diff options
| author | Woodpecker CI <emmett1.2miligrams@protonmail.com> | 2025-09-11 19:08:39 +0000 |
|---|---|---|
| committer | Woodpecker CI <emmett1.2miligrams@protonmail.com> | 2025-09-11 19:08:39 +0000 |
| commit | 7bcab9f10f7c2fd8575a2cdb1af34df2e2a507d1 (patch) | |
| tree | 8cf9d6ba17a283f679676a8cae7a23f86bcb644e | |
| parent | 8722d793c5f2694a61b35d515434c11d7fce5780 (diff) | |
| download | alicelinux-7bcab9f10f7c2fd8575a2cdb1af34df2e2a507d1.tar.gz alicelinux-7bcab9f10f7c2fd8575a2cdb1af34df2e2a507d1.zip | |
Woodpecker CI 5b6da4a4ac4587f28f132509e968b110a3a4a689 [SKIP CI]
36 files changed, 980 insertions, 0 deletions
diff --git a/cgroupfs-mount/.checksum b/cgroupfs-mount/.checksum new file mode 100644 index 00000000..2dd2637e --- /dev/null +++ b/cgroupfs-mount/.checksum @@ -0,0 +1 @@ +785f87ebc222374f159106f9e1de48df49bd19b4851dcd1cf0691da5d36112c6 cgroupfs-mount-1.4.tar.gz diff --git a/cgroupfs-mount/.files b/cgroupfs-mount/.files new file mode 100644 index 00000000..cdd1b560 --- /dev/null +++ b/cgroupfs-mount/.files @@ -0,0 +1,4 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/cgroupfs-mount +-rwxr-xr-x root/root usr/bin/cgroupfs-umount diff --git a/cgroupfs-mount/abuild b/cgroupfs-mount/abuild new file mode 100644 index 00000000..4c29d098 --- /dev/null +++ b/cgroupfs-mount/abuild @@ -0,0 +1,9 @@ +name=cgroupfs-mount +version=1.4 +release=1 +source="https://github.com/tianon/${name}/archive/${version}/${name}-${version}.tar.gz" + +build() { + install -D -m 755 cgroupfs-mount $PKG/usr/bin/cgroupfs-mount + install -D -m 755 cgroupfs-umount $PKG/usr/bin/cgroupfs-umount +} diff --git a/containerd/.checksum b/containerd/.checksum new file mode 100644 index 00000000..80d883ef --- /dev/null +++ b/containerd/.checksum @@ -0,0 +1 @@ +7421ef4ff3782903d467d6be06c217a8274d639be43c815fcdd158228f41aa60 containerd-v2.1.4.tar.gz diff --git a/containerd/.files b/containerd/.files new file mode 100644 index 00000000..94d7ab76 --- /dev/null +++ b/containerd/.files @@ -0,0 +1,6 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/containerd +-rwxr-xr-x root/root usr/bin/containerd-shim-runc-v2 +-rwxr-xr-x root/root usr/bin/containerd-stress +-rwxr-xr-x root/root usr/bin/ctr diff --git a/containerd/abuild b/containerd/abuild new file mode 100644 index 00000000..f12bd64f --- /dev/null +++ b/containerd/abuild @@ -0,0 +1,17 @@ +name=containerd +version=2.1.4 +release=1 +source="https://github.com/${name}/${name}/archive/v${version}/${name}-v${version}.tar.gz" + +build() { + export GO111MODULE=auto + mkdir -p src/github.com/$name + cd src/github.com/$name + ln -s $SRC/$name-$version $name + cd $name + export GOPATH=$SRC + # use the long commit hash here + make VERSION=v$version REVISION=75cb2b7193e4e490e9fbdc236c0e811ccaba3376 + install -d -m 0755 $PKG/usr/bin + install -m 0755 bin/* $PKG/usr/bin/ +} diff --git a/containerd/depends b/containerd/depends new file mode 100644 index 00000000..ed2391b8 --- /dev/null +++ b/containerd/depends @@ -0,0 +1,2 @@ +go +libseccomp diff --git a/docker-compose/.checksum b/docker-compose/.checksum new file mode 100644 index 00000000..c59aba8d --- /dev/null +++ b/docker-compose/.checksum @@ -0,0 +1 @@ +bc4a2834774d1211dc638f7c41c31e147c1230b7827619833835901abdb540cf compose-v2.39.3.tar.gz diff --git a/docker-compose/.files b/docker-compose/.files new file mode 100644 index 00000000..fc954833 --- /dev/null +++ b/docker-compose/.files @@ -0,0 +1,7 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/docker-compose +drwxr-xr-x root/root usr/lib/ +drwxr-xr-x root/root usr/lib/docker/ +drwxr-xr-x root/root usr/lib/docker/cli-plugins/ +lrwxrwxrwx root/root usr/lib/docker/cli-plugins/docker-compose -> /usr/bin/docker-compose diff --git a/docker-compose/abuild b/docker-compose/abuild new file mode 100644 index 00000000..14ab1e36 --- /dev/null +++ b/docker-compose/abuild @@ -0,0 +1,15 @@ +name=docker-compose +version=2.39.3 +release=1 +source="https://github.com/docker/compose/archive/v${version}/compose-v${version}.tar.gz" + +build() { + export CGO_CFLAGS="${CFLAGS}" + export CGO_CPPFLAGS="${CXXFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + unset DESTDIR + make VERSION=v$version + install -Dm0755 bin/build/${name} ${PKG}/usr/bin/${name} + install -dm0755 ${PKG}/usr/lib/docker/cli-plugins + ln -s /usr/bin/docker-compose ${PKG}/usr/lib/docker/cli-plugins/ +} diff --git a/docker-compose/depends b/docker-compose/depends new file mode 100644 index 00000000..4023f209 --- /dev/null +++ b/docker-compose/depends @@ -0,0 +1 @@ +go diff --git a/docker/.checksum b/docker/.checksum new file mode 100644 index 00000000..373929c4 --- /dev/null +++ b/docker/.checksum @@ -0,0 +1,4 @@ +8360105c2dacab5bd5191ef9177f65cc7e238c9caa049e5e116376124d944ad7 cli-v28.4.0.tar.gz +02d796348f328c0386d08096d8cd8c48ae6b10fe7bf7bbdba3709a1940d6b30c dockerd.conf +32d29e80b5704396a2d556a727385038b0186c414d53d72fb5ac0c7e67637311 dockerd.run +00f9ef7a80ad6767bb97f6a048ffe479800226ad0a28856013b9366fc9783b17 moby-v28.4.0.tar.gz diff --git a/docker/.files b/docker/.files new file mode 100644 index 00000000..58566f27 --- /dev/null +++ b/docker/.files @@ -0,0 +1,218 @@ +drwxr-xr-x root/root etc/ +drwxr-xr-x root/root etc/sv/ +drwxr-xr-x root/root etc/sv/dockerd/ +-rw-r--r-- root/root etc/sv/dockerd/conf.new +-rwxr-xr-x root/root etc/sv/dockerd/run.new +lrwxrwxrwx root/root etc/sv/dockerd/supervise -> ../../../run/runit/supervise.dockerd +drwxr-xr-x root/root etc/udev/ +drwxr-xr-x root/root etc/udev/rules.d/ +-rw-r--r-- root/root etc/udev/rules.d/80-docker.rules.new +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/docker +lrwxrwxrwx root/root usr/bin/docker-containerd -> containerd +lrwxrwxrwx root/root usr/bin/docker-containerd-ctr -> ctr +lrwxrwxrwx root/root usr/bin/docker-containerd-shim -> containerd-shim +-rwxr-xr-x root/root usr/bin/docker-proxy +lrwxrwxrwx root/root usr/bin/docker-runc -> runc +-rwxr-xr-x root/root usr/bin/dockerd +drwxr-xr-x root/root usr/lib/ +drwxr-xr-x root/root usr/lib/docker/ +drwxr-xr-x root/root usr/lib/docker/cli-plugins/ +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/docker/ +-rwxr-xr-x root/root usr/share/docker/check-config.sh +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/docker-attach.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-bake.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-build.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-builder-build.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-builder-prune.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-builder.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-checkpoint-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-checkpoint-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-checkpoint-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-checkpoint.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-commit.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-config-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-config-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-config-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-config-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-config.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-attach.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-commit.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-cp.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-diff.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-exec.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-export.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-kill.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-logs.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-pause.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-port.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-prune.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-rename.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-restart.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-run.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-start.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-stats.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-stop.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-top.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-unpause.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container-wait.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-container.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-export.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-import.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-show.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context-use.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-context.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-cp.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-diff.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-events.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-exec.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-export.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-history.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-build.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-history.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-import.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-load.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-prune.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-pull.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-push.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-save.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image-tag.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-image.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-images.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-import.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-info.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-kill.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-load.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-login.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-logout.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-logs.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-manifest-annotate.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-manifest-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-manifest-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-manifest-push.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-manifest-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-manifest.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-connect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-disconnect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-prune.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-network.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-demote.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-promote.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-ps.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-node.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-pause.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-disable.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-enable.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-install.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-push.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-set.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin-upgrade.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-plugin.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-port.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-ps.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-pull.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-push.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-rename.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-restart.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-rmi.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-run.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-save.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-search.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-secret-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-secret-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-secret-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-secret-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-secret.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-logs.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-ps.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-rollback.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-scale.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-service.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack-config.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack-deploy.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack-ps.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack-services.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stack.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-start.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stats.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-stop.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-ca.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-init.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-join-token.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-join.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-leave.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-unlock-key.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-unlock.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-swarm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-system-df.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-system-events.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-system-info.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-system-prune.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-system.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-tag.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-top.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-key-generate.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-key-load.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-key.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-revoke.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-sign.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-signer-add.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-signer-remove.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust-signer.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-trust.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-unpause.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-version.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume-create.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume-inspect.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume-ls.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume-prune.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume-rm.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume-update.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-volume.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker-wait.1.gz +-rw-r--r-- root/root usr/share/man/man1/docker.1.gz +drwxr-xr-x root/root usr/share/man/man5/ +-rw-r--r-- root/root usr/share/man/man5/Dockerfile.5.gz +-rw-r--r-- root/root usr/share/man/man5/docker-config-json.5.gz diff --git a/docker/abuild b/docker/abuild new file mode 100644 index 00000000..78ff494b --- /dev/null +++ b/docker/abuild @@ -0,0 +1,55 @@ +name=docker +version=28.4.0 +release=1 +source="https://github.com/${name}/cli/archive/v${version}/cli-v${version}.tar.gz + https://github.com/moby/moby/archive/v${version}/moby-v28.4.0.tar.gz + dockerd.run dockerd.conf" +sv="dockerd.run dockerd.conf" + +build() { + export GO111MODULE=auto + export GOPATH=$SRC + export DOCKER_GITCOMMIT=249d679 + export DOCKER_BUILDTAGS='seccomp' + export DISABLE_WARN_OUTSIDE_CONTAINER=1 + export CGO_CFLAGS="${CFLAGS}" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw -ldflags=-linkmode=external" + + cd $SRC + mkdir -p src/github.com/docker + cd src/github.com/docker + ln -s $SRC/cli-$version cli + cd cli + make VERSION=$version GITCOMMIT=${DOCKER_GITCOMMIT} dynbinary + make manpages + + cd $SRC/src/github.com/docker + ln -s $SRC/moby-$version docker + cd docker + VERSION=$version hack/make.sh dynbinary + cd $SRC + + install -D -m 0755 cli-$version/build/$name $PKG/usr/bin/$name + install -D -m 0755 moby-$version/bundles/dynbinary-daemon/dockerd \ + $PKG/usr/bin/dockerd + install -D -m 0755 moby-$version/bundles/dynbinary-daemon/docker-proxy \ + $PKG/usr/bin/docker-proxy + + install -dm755 $PKG/usr/share/man + cp -r cli-$version/man/man* $PKG/usr/share/man + + ln -s containerd $PKG/usr/bin/docker-containerd + ln -s containerd-shim $PKG/usr/bin/docker-containerd-shim + ln -s ctr $PKG/usr/bin/docker-containerd-ctr + ln -s runc $PKG/usr/bin/docker-runc + + install -D -m 0755 moby-$version/contrib/check-config.sh \ + $PKG/usr/share/$name/check-config.sh + install -D -m 0644 moby-$version/contrib/udev/80-$name.rules \ + $PKG/etc/udev/rules.d/80-$name.rules + + mkdir -p $PKG/usr/lib/docker/cli-plugins +} diff --git a/docker/depends b/docker/depends new file mode 100644 index 00000000..b5710613 --- /dev/null +++ b/docker/depends @@ -0,0 +1,3 @@ +containerd +runc +cgroupfs-mount diff --git a/docker/dockerd.conf b/docker/dockerd.conf new file mode 100644 index 00000000..dc27949f --- /dev/null +++ b/docker/dockerd.conf @@ -0,0 +1,2 @@ +# config file for docker service +#OPTS="-p /var/run/docker.pid -G docker" diff --git a/docker/dockerd.run b/docker/dockerd.run new file mode 100644 index 00000000..7912dc93 --- /dev/null +++ b/docker/dockerd.run @@ -0,0 +1,6 @@ +#!/bin/sh +exec 2>&1 +[ -r conf ] && . ./conf +modprobe -q loop || exit 1 +cgroupfs-mount +dockerd ${OPTS;--p /var/run/docker.pid -G docker} diff --git a/go-md2man/.checksum b/go-md2man/.checksum new file mode 100644 index 00000000..571632a5 --- /dev/null +++ b/go-md2man/.checksum @@ -0,0 +1 @@ +59465eee87976190ead1df77276bd17aad4fbf062bd2bdadb25bb8f44515d97b go-md2man-v2.0.7.tar.gz diff --git a/go-md2man/.files b/go-md2man/.files new file mode 100644 index 00000000..3924265e --- /dev/null +++ b/go-md2man/.files @@ -0,0 +1,7 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/go-md2man +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rwxr-xr-x root/root usr/share/man/man1/go-md2man.1.gz diff --git a/go-md2man/abuild b/go-md2man/abuild new file mode 100644 index 00000000..564aa081 --- /dev/null +++ b/go-md2man/abuild @@ -0,0 +1,14 @@ +name=go-md2man +version=2.0.7 +release=1 +source="https://github.com/cpuguy83/${name}/archive/v${version}/${name}-v${version}.tar.gz" + +build() { + export GOPATH="$PWD/go" + export GOFLAGS="-buildmode=pie -trimpath" + export CGO_LDFLAGS="$LDFLAGS" + go build -o go-md2man . + ./go-md2man -in=go-md2man.1.md -out=go-md2man.1 + install -Dm755 go-md2man "$PKG/usr/bin/go-md2man" + install -Dm755 go-md2man.1 "$PKG/usr/share/man/man1/go-md2man.1" +} diff --git a/go-md2man/depends b/go-md2man/depends new file mode 100644 index 00000000..4023f209 --- /dev/null +++ b/go-md2man/depends @@ -0,0 +1 @@ +go diff --git a/iptables/.checksum b/iptables/.checksum new file mode 100644 index 00000000..0fe6dead --- /dev/null +++ b/iptables/.checksum @@ -0,0 +1,5 @@ +66e08567e2be13260210b86c9ca6cf34bc36e439d39ede4b5b664d599ee3c0dd configure-Avoid-addition-assignment-operators.patch +7d3135fe9b800d930bdb1ddf0531bbf7cd8b7622fe2f930a9d7385e5b15692ce drop-interface-mask-leftovers-from-post-parse-callbacks.patch +08f641bc7ce74cb01d7778b0f27d8cee63a9d03e03d01ee429f1bc54702412ba fix-interface-comparissons-in-dash-C-commands.patch +407c93b0ececb7ced0e1cafee020cbc48dba9387f33a0302b21fdde6eca7061c iptables-1.8.11.tar.xz +618cbcced62b548b080e7903ac8b50161b1d2af5c6c425b191eb67e87ff75b91 use-sh-iptables-apply.patch diff --git a/iptables/.files b/iptables/.files new file mode 100644 index 00000000..28fbe5a9 --- /dev/null +++ b/iptables/.files @@ -0,0 +1,164 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +lrwxrwxrwx root/root usr/bin/iptables-xml -> /usr/sbin/xtables-legacy-multi +drwxr-xr-x root/root usr/include/ +drwxr-xr-x root/root usr/include/libiptc/ +-rw-r--r-- root/root usr/include/libiptc/ipt_kernel_headers.h +-rw-r--r-- root/root usr/include/libiptc/libip6tc.h +-rw-r--r-- root/root usr/include/libiptc/libiptc.h +-rw-r--r-- root/root usr/include/libiptc/libxtc.h +-rw-r--r-- root/root usr/include/libiptc/xtcshared.h +-rw-r--r-- root/root usr/include/xtables-version.h +-rw-r--r-- root/root usr/include/xtables.h +drwxr-xr-x root/root usr/lib/ +lrwxrwxrwx root/root usr/lib/libip4tc.so -> libip4tc.so.2.0.0 +lrwxrwxrwx root/root usr/lib/libip4tc.so.2 -> libip4tc.so.2.0.0 +-rwxr-xr-x root/root usr/lib/libip4tc.so.2.0.0 +lrwxrwxrwx root/root usr/lib/libip6tc.so -> libip6tc.so.2.0.0 +lrwxrwxrwx root/root usr/lib/libip6tc.so.2 -> libip6tc.so.2.0.0 +-rwxr-xr-x root/root usr/lib/libip6tc.so.2.0.0 +lrwxrwxrwx root/root usr/lib/libxtables.so -> libxtables.so.12.7.0 +lrwxrwxrwx root/root usr/lib/libxtables.so.12 -> libxtables.so.12.7.0 +-rwxr-xr-x root/root usr/lib/libxtables.so.12.7.0 +drwxr-xr-x root/root usr/lib/pkgconfig/ +-rw-r--r-- root/root usr/lib/pkgconfig/libip4tc.pc +-rw-r--r-- root/root usr/lib/pkgconfig/libip6tc.pc +-rw-r--r-- root/root usr/lib/pkgconfig/libiptc.pc +-rw-r--r-- root/root usr/lib/pkgconfig/xtables.pc +drwxr-xr-x root/root usr/lib/xtables/ +-rwxr-xr-x root/root usr/lib/xtables/libip6t_DNPT.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_HL.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_NETMAP.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_REJECT.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_SNPT.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_ah.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_dst.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_eui64.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_frag.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_hbh.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_hl.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_icmp6.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_ipv6header.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_mh.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_rt.so +-rwxr-xr-x root/root usr/lib/xtables/libip6t_srh.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_CLUSTERIP.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_ECN.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_NETMAP.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_REJECT.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_TTL.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_ULOG.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_ah.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_icmp.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_realm.so +-rwxr-xr-x root/root usr/lib/xtables/libipt_ttl.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_AUDIT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_CHECKSUM.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_CLASSIFY.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_CONNMARK.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_CONNSECMARK.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_CT.so +lrwxrwxrwx root/root usr/lib/xtables/libxt_DNAT.so -> libxt_NAT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_DSCP.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_HMARK.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_IDLETIMER.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_LED.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_LOG.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_MARK.so +lrwxrwxrwx root/root usr/lib/xtables/libxt_MASQUERADE.so -> libxt_NAT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_NAT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_NFLOG.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_NFQUEUE.so +lrwxrwxrwx root/root usr/lib/xtables/libxt_NOTRACK.so -> libxt_CT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_RATEEST.so +lrwxrwxrwx root/root usr/lib/xtables/libxt_REDIRECT.so -> libxt_NAT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_SECMARK.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_SET.so +lrwxrwxrwx root/root usr/lib/xtables/libxt_SNAT.so -> libxt_NAT.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_SYNPROXY.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_TCPMSS.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_TCPOPTSTRIP.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_TEE.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_TOS.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_TPROXY.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_TRACE.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_addrtype.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_bpf.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_cgroup.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_cluster.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_comment.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_connbytes.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_connlimit.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_connmark.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_conntrack.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_cpu.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_dccp.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_devgroup.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_dscp.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_ecn.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_esp.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_hashlimit.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_helper.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_ipcomp.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_iprange.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_ipvs.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_length.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_limit.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_mac.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_mark.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_multiport.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_nfacct.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_osf.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_owner.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_physdev.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_pkttype.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_policy.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_quota.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_rateest.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_recent.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_rpfilter.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_sctp.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_set.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_socket.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_standard.so +lrwxrwxrwx root/root usr/lib/xtables/libxt_state.so -> libxt_conntrack.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_statistic.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_string.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_tcp.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_tcpmss.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_time.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_tos.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_u32.so +-rwxr-xr-x root/root usr/lib/xtables/libxt_udp.so +drwxr-xr-x root/root usr/sbin/ +lrwxrwxrwx root/root usr/sbin/ip6tables -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/ip6tables-apply -> iptables-apply +lrwxrwxrwx root/root usr/sbin/ip6tables-legacy -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/ip6tables-legacy-restore -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/ip6tables-legacy-save -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/ip6tables-restore -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/ip6tables-save -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/iptables -> xtables-legacy-multi +-rwxr-xr-x root/root usr/sbin/iptables-apply +lrwxrwxrwx root/root usr/sbin/iptables-legacy -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/iptables-legacy-restore -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/iptables-legacy-save -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/iptables-restore -> xtables-legacy-multi +lrwxrwxrwx root/root usr/sbin/iptables-save -> xtables-legacy-multi +-rwxr-xr-x root/root usr/sbin/xtables-legacy-multi +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/iptables-xml.1.gz +drwxr-xr-x root/root usr/share/man/man8/ +-rw-r--r-- root/root usr/share/man/man8/ip6tables-apply.8.gz +-rw-r--r-- root/root usr/share/man/man8/ip6tables-restore.8.gz +-rw-r--r-- root/root usr/share/man/man8/ip6tables-save.8.gz +-rw-r--r-- root/root usr/share/man/man8/ip6tables.8.gz +-rw-r--r-- root/root usr/share/man/man8/iptables-apply.8.gz +-rw-r--r-- root/root usr/share/man/man8/iptables-extensions.8.gz +-rw-r--r-- root/root usr/share/man/man8/iptables-restore.8.gz +-rw-r--r-- root/root usr/share/man/man8/iptables-save.8.gz +-rw-r--r-- root/root usr/share/man/man8/iptables.8.gz +drwxr-xr-x root/root usr/share/xtables/ +-rw-r--r-- root/root usr/share/xtables/iptables.xslt diff --git a/iptables/abuild b/iptables/abuild new file mode 100644 index 00000000..7a7dbe6b --- /dev/null +++ b/iptables/abuild @@ -0,0 +1,13 @@ +name=iptables +version=1.8.11 +release=1 +source="https://www.netfilter.org/projects/${name}/files/${name}-${version}.tar.xz + configure-Avoid-addition-assignment-operators.patch + drop-interface-mask-leftovers-from-post-parse-callbacks.patch + fix-interface-comparissons-in-dash-C-commands.patch + use-sh-iptables-apply.patch" +build_opt="--disable-nftables" + +prebuild() { + autoreconf -fi +} diff --git a/iptables/configure-Avoid-addition-assignment-operators.patch b/iptables/configure-Avoid-addition-assignment-operators.patch new file mode 100644 index 00000000..04590f76 --- /dev/null +++ b/iptables/configure-Avoid-addition-assignment-operators.patch @@ -0,0 +1,44 @@ +Patch-Source: https://lore.kernel.org/netfilter-devel/D711RJX8FZM8.1ZZRJ5PYBRMID@pwned.life/ +--- +From a81896ac8c0fcc73ee52603748f876375906cead Mon Sep 17 00:00:00 2001 +From: fossdd <fossdd@pwned.life> +Date: Mon, 13 Jan 2025 16:08:34 +0100 +Subject: [PATCH] configure: Avoid addition assignment operators + +For compatability with other /bin/sh like busybox ash, since they don't +support the addition assignment operators (+=) and otherwise fails with: + + ./configure: line 14174: regular_CFLAGS+= -D__UAPI_DEF_ETHHDR=0: not found + +Signed-off-by: fossdd <fossdd@pwned.life> +--- + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 2d38a4d4..0106b316 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -202,8 +202,8 @@ fi; + pkgdatadir='${datadir}/xtables'; + + if test "x$enable_profiling" = "xyes"; then +- regular_CFLAGS+=" -fprofile-arcs -ftest-coverage" +- regular_LDFLAGS+=" -lgcov --coverage" ++ regular_CFLAGS="$regular_CFLAGS -fprofile-arcs -ftest-coverage" ++ regular_LDFLAGS="$regular_LDFLAGS -lgcov --coverage" + fi + + AC_MSG_CHECKING([whether the build is using musl-libc]) +@@ -222,7 +222,7 @@ AC_COMPILE_IFELSE( + AC_MSG_RESULT([${enable_musl_build}]) + + if test "x$enable_musl_build" = "xyes"; then +- regular_CFLAGS+=" -D__UAPI_DEF_ETHHDR=0" ++ regular_CFLAGS="$regular_CFLAGS -D__UAPI_DEF_ETHHDR=0" + fi + + define([EXPAND_VARIABLE], +-- +2.48.0 + diff --git a/iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch b/iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch new file mode 100644 index 00000000..70716b1d --- /dev/null +++ b/iptables/drop-interface-mask-leftovers-from-post-parse-callbacks.patch @@ -0,0 +1,65 @@ +Url: https://git.netfilter.org/iptables/patch/?id=b3f3e256c263b9a1db49732696aba0dde084ef5e +From b3f3e256c263b9a1db49732696aba0dde084ef5e Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Fri, 15 Nov 2024 19:55:32 +0100 +Subject: nft: Drop interface mask leftovers from post_parse callbacks + +Fixed commit only adjusted the IPv4-specific callback for unclear +reasons. + +Fixes: fe70364b36119 ("xshared: Do not populate interface masks per default") +Signed-off-by: Phil Sutter <phil@nwl.cc> +Reviewed-by: Jeremy Sowden <jeremy@azazel.net> +--- + iptables/nft-arp.c | 3 --- + iptables/xshared.c | 5 ----- + iptables/xshared.h | 1 - + 3 files changed, 9 deletions(-) + +diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c +index c11d64c3..fa2dd558 100644 +--- a/iptables/nft-arp.c ++++ b/iptables/nft-arp.c +@@ -459,10 +459,7 @@ static void nft_arp_post_parse(int command, + cs->arp.arp.invflags = args->invflags; + + memcpy(cs->arp.arp.iniface, args->iniface, IFNAMSIZ); +- memcpy(cs->arp.arp.iniface_mask, args->iniface_mask, IFNAMSIZ); +- + memcpy(cs->arp.arp.outiface, args->outiface, IFNAMSIZ); +- memcpy(cs->arp.arp.outiface_mask, args->outiface_mask, IFNAMSIZ); + + cs->arp.counters.pcnt = args->pcnt_cnt; + cs->arp.counters.bcnt = args->bcnt_cnt; +diff --git a/iptables/xshared.c b/iptables/xshared.c +index 2a5eef09..2f663f97 100644 +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -2104,12 +2104,7 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs, + cs->fw6.ipv6.invflags = args->invflags; + + memcpy(cs->fw6.ipv6.iniface, args->iniface, IFNAMSIZ); +- memcpy(cs->fw6.ipv6.iniface_mask, +- args->iniface_mask, IFNAMSIZ*sizeof(unsigned char)); +- + memcpy(cs->fw6.ipv6.outiface, args->outiface, IFNAMSIZ); +- memcpy(cs->fw6.ipv6.outiface_mask, +- args->outiface_mask, IFNAMSIZ*sizeof(unsigned char)); + + if (args->goto_set) + cs->fw6.ipv6.flags |= IP6T_F_GOTO; +diff --git a/iptables/xshared.h b/iptables/xshared.h +index a111e797..af756738 100644 +--- a/iptables/xshared.h ++++ b/iptables/xshared.h +@@ -262,7 +262,6 @@ struct xtables_args { + uint8_t flags; + uint16_t invflags; + char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; +- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; + char bri_iniface[IFNAMSIZ], bri_outiface[IFNAMSIZ]; + bool goto_set; + const char *shostnetworkmask, *dhostnetworkmask; +-- +cgit v1.2.3 + diff --git a/iptables/fix-interface-comparissons-in-dash-C-commands.patch b/iptables/fix-interface-comparissons-in-dash-C-commands.patch new file mode 100644 index 00000000..3cae51ee --- /dev/null +++ b/iptables/fix-interface-comparissons-in-dash-C-commands.patch @@ -0,0 +1,173 @@ +Url: https://git.netfilter.org/iptables/patch/?id=40406dbfaefbc204134452b2747bae4f6a122848 +From 40406dbfaefbc204134452b2747bae4f6a122848 Mon Sep 17 00:00:00 2001 +From: Jeremy Sowden <jeremy@azazel.net> +Date: Mon, 18 Nov 2024 13:56:50 +0000 +Subject: nft: fix interface comparisons in `-C` commands + +Commit 9ccae6397475 ("nft: Leave interface masks alone when parsing from +kernel") removed code which explicitly set interface masks to all ones. The +result of this is that they are zero. However, they are used to mask interfaces +in `is_same_interfaces`. Consequently, the masked values are alway zero, the +comparisons are always true, and check commands which ought to fail succeed: + + # iptables -N test + # iptables -A test -i lo \! -o lo -j REJECT + # iptables -v -L test + Chain test (0 references) + pkts bytes target prot opt in out source destination + 0 0 REJECT all -- lo !lo anywhere anywhere reject-with icmp-port-unreachable + # iptables -v -C test -i abcdefgh \! -o abcdefgh -j REJECT + REJECT all opt -- in lo out !lo 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable + +Remove the mask parameters from `is_same_interfaces`. Add a test-case. + +Fixes: 9ccae6397475 ("nft: Leave interface masks alone when parsing from kernel") +Signed-off-by: Jeremy Sowden <jeremy@azazel.net> +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + iptables/nft-arp.c | 10 ++---- + iptables/nft-ipv4.c | 4 +-- + iptables/nft-ipv6.c | 6 +--- + iptables/nft-shared.c | 36 +++++----------------- + iptables/nft-shared.h | 6 +--- + .../testcases/nft-only/0020-compare-interfaces_0 | 9 ++++++ + 6 files changed, 22 insertions(+), 49 deletions(-) + create mode 100755 iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 + +diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c +index 264864c3..c11d64c3 100644 +--- a/iptables/nft-arp.c ++++ b/iptables/nft-arp.c +@@ -385,14 +385,8 @@ static bool nft_arp_is_same(const struct iptables_command_state *cs_a, + return false; + } + +- return is_same_interfaces(a->arp.iniface, +- a->arp.outiface, +- (unsigned char *)a->arp.iniface_mask, +- (unsigned char *)a->arp.outiface_mask, +- b->arp.iniface, +- b->arp.outiface, +- (unsigned char *)b->arp.iniface_mask, +- (unsigned char *)b->arp.outiface_mask); ++ return is_same_interfaces(a->arp.iniface, a->arp.outiface, ++ b->arp.iniface, b->arp.outiface); + } + + static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy) +diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c +index 74092875..0c8bd291 100644 +--- a/iptables/nft-ipv4.c ++++ b/iptables/nft-ipv4.c +@@ -113,9 +113,7 @@ static bool nft_ipv4_is_same(const struct iptables_command_state *a, + } + + return is_same_interfaces(a->fw.ip.iniface, a->fw.ip.outiface, +- a->fw.ip.iniface_mask, a->fw.ip.outiface_mask, +- b->fw.ip.iniface, b->fw.ip.outiface, +- b->fw.ip.iniface_mask, b->fw.ip.outiface_mask); ++ b->fw.ip.iniface, b->fw.ip.outiface); + } + + static void nft_ipv4_set_goto_flag(struct iptables_command_state *cs) +diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c +index b184f8af..4dbb2af2 100644 +--- a/iptables/nft-ipv6.c ++++ b/iptables/nft-ipv6.c +@@ -99,11 +99,7 @@ static bool nft_ipv6_is_same(const struct iptables_command_state *a, + } + + return is_same_interfaces(a->fw6.ipv6.iniface, a->fw6.ipv6.outiface, +- a->fw6.ipv6.iniface_mask, +- a->fw6.ipv6.outiface_mask, +- b->fw6.ipv6.iniface, b->fw6.ipv6.outiface, +- b->fw6.ipv6.iniface_mask, +- b->fw6.ipv6.outiface_mask); ++ b->fw6.ipv6.iniface, b->fw6.ipv6.outiface); + } + + static void nft_ipv6_set_goto_flag(struct iptables_command_state *cs) +diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c +index 6775578b..2c29e68f 100644 +--- a/iptables/nft-shared.c ++++ b/iptables/nft-shared.c +@@ -220,36 +220,16 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, + } + + bool is_same_interfaces(const char *a_iniface, const char *a_outiface, +- unsigned const char *a_iniface_mask, +- unsigned const char *a_outiface_mask, +- const char *b_iniface, const char *b_outiface, +- unsigned const char *b_iniface_mask, +- unsigned const char *b_outiface_mask) ++ const char *b_iniface, const char *b_outiface) + { +- int i; +- +- for (i = 0; i < IFNAMSIZ; i++) { +- if (a_iniface_mask[i] != b_iniface_mask[i]) { +- DEBUGP("different iniface mask %x, %x (%d)\n", +- a_iniface_mask[i] & 0xff, b_iniface_mask[i] & 0xff, i); +- return false; +- } +- if ((a_iniface[i] & a_iniface_mask[i]) +- != (b_iniface[i] & b_iniface_mask[i])) { +- DEBUGP("different iniface\n"); +- return false; +- } +- if (a_outiface_mask[i] != b_outiface_mask[i]) { +- DEBUGP("different outiface mask\n"); +- return false; +- } +- if ((a_outiface[i] & a_outiface_mask[i]) +- != (b_outiface[i] & b_outiface_mask[i])) { +- DEBUGP("different outiface\n"); +- return false; +- } ++ if (strncmp(a_iniface, b_iniface, IFNAMSIZ)) { ++ DEBUGP("different iniface\n"); ++ return false; ++ } ++ if (strncmp(a_outiface, b_outiface, IFNAMSIZ)) { ++ DEBUGP("different outiface\n"); ++ return false; + } +- + return true; + } + +diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h +index 51d1e460..b57aee1f 100644 +--- a/iptables/nft-shared.h ++++ b/iptables/nft-shared.h +@@ -105,11 +105,7 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, uint8_t proto, uint + void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv); + + bool is_same_interfaces(const char *a_iniface, const char *a_outiface, +- unsigned const char *a_iniface_mask, +- unsigned const char *a_outiface_mask, +- const char *b_iniface, const char *b_outiface, +- unsigned const char *b_iniface_mask, +- unsigned const char *b_outiface_mask); ++ const char *b_iniface, const char *b_outiface); + + void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op); + void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv); +diff --git a/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 +new file mode 100755 +index 00000000..278cd648 +--- /dev/null ++++ b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 +@@ -0,0 +1,9 @@ ++#!/bin/bash ++ ++[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } ++ ++$XT_MULTI iptables -N test ++$XT_MULTI iptables -A test -i lo \! -o lo -j REJECT ++$XT_MULTI iptables -C test -i abcdefgh \! -o abcdefgh -j REJECT 2>/dev/null && exit 1 ++ ++exit 0 +-- +cgit v1.2.3 + diff --git a/iptables/use-sh-iptables-apply.patch b/iptables/use-sh-iptables-apply.patch new file mode 100644 index 00000000..b31fc948 --- /dev/null +++ b/iptables/use-sh-iptables-apply.patch @@ -0,0 +1,39 @@ +From: Simon Frankenberger <simon-alpine@fraho.eu> + +make iptables-apply use posix sh + +--- a/iptables/iptables-apply ++++ b/iptables/iptables-apply +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # iptables-apply -- a safer way to update iptables remotely + # + # Usage: +@@ -110,7 +110,7 @@ + } + + function checkcommands() { +- for cmd in "${COMMANDS[@]}"; do ++ for cmd in ${COMMANDS}; do + if ! command -v "$cmd" >/dev/null; then + echo "Error: needed command not found: $cmd" >&2 + exit 127 +@@ -184,7 +184,7 @@ + fi + + # Needed commands +- COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD") ++ COMMANDS="mktemp $SAVE $RESTORE $RUNCMD" + checkcommands + ;; + (*) +@@ -196,7 +196,7 @@ + fi + + # Needed commands +- COMMANDS=(mktemp "$SAVE" "$RESTORE") ++ COMMANDS="mktemp $SAVE $RESTORE" + checkcommands + ;; + esac diff --git a/libseccomp/.checksum b/libseccomp/.checksum new file mode 100644 index 00000000..c5f6ea31 --- /dev/null +++ b/libseccomp/.checksum @@ -0,0 +1 @@ +48ba4e04a00bdace5ad130d88e2a1a51d0b3dfdabace9a405b404a50e1afdd56 libseccomp-2.6.0.tar.gz diff --git a/libseccomp/.files b/libseccomp/.files new file mode 100644 index 00000000..10fc849d --- /dev/null +++ b/libseccomp/.files @@ -0,0 +1,51 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/scmp_sys_resolver +drwxr-xr-x root/root usr/include/ +-rw-r--r-- root/root usr/include/seccomp-syscalls.h +-rw-r--r-- root/root usr/include/seccomp.h +drwxr-xr-x root/root usr/lib/ +lrwxrwxrwx root/root usr/lib/libseccomp.so -> libseccomp.so.2.6.0 +lrwxrwxrwx root/root usr/lib/libseccomp.so.2 -> libseccomp.so.2.6.0 +-rwxr-xr-x root/root usr/lib/libseccomp.so.2.6.0 +drwxr-xr-x root/root usr/lib/pkgconfig/ +-rw-r--r-- root/root usr/lib/pkgconfig/libseccomp.pc +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/scmp_sys_resolver.1.gz +drwxr-xr-x root/root usr/share/man/man3/ +-rw-r--r-- root/root usr/share/man/man3/seccomp_api_get.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_api_set.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_arch_add.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_arch_exist.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_arch_native.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_arch_remove.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_arch_resolve_name.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_attr_get.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_attr_set.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_export_bpf.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_export_bpf_mem.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_export_pfc.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_init.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_load.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_merge.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_notify_alloc.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_notify_fd.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_notify_free.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_notify_id_valid.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_notify_receive.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_notify_respond.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_precompute.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_release.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_reset.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_rule_add.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_rule_add_array.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_rule_add_exact.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_rule_add_exact_array.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_syscall_priority.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_syscall_resolve_name.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_syscall_resolve_name_arch.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_syscall_resolve_name_rewrite.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_syscall_resolve_num_arch.3.gz +-rw-r--r-- root/root usr/share/man/man3/seccomp_version.3.gz diff --git a/libseccomp/abuild b/libseccomp/abuild new file mode 100644 index 00000000..79f9bd05 --- /dev/null +++ b/libseccomp/abuild @@ -0,0 +1,4 @@ +name=libseccomp +version=2.6.0 +release=1 +source="https://github.com/seccomp/${name}/releases/download/v${version}/${name}-${version}.tar.gz" diff --git a/libseccomp/depends b/libseccomp/depends new file mode 100644 index 00000000..ed65273b --- /dev/null +++ b/libseccomp/depends @@ -0,0 +1 @@ +gperf diff --git a/runc/.checksum b/runc/.checksum new file mode 100644 index 00000000..c77fa147 --- /dev/null +++ b/runc/.checksum @@ -0,0 +1 @@ +0e3b23a361204e7e64d1ba7a9f684ade556479f3f78cc9080ef40a8a51a8e5eb runc-v1.3.1.tar.gz diff --git a/runc/.files b/runc/.files new file mode 100644 index 00000000..f6a4ff36 --- /dev/null +++ b/runc/.files @@ -0,0 +1,23 @@ +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/runc +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man8/ +-rw-r--r-- root/root usr/share/man/man8/runc-checkpoint.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-create.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-delete.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-events.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-exec.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-kill.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-list.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-pause.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-ps.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-restore.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-resume.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-run.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-spec.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-start.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-state.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc-update.8.gz +-rw-r--r-- root/root usr/share/man/man8/runc.8.gz diff --git a/runc/abuild b/runc/abuild new file mode 100644 index 00000000..612a44c6 --- /dev/null +++ b/runc/abuild @@ -0,0 +1,18 @@ +name=runc +version=1.3.1 +release=1 +source="https://github.com/opencontainers/${name}/archive/v${version}/${name}-v${version}.tar.gz" + +build() { + export GOPATH="$PWD/go" + export BUILDTAGS='seccomp apparmor' + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-trimpath -mod=readonly -modcacherw" + make runc man + install -Dm755 runc "$PKG/usr/bin/runc" + install -d "$PKG/usr/share/man/man8" + install -m644 man/man8/*.8 "$PKG/usr/share/man/man8" +} diff --git a/runc/depends b/runc/depends new file mode 100644 index 00000000..36c44ea1 --- /dev/null +++ b/runc/depends @@ -0,0 +1,3 @@ +libseccomp +go-md2man +libseccomp |