Try #1201:

.changes/962.json

@@ -0,0 +1,5 @@
+{
+    "description": "fix SELinux labels to allow use in multiple containers and/or the host filesystem.",
+    "type": "fixed",
+    "issues": [961]
+}

CHANGELOG.md

@@ -7,6 +7,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased] - ReleaseDate
 
+## [v0.2.5] - 2023-02-03
+
+## Fixed
+
+- #962 - fix SELinux labels to allow use in multiple containers and/or the host filesystem.
+- #1166 - freebsd: include memstat in build image to fix build with libc 0.2.138 and up.
+
 ## [v0.2.4] - 2022-07-10
 
 ## Fixed
@@ -364,7 +371,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 <!-- prettier-ignore-start -->
 <!-- next-url -->
 
-[Unreleased]: https://github.com/cross-rs/cross/compare/v0.2.4...HEAD
+[Unreleased]: https://github.com/cross-rs/cross/compare/v0.2.5...HEAD
+
+[v0.2.5]: https://github.com/cross-rs/cross/compare/v0.2.4...v0.2.5
 
 [v0.2.4]: https://github.com/cross-rs/cross/compare/v0.2.3...v0.2.4
 

Cargo.toml

@@ -6,7 +6,7 @@ keywords = ["cross", "compilation", "testing", "tool"]
 license = "MIT OR Apache-2.0"
 name = "cross"
 repository = "https://github.com/cross-rs/cross"
-version = "0.2.4"
+version = "0.2.5"
 edition = "2021"
 include = [
   "src/**/*",
@@ -66,7 +66,6 @@ once_cell = "1"
 walkdir = "2"
 
 [package.metadata.release]
-dev-version = false
 push = false
 publish = false
 tag = false

Dockerfile.hack

@@ -0,0 +1,2 @@
+ARG CROSS_IMAGE
+FROM $CROSS_IMAGE

deny.toml

@@ -12,7 +12,7 @@ vulnerability = "deny"
 unmaintained = "deny"
 notice = "deny"
 unsound = "deny"
-ignore = []
+ignore = ["RUSTSEC-2021-0145"]
 
 [bans]
 multiple-versions = "deny"

docker/Dockerfile.i686-unknown-freebsd

@@ -10,12 +10,14 @@ RUN /cmake.sh
 COPY xargo.sh /
 RUN /xargo.sh
 
+RUN echo "export ARCH=i686" > /freebsd-arch.sh
 COPY freebsd-common.sh /
 COPY freebsd.sh /
-RUN /freebsd.sh i686
+RUN /freebsd.sh
 
+COPY freebsd-install.sh /
 COPY freebsd-extras.sh /
-RUN /freebsd-extras.sh i686
+RUN /freebsd-extras.sh
 
 ENV CARGO_TARGET_I686_UNKNOWN_FREEBSD_LINKER=i686-unknown-freebsd12-gcc \
     CC_i686_unknown_freebsd=i686-unknown-freebsd12-gcc \

docker/Dockerfile.x86_64-unknown-freebsd

@@ -10,12 +10,14 @@ RUN /cmake.sh
 COPY xargo.sh /
 RUN /xargo.sh
 
+RUN echo "export ARCH=x86_64" > /freebsd-arch.sh
 COPY freebsd-common.sh /
 COPY freebsd.sh /
-RUN /freebsd.sh x86_64
+RUN /freebsd.sh
 
+COPY freebsd-install.sh /
 COPY freebsd-extras.sh /
-RUN /freebsd-extras.sh x86_64
+RUN /freebsd-extras.sh
 
 ENV CARGO_TARGET_X86_64_UNKNOWN_FREEBSD_LINKER=x86_64-unknown-freebsd12-gcc \
     CC_x86_64_unknown_freebsd=x86_64-unknown-freebsd12-gcc \

docker/dragonfly.sh

@@ -105,7 +105,7 @@ EOF
     cp "${td}/dragonfly/usr/lib/libexecinfo.so.1" "${destdir}/lib"
     cp "${td}/dragonfly/usr/lib/libpthread.so" "${destdir}/lib/libpthread.so"
     cp "${td}/dragonfly/usr/lib/librt.so.0" "${destdir}/lib"
-    cp "${td}"/dragonfly/usr/lib/lib{c,m,util}.a "${destdir}/lib"
+    cp "${td}"/dragonfly/usr/lib/lib{c,m,util,kvm}.a "${destdir}/lib"
     cp "${td}/dragonfly/usr/lib/thread/libthread_xu.so.2" "${destdir}/lib/libpthread.so.0"
     cp "${td}"/dragonfly/usr/lib/{crt1,Scrt1,crti,crtn}.o "${destdir}/lib/"
 

docker/freebsd-common.sh

@@ -3,6 +3,9 @@
 set -x
 set -euo pipefail
 
+# shellcheck disable=SC1091
+. freebsd-arch.sh
+
 export BSD_ARCH=
 case "${ARCH}" in
     x86_64)

docker/freebsd-extras.sh

@@ -3,55 +3,17 @@
 set -x
 set -euo pipefail
 
-export ARCH="${1}"
 # shellcheck disable=SC1091
 . lib.sh
 # shellcheck disable=SC1091
 . freebsd-common.sh
+# shellcheck disable=SC1091
+. freebsd-install.sh
 
 main() {
-    local pkg_source="https://pkg.freebsd.org/FreeBSD:${BSD_MAJOR}:${BSD_ARCH}/quarterly"
-    install_packages curl jq xz-utils
-
-    local td
-    td="$(mktemp -d)"
-
-    mkdir "${td}"/{openssl,sqlite,packagesite}
-
-    pushd "${td}"
-
-    curl --retry 3 -sSfL "${pkg_source}/packagesite.txz" -O
-    tar -C "${td}/packagesite" -xJf packagesite.txz
-    local openssl_ver
-    local sqlite_ver
-    openssl_ver=$(jq -c '. | select ( .name == "openssl" ) | .version' "${td}/packagesite/packagesite.yaml")
-    sqlite_ver=$(jq -c '. | select ( .name == "sqlite3" ) | .version' "${td}/packagesite/packagesite.yaml")
-    openssl_ver=${openssl_ver//'"'/}
-    sqlite_ver=${sqlite_ver//'"'/}
-
-    local target="${ARCH}-unknown-freebsd${BSD_MAJOR}"
-
-    # Adding openssl lib
-    curl --retry 3 -sSfL "${pkg_source}/All/openssl-${openssl_ver}.txz" -O
-    tar -C "${td}/openssl" -xJf "openssl-${openssl_ver}.txz" /usr/local/lib /usr/local/include/
-
-    # Adding sqlite3
-    curl --retry 3 -sSfL "${pkg_source}/All/sqlite3-${sqlite_ver}.txz" -O
-    tar -C "${td}/sqlite" -xJf "sqlite3-${sqlite_ver}.txz" /usr/local/lib
-
-    # Copy the linked library
-    local destdir="/usr/local/${target}"
-    cp -r "${td}/openssl/usr/local/include" "${destdir}"
-    cp "${td}/openssl/usr/local/lib"/lib{crypto,ssl}.a "${destdir}/lib"
-    cp "${td}/openssl/usr/local/lib"/lib{crypto,ssl}.so* "${destdir}/lib"
-    cp "${td}/sqlite/usr/local/lib"/libsqlite3.so* "${destdir}/lib"
-
-    purge_packages
-
-    # clean up
-    popd
+    setup_packagesite
+    install_freebsd_package openssl sqlite3
 
-    rm -rf "${td}"
     rm "${0}"
 }
 

docker/freebsd-install.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+set -x
+set -euo pipefail
+
+# shellcheck disable=SC1091
+. freebsd-common.sh
+
+export PACKAGESITE=/opt/freebsd-packagesite/packagesite.yaml
+export PKG_SOURCE="https://pkg.freebsd.org/FreeBSD:${BSD_MAJOR}:${BSD_ARCH}/quarterly"
+export TARGET="${ARCH}-unknown-freebsd${BSD_MAJOR}"
+
+setup_packagesite() {
+    apt-get update && apt-get install --assume-yes --no-install-recommends \
+        curl \
+        jq \
+        xz-utils
+
+    mkdir /opt/freebsd-packagesite
+    curl --retry 3 -sSfL "${PKG_SOURCE}/packagesite.txz" -O
+    tar -C /opt/freebsd-packagesite -xJf packagesite.txz
+
+    rm packagesite.txz
+}
+
+install_freebsd_package() {
+    local name
+    local path
+    local pkg
+    local td
+    local destdir="/usr/local/${TARGET}"
+
+    td="$(mktemp -d)"
+    pushd "${td}"
+
+    for name in "${@}"; do
+        path=$(jq -c '. | select ( .name == "'"${name}"'" ) | .repopath' "${PACKAGESITE}")
+        if [[ -z "${path}" ]]; then
+            echo "Unable to find package ${name}" >&2
+            exit 1
+        fi
+        path=${path//'"'/}
+        pkg=$(basename "${path}")
+
+        mkdir "${td}"/package
+        curl --retry 3 -sSfL "${PKG_SOURCE}/${path}" -O
+        tar -C "${td}/package" -xJf "${pkg}"
+        cp -r "${td}/package/usr/local"/* "${destdir}"/
+
+        rm "${td:?}/${pkg}"
+        rm -rf "${td:?}/package"
+    done
+
+    # clean up
+    popd
+    rm -rf "${td:?}"
+}

docker/freebsd.sh

@@ -3,7 +3,6 @@
 set -x
 set -euo pipefail
 
-export ARCH="${1}"
 # shellcheck disable=SC1091
 . freebsd-common.sh
 # shellcheck disable=SC1091
@@ -96,8 +95,9 @@ main() {
     cp "${td}/freebsd/lib/libdevstat.so.7" "${destdir}/lib"
     cp "${td}/freebsd/usr/lib/libc++.so.1" "${destdir}/lib"
     cp "${td}/freebsd/usr/lib/libc++.a" "${destdir}/lib"
-    cp "${td}/freebsd/usr/lib"/lib{c,util,m,ssp_nonshared}.a "${destdir}/lib"
+    cp "${td}/freebsd/usr/lib"/lib{c,util,m,ssp_nonshared,memstat}.a "${destdir}/lib"
     cp "${td}/freebsd/usr/lib"/lib{rt,execinfo,procstat}.so.1 "${destdir}/lib"
+    cp "${td}/freebsd/usr/lib"/libmemstat.so.3 "${destdir}/lib"
     cp "${td}/freebsd/usr/lib"/{crt1,Scrt1,crti,crtn}.o "${destdir}/lib"
     cp "${td}/freebsd/usr/lib"/libkvm.a "${destdir}/lib"
 

docker/wine.sh

@@ -7,19 +7,34 @@ set -euo pipefail
 . lib.sh
 
 main() {
+    local version="7.0.1~focal-1"
     install_packages wget
 
     dpkg --add-architecture i386
 
     # add repository for latest wine version and install from source
     # hardcode version, since we might want to avoid a version later.
     wget -nc https://dl.winehq.org/wine-builds/winehq.key
-    mv winehq.key /usr/share/keyrings/winehq-archive.key
-    wget -nc https://dl.winehq.org/wine-builds/ubuntu/dists/bionic/winehq-bionic.sources
-    mv winehq-bionic.sources /etc/apt/sources.list.d/
+
+    # workaround for wine server synchronization, see #1035
+    # we need to ensure the keys are now stored in `/etc/apt/keyrings`,
+    # which were previously stored in `/usr/share/keyrings`, and ensure
+    # our sources list searches for the right location.
+    mkdir -p /etc/apt/keyrings
+    mv winehq.key /etc/apt/keyrings/winehq-archive.key
+
+    wget -nc https://dl.winehq.org/wine-builds/ubuntu/dists/focal/winehq-focal.sources
+    mv winehq-focal.sources /etc/apt/sources.list.d/
+    sed -i s@/usr/share/keyrings/@/etc/apt/keyrings/@ /etc/apt/sources.list.d/winehq-focal.sources || true
+
+    # winehq requires all the dependencies to be manually specified
+    # if we're not using the latest version of a given major version.
     apt-get update
     apt install --no-install-recommends --assume-yes \
-        "winehq-stable=7.0.0.0~bionic-1"
+        "wine-stable=${version}" \
+        "wine-stable-amd64=${version}" \
+        "wine-stable-i386=${version}" \
+        "winehq-stable=${version}"
 
     purge_packages
 }

src/docker/local.rs

@@ -39,29 +39,29 @@ pub(crate) fn run(
     docker_user_id(&mut docker, engine.kind);
 
     docker
-        .args(&["-v", &format!("{}:/xargo:Z", dirs.xargo.to_utf8()?)])
-        .args(&["-v", &format!("{}:/cargo:Z", dirs.cargo.to_utf8()?)])
+        .args(&["-v", &format!("{}:/xargo:z", dirs.xargo.to_utf8()?)])
+        .args(&["-v", &format!("{}:/cargo:z", dirs.cargo.to_utf8()?)])
         // Prevent `bin` from being mounted inside the Docker container.
         .args(&["-v", "/cargo/bin"]);
     if mount_volumes {
         docker.args(&[
             "-v",
-            &format!("{}:{}:Z", dirs.host_root.to_utf8()?, dirs.mount_root),
+            &format!("{}:{}:z", dirs.host_root.to_utf8()?, dirs.mount_root),
         ]);
     } else {
-        docker.args(&["-v", &format!("{}:/project:Z", dirs.host_root.to_utf8()?)]);
+        docker.args(&["-v", &format!("{}:/project:z", dirs.host_root.to_utf8()?)]);
     }
     docker
-        .args(&["-v", &format!("{}:/rust:Z,ro", dirs.sysroot.to_utf8()?)])
-        .args(&["-v", &format!("{}:/target:Z", dirs.target.to_utf8()?)]);
+        .args(&["-v", &format!("{}:/rust:z,ro", dirs.sysroot.to_utf8()?)])
+        .args(&["-v", &format!("{}:/target:z", dirs.target.to_utf8()?)]);
     docker_cwd(&mut docker, &paths, mount_volumes)?;
 
     // When running inside NixOS or using Nix packaging we need to add the Nix
     // Store to the running container so it can load the needed binaries.
     if let Some(ref nix_store) = dirs.nix_store {
         docker.args(&[
             "-v",
-            &format!("{}:{}:Z", nix_store.to_utf8()?, nix_store.as_posix()?),
+            &format!("{}:{}:z", nix_store.to_utf8()?, nix_store.as_posix()?),
         ]);
     }
 

xtask/src/build_docker_image.rs

@@ -84,7 +84,17 @@ fn locate_dockerfile(
     } else {
         eyre::bail!("unable to find dockerfile for target \"{target}\"");
     };
-    let dockerfile = dockerfile_root.join(dockerfile_name).to_utf8()?.to_string();
+    let dockerfile = if matches!(
+        target.triplet.as_str(),
+        "powerpc64-unknown-linux-gnu" | "x86_64-sun-solaris"
+    ) {
+        crate::util::project_dir(&mut <_>::default())?
+            .join("Dockerfile.hack")
+            .to_utf8()?
+            .to_string()
+    } else {
+        dockerfile_root.join(dockerfile_name).to_utf8()?.to_string()
+    };
     Ok((target, dockerfile))
 }