void-linux · maxice8 · Jul 7, 2018 · Jul 7, 2018 · Gottox · Jul 8, 2018
diff --git a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch b/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
@@ -0,0 +1,49 @@
+Source: Alpine Linux
+Upstream: Unknown
+Reason: Fixes compilation with musl libc
+---
+
+diff --git a/parser/missingdefs.h b/parser/missingdefs.h
+new file mode 100644
+index 0000000..8097aef
+--- /dev/null
++++ b/parser/missingdefs.h
+@@ -0,0 +1,8 @@
++#ifndef PARSER_MISSINGDEFS_H
++#define PARSER_MISSINGDEFS_H
++
++typedef int (*__compar_fn_t) (const void *, const void *);
++typedef __compar_fn_t comparison_fn_t;
++typedef void (*__free_fn_t) (void *__nodep);
++
++#endif
+diff --git a/parser/parser_alias.c b/parser/parser_alias.c
+index f5b6da4..d57f580 100644
+--- a/parser/parser_alias.c
++++ b/parser/parser_alias.c
+@@ -25,6 +25,10 @@
+ #include "parser.h"
+ #include "profile.h"
+
++#ifndef __GLIBC__
++#include "missingdefs.h"
++#endif
++
+ struct alias_rule {
+ 	char *from;
+ 	char *to;
+diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c
+index 3e667d8..e109f4d 100644
+--- a/parser/parser_symtab.c
++++ b/parser/parser_symtab.c
+@@ -25,6 +25,10 @@
+ #include "immunix.h"
+ #include "parser.h"
+
++#ifndef __GLIBC__
++#include "missingdefs.h"
++#endif
++
+ enum var_type {
+ 	sd_boolean,
+ 	sd_set,
diff --git a/srcpkgs/apparmor/patches/add-secure_getenv-scandirat.patch b/srcpkgs/apparmor/patches/add-secure_getenv-scandirat.patch
@@ -0,0 +1,186 @@
+Source: Alpine Linux
+Upstream: Unknown
+Reason: Fixes compilation with musl libc
+---
+
+diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
+index 479ba6d..979ed91 100644
+--- a/libraries/libapparmor/configure.ac
++++ b/libraries/libapparmor/configure.ac
+@@ -81,7 +81,7 @@ AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
+ AC_HEADER_STDC
+ AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)
+
+-AC_CHECK_FUNCS([asprintf __secure_getenv secure_getenv])
++AC_CHECK_FUNCS([asprintf __secure_getenv secure_getenv scandirat reallocarray])
+
+ AM_PROG_CC_C_O
+ AC_C_CONST
+diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
+index b9721fd..ed91a3c 100644
+--- a/libraries/libapparmor/src/Makefile.am
++++ b/libraries/libapparmor/src/Makefile.am
+@@ -46,9 +46,9 @@ af_protos.h: /usr/include/netinet/in.h
+ 	 LC_ALL=C  sed  -n -e "/IPPROTO_MAX/d"  -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@
+
+ lib_LTLIBRARIES = libapparmor.la
+-noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h
++noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h secure_getenv.h scandirat.h private.h PMurHash.c
+
+-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c private.c features.c kernel_interface.c policy_cache.c PMurHash.c
++libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c secure_getenv.c scandirat.c private.c features.c kernel_interface.c policy_cache.c PMurHash.c
+ libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
+ 	-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
+
+diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
+index bece09d..dd0e815 100644
+--- a/libraries/libapparmor/src/private.c
++++ b/libraries/libapparmor/src/private.c
+@@ -39,10 +39,26 @@
+  #ifdef HAVE___SECURE_GETENV
+   #define secure_getenv __secure_getenv
+  #else
+-  #error neither secure_getenv nor __secure_getenv is available
++  #include "secure_getenv.h"
+  #endif
+ #endif
+
++#ifndef HAVE_SCANDIRAT
++#include "scandirat.h"
++#endif
++
++
++/*
++ * Allow libapparmor to build on older glibcs and other libcs that do
++ * not support reallocarray.
++ */
++#ifndef HAVE_REALLOCARRY
++void *reallocarray(void *ptr, size_t nmemb, size_t size)
++{
++	return realloc(ptr, nmemb * size);
++}
++#endif
++
+ struct ignored_suffix_t {
+ 	const char * text;
+ 	int len;
+diff --git a/libraries/libapparmor/src/scandirat.c b/libraries/libapparmor/src/scandirat.c
+new file mode 100644
+index 0000000..c293014
+--- /dev/null
++++ b/libraries/libapparmor/src/scandirat.c
+@@ -0,0 +1,62 @@
++#include <dirent.h>
++#include <string.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <inttypes.h>
++#include <errno.h>
++
++#include "scandirat.h"
++
++#ifndef HAVE_SCANDIRAT
++
++int scandirat(int dir_fd, const char *dirp, struct dirent ***namelist,
++	int (*filter)(const struct dirent *),
++	int (*compar)(const struct dirent **, const struct dirent **))
++{
++	int fd;
++	DIR *d;
++	struct dirent *de, **names=0, **tmp;
++	size_t cnt=0, len=0;
++	int old_errno = errno;
++
++
++	fd = openat(dir_fd, dirp, O_RDONLY|O_CLOEXEC);
++	if (fd == -1) return -1;
++
++	d = fdopendir(fd);
++
++	if (!d) {
++		close(fd);
++		return -1;
++	}
++
++	while ((errno=0), (de = readdir(d))) {
++		if (filter && !filter(de)) continue;
++		if (cnt >= len) {
++			len = 2*len+1;
++			if (len > SIZE_MAX/sizeof *names) break;
++			tmp = realloc(names, len * sizeof *names);
++			if (!tmp) break;
++			names = tmp;
++		}
++		names[cnt] = malloc(de->d_reclen);
++		if (!names[cnt]) break;
++		memcpy(names[cnt++], de, de->d_reclen);
++	}
++
++	closedir(d);
++
++	if (errno) {
++		if (names) while (cnt-->0) free(names[cnt]);
++		free(names);
++		return -1;
++	}
++	errno = old_errno;
++
++	if (compar) qsort(names, cnt, sizeof *names, (int (*)(const void *, const void *))compar);
++	*namelist = names;
++	return cnt;
++}
++
++#endif
+diff --git a/libraries/libapparmor/src/scandirat.h b/libraries/libapparmor/src/scandirat.h
+new file mode 100644
+index 0000000..a1c5dfe
+--- /dev/null
++++ b/libraries/libapparmor/src/scandirat.h
+@@ -0,0 +1,12 @@
++#ifndef LIBAPPARMOR_SCANDIRAT_H
++#define LIBAPPARMOR_SCANDIRAT_H
++
++#include <dirent.h>
++
++#ifndef HAVE_SCANDIRAT
++int scandirat(int dir_fd, const char *dirp, struct dirent ***namelist,
++	int (*filter)(const struct dirent *),
++	int (*compar)(const struct dirent **, const struct dirent **));
++#endif
++
++#endif
+diff --git a/libraries/libapparmor/src/secure_getenv.c b/libraries/libapparmor/src/secure_getenv.c
+new file mode 100644
+index 0000000..f6894cd
+--- /dev/null
++++ b/libraries/libapparmor/src/secure_getenv.c
+@@ -0,0 +1,14 @@
++#include <stdlib.h>
++#include <sys/auxv.h>
++
++#include "secure_getenv.h"
++
++#ifndef HAVE_SECURE_GETENV
++char *secure_getenv(const char *name)
++{
++	if (!getauxval(AT_SECURE)) {
++		return getenv(name);
++	}
++	return NULL;
++}
++#endif
+diff --git a/libraries/libapparmor/src/secure_getenv.h b/libraries/libapparmor/src/secure_getenv.h
+new file mode 100644
+index 0000000..b6269a8
+--- /dev/null
++++ b/libraries/libapparmor/src/secure_getenv.h
+@@ -0,0 +1,8 @@
++#ifndef LIBAPPARMOR_SECURE_GETENV_H
++#define LIBAPPARMOR_SECURE_GETENV_H
++
++#ifndef HAVE_SECURE_GETENV
++char *secure_getenv(const char *name);
++#endif
++
++#endif
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
@@ -1,21 +1,21 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=2.13.0
-revision=4
+revision=5
 _short_ver=${version%\.*}
 wrksrc="${pkgname}-v${_short_ver}"
 configure_args="--prefix=/usr --with-perl --with-python"
 patch_args="-Np1"
-hostmakedepends="bison flex autoconf automake libtool"
-makedepends="perl python3-devel swig"
+hostmakedepends="bison flex autoconf automake libtool swig"
+makedepends="perl python3-devel"
 depends="runit-void-apparmor python3 libapparmor"
-only_for_archs="x86_64 i686"
 short_desc="Mandatory access control to restrict programs"
 maintainer="Olivier Mauras <olivier@mauras.ch>"
-license="GPL-3"
+license="GPL-2.0-only, LGPL-2.1-only"
 homepage="https://gitlab.com/apparmor/apparmor"
 distfiles="https://gitlab.com/apparmor/apparmor/-/archive/v${_short_ver}/apparmor-v${_short_ver}.tar.gz"
-checksum="fdafa0b71cbf574cce76a1ea1542b4540fa1c1040f80d0f0866fc0056ec37747"
+checksum=fdafa0b71cbf574cce76a1ea1542b4540fa1c1040f80d0f0866fc0056ec37747
+nocross="requires running programs on the host"
 
 pre_build() {
 	# Replace release profiles by our owns
@@ -77,6 +77,7 @@ post_install() {
 }
 
 apparmor-vim_package() {
+	noarch=yes
 	short_desc+=" - Vim syntax"
 	depends="vim"
 	pkg_install() {

diff --git a/srcpkgs/docker/template b/srcpkgs/docker/template
@@ -1,13 +1,13 @@
 # Template file for 'docker'
 pkgname=docker
 version=18.05.0
-revision=3
+revision=4
 _subversion='-ce'
 _version="$version$_subversion"
 wrksrc="$pkgname$_subversion-$_version"
 build_wrksrc=components/engine
 hostmakedepends="git go pkg-config curl cmake"
-makedepends="libbtrfs-devel sqlite-devel device-mapper-devel libseccomp-devel $(vopt_if apparmor libapparmor-devel)"
+makedepends="libbtrfs-devel sqlite-devel device-mapper-devel libseccomp-devel libapparmor-devel"
 short_desc="Pack, ship and run any application as a lightweight container"
 maintainer="Andrea Brancaleoni <abc@pompel.me>"
 license="Apache-2.0"
@@ -25,15 +25,8 @@ system_groups="docker"
 
 _docker_components="runc containerd tini proxy dockercli"
 
-build_options="apparmor"
-desc_option_apparmor="apparmor linux kernel security module support"
-case "$XBPS_TARGET_MACHINE" in
-	*-musl) ;;
-	*) build_options_default="apparmor"
-esac
-
 do_build() {
-	AUTO_GOPATH=1 DOCKER_BUILDTAGS='seccomp $(vopt_if apparmor apparmor)' DOCKER_GITCOMMIT=v$_version \
+	AUTO_GOPATH=1 DOCKER_BUILDTAGS='seccomp apparmor' DOCKER_GITCOMMIT=v$_version \
 		hack/make.sh dynbinary
 }