summaryrefslogtreecommitdiff
path: root/packages/sys-apps/sydbox/sydbox.exlib
blob: 6e5f53517866a82862e5cd83f95078529e5d5808 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# Copyright 2009, 2010, 2011, 2012, 2013, 2021 Ali Polatel <alip@exherbo.org>
# Copyright 2015 Wouter van Kesteren <woutershep@gmail.com>
# Distributed under the terms of the GNU General Public License v2

export_exlib_phases src_test pkg_postinst

SUMMARY="Sydbox, the other sandbox"
DESCRIPTION="Sydbox is a ptrace based sandbox for Linux."
ever is_scm || DOWNLOADS="https://dev.exherbo.org/distfiles/${PN}/${PNV}.tar.bz2"

LICENCES="GPL-2"
SLOT="0"
MYOPTIONS=""
DEPENDENCIES=""

REMOTE_IDS="freecode:${PN}"

if ever at_least 2; then
    HOMEPAGE="https://sydbox.exherbo.org"

    MYOPTIONS+="debug"
    DEPENDENCIES+="
    build:
        sys-kernel/linux-headers[>=5.6]
        debug? ( dev-libs/libunwind )
    test:
        net-dns/bind-tools
    "
elif ever at_least 1; then

    HOMEPAGE="https://git.exherbo.org/sydbox-1.git"

    # sydbox 1(_pre): has seccomp
    MYOPTIONS+="
    debug
    seccomp [[ description = [ Enable seccomp user filter support ] ]]"
    DEPENDENCIES+="
    build:
        debug? ( dev-libs/libunwind )
        seccomp? ( sys-kernel/linux-headers[>=3.5] )"

    DEFAULT_SRC_CONFIGURE_OPTION_ENABLES=( debug seccomp )

    if ever at_least 1.0.0; then
        # sydbox 1: external pinktrace
        DEPENDENCIES+="
        build+run:
            dev-libs/pinktrace[>=0.9.0]"
    else
        # sydbox 1_pre: internal pinktrace
        MYOPTIONS+="
        doc [[ description = [ Build API documentation of included pinktrace library ] ]]"
        DEPENDENCIES+="
        build:
            doc? ( app-doc/doxygen )"

        DEFAULT_SRC_CONFIGURE_PARAMS=( --enable-ipv6 )
        DEFAULT_SRC_CONFIGURE_OPTION_ENABLES+=( "doc doxygen" )
    fi

else

    HOMEPAGE="https://git.exherbo.org/sydbox.git"

    # sydbox 0: no seccomp, glib, external pinktrace
    DEPENDENCIES+="
    build+run:
        dev-libs/glib:2[>=2.18]
        dev-libs/pinktrace[>=0.1.2]"
fi

if ever at_least 2; then
    MYOPTIONS+="
    static
"
    DEFAULT_SRC_CONFIGURE_OPTION_ENABLES+=( static )
fi

sydbox_src_test() {
    if ! esandbox check 2>/dev/null; then
        default
    else
        elog "Not running tests because sydbox doesn't work under sydbox"
        elog "set PALUDIS_DO_NOTHING_SANDBOXY=1 if you want to run the tests"

        if ever at_least 1.0.2; then
            elog "As of sydbox-1.0.2, tests are installed by default."
            elog "You can use the helper utility sydtest to run the tests."
        fi
    fi
}

sydbox_pkg_postinst() {
    if ever at_least 2; then
        elog "SydBox-2 does not use ptrace() and uses seccomp notify."
        elog "You may safely uninstall PinkTrace."
        elog
        elog "Paludis does not support SydBox API 2 yet!"
        elog "See this Merge Request for current progress:"
        elog "https://gitlab.exherbo.org/paludis/paludis/-/merge_requests/36"
        elog
        elog "You need a recent Linux kernel, 5.6 or newer is required."
        elog "Use \`sydbox --test' to verify SydBox-2 is supported on your system."
        elog "Use the helper utility \`syd-test' to verify SydBox-2 works on your system."
        elog "Use a non-privileged (not root!) user when running tests!"
        elog
        elog "Report any bugs to alip@exherbo.org"
        elog "You may also use https://todo.sr.ht/~alip/sydbox"
        elog "Attaching poems encourages consideration tremendously."
   fi

   default
}