supposed to be not compatible with the original Linux system. CARE is typically useful to get reliable bug reports, demonstrations, artifact evaluation, tutorials, portable applications, minimal rootfs, file-system coverage, ... By design, CARE does not record events at all. Instead, it archives environment variables and accessed file-system components -- before modification -- during the so-called initial execution. Then, to reproduce this execution, the re-execute.sh script embedded into the archive restores the environment variables and relaunches the command confined into the saved file-system. %endif %prep %if 0%{?commit:1} %setup -q -n PRoot-%commit %else %setup -q -n PRoot-%version %endif # %patch1 -p1 # %patch2 -p1 # %patch3 -p1 # %patch4 -p1 # %patch5 -p1 # %patch6 -p1 rm -r doc/{proot,care}/stylesheets # Fixme: This fails in Fedora rm tests/test-kkkkkkkk.c rm doc/proot/rpm-spec %build # Fixme: src/syscall/socket.c uses mktemp: check whether it's actually # dangerous. CFLAGS="%optflags" LDFLAGS="%{?__global_ldflags}" %make_build -C src V=1 %{?care: CFLAGS="%optflags" LDFLAGS="%{?__global_ldflags}" %make_build -C src V=1 care} %install install -m755 -D src/proot %buildroot/%_bindir/proot install -m644 -D doc/proot/man.1 %buildroot/%_mandir/man1/proot.1 %{?care: install -m755 src/care %buildroot/%_bindir} %check # There are nondeterministic hangs on EPEL 6, 7 %{?fedora: make -C tests V=1 } %files %license COPYING %doc doc/articles doc/proot %_bindir/proot %{_mandir}/man1/proot.1* # not working %exclude %_pkgdocdir/proot/man.1 %if 0%{?care} %files -n care %license COPYING %doc doc/articles doc/care %_bindir/care %endif %changelog * Wed Mar 13 2019 Dave Love - 5.1.0-5.git%(c=%{commit}; echo ${c:0:7})%{?dist} - Update snapshot * Sat Feb 2 2019 Dave Love - 5.1.0-4.git%shortcommit - Use development version * Tue Oct 31 2017 Dave Love - 5.1.0-3 - Add patch for seccomp with recent kernels * Wed Jun 21 2017 Dave Love - 5.1.0-2 - Add patches to use LC_ALL and add --kill-on-exit * Thu Apr 27 2017 Dave Love - 5.1.0-1 - Initial Fedora version, adapted from PRoot's own