From 1382bbeb4a16d319df509258815f6638de9cf870 Mon Sep 17 00:00:00 2001 From: Alex Huszagh Date: Mon, 18 Jul 2022 12:48:10 -0500 Subject: [PATCH 01/12] Fix SELinux labels to allow shared use. Ensure that the volumes are not mounted as private, unshared volumes since we might mount with the host filesystem. This also fixes permissions issues with reading data from a mounted volume using a rootless container engine. --- .changes/962.json | 5 +++++ src/docker/local.rs | 14 +++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 .changes/962.json diff --git a/.changes/962.json b/.changes/962.json new file mode 100644 index 000000000..cbff84ca1 --- /dev/null +++ b/.changes/962.json @@ -0,0 +1,5 @@ +{ + "description": "fix SELinux labels to allow use in multiple containers and/or the host filesystem.", + "type": "fixed", + "issues": [961] +} diff --git a/src/docker/local.rs b/src/docker/local.rs index 2d86d3d07..ed65f0b59 100644 --- a/src/docker/local.rs +++ b/src/docker/local.rs @@ -39,21 +39,21 @@ pub(crate) fn run( docker_user_id(&mut docker, engine.kind); docker - .args(&["-v", &format!("{}:/xargo:Z", dirs.xargo.to_utf8()?)]) - .args(&["-v", &format!("{}:/cargo:Z", dirs.cargo.to_utf8()?)]) + .args(&["-v", &format!("{}:/xargo:z", dirs.xargo.to_utf8()?)]) + .args(&["-v", &format!("{}:/cargo:z", dirs.cargo.to_utf8()?)]) // Prevent `bin` from being mounted inside the Docker container. .args(&["-v", "/cargo/bin"]); if mount_volumes { docker.args(&[ "-v", - &format!("{}:{}:Z", dirs.host_root.to_utf8()?, dirs.mount_root), + &format!("{}:{}:z", dirs.host_root.to_utf8()?, dirs.mount_root), ]); } else { - docker.args(&["-v", &format!("{}:/project:Z", dirs.host_root.to_utf8()?)]); + docker.args(&["-v", &format!("{}:/project:z", dirs.host_root.to_utf8()?)]); } docker - .args(&["-v", &format!("{}:/rust:Z,ro", dirs.sysroot.to_utf8()?)]) - .args(&["-v", &format!("{}:/target:Z", dirs.target.to_utf8()?)]); + .args(&["-v", &format!("{}:/rust:z,ro", dirs.sysroot.to_utf8()?)]) + .args(&["-v", &format!("{}:/target:z", dirs.target.to_utf8()?)]); docker_cwd(&mut docker, &paths, mount_volumes)?; // When running inside NixOS or using Nix packaging we need to add the Nix @@ -61,7 +61,7 @@ pub(crate) fn run( if let Some(ref nix_store) = dirs.nix_store { docker.args(&[ "-v", - &format!("{}:{}:Z", nix_store.to_utf8()?, nix_store.as_posix()?), + &format!("{}:{}:z", nix_store.to_utf8()?, nix_store.as_posix()?), ]); } From 7d593d77a1fb13d3b82ccc8fde335dc633cc69a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Fri, 3 Feb 2023 23:14:14 +0100 Subject: [PATCH 02/12] remove dev-version from release config --- Cargo.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 10eeeb09e..64e5d09ed 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -66,7 +66,6 @@ once_cell = "1" walkdir = "2" [package.metadata.release] -dev-version = false push = false publish = false tag = false From 6983a921debadf027d4edcd1ee8dc5707bc6d466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Fri, 3 Feb 2023 23:14:48 +0100 Subject: [PATCH 03/12] changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 55b47a683..2c3ee3f0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] - ReleaseDate +## Fixed + +- #962 - fix SELinux labels to allow use in multiple containers and/or the host filesystem. + ## [v0.2.4] - 2022-07-10 ## Fixed From 6b0683e3fd88bee2b7ed8d7bdc2e6408d0732d48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Fri, 3 Feb 2023 23:35:48 +0100 Subject: [PATCH 04/12] allow advisory --- deny.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deny.toml b/deny.toml index 3f7755317..b51d77327 100644 --- a/deny.toml +++ b/deny.toml @@ -12,7 +12,7 @@ vulnerability = "deny" unmaintained = "deny" notice = "deny" unsound = "deny" -ignore = [] +ignore = ["RUSTSEC-2021-0145"] [bans] multiple-versions = "deny" From 66fa121cf45ca87d2e783b376ba373858fc7c8c6 Mon Sep 17 00:00:00 2001 From: Taiki Endo Date: Sun, 4 Dec 2022 15:26:20 +0900 Subject: [PATCH 05/12] freebsd: include memstat in build image --- docker/freebsd.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/freebsd.sh b/docker/freebsd.sh index e351bd3dc..2d1d01783 100755 --- a/docker/freebsd.sh +++ b/docker/freebsd.sh @@ -96,8 +96,9 @@ main() { cp "${td}/freebsd/lib/libdevstat.so.7" "${destdir}/lib" cp "${td}/freebsd/usr/lib/libc++.so.1" "${destdir}/lib" cp "${td}/freebsd/usr/lib/libc++.a" "${destdir}/lib" - cp "${td}/freebsd/usr/lib"/lib{c,util,m,ssp_nonshared}.a "${destdir}/lib" + cp "${td}/freebsd/usr/lib"/lib{c,util,m,ssp_nonshared,memstat}.a "${destdir}/lib" cp "${td}/freebsd/usr/lib"/lib{rt,execinfo,procstat}.so.1 "${destdir}/lib" + cp "${td}/freebsd/usr/lib"/libmemstat.so.3 "${destdir}/lib" cp "${td}/freebsd/usr/lib"/{crt1,Scrt1,crti,crtn}.o "${destdir}/lib" cp "${td}/freebsd/usr/lib"/libkvm.a "${destdir}/lib" From 7fd87ce1caeba1f05453814e1f439b377eb9f744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Sat, 4 Feb 2023 01:17:05 +0100 Subject: [PATCH 06/12] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c3ee3f0a..19faad3a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## Fixed - #962 - fix SELinux labels to allow use in multiple containers and/or the host filesystem. +- #1166 - freebsd: include memstat in build image to fix build with libc 0.2.138 and up. ## [v0.2.4] - 2022-07-10 From 6e19b90be6e0639cb424ada354cf35361c8ab203 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Sat, 20 Aug 2022 19:27:24 +0200 Subject: [PATCH 07/12] copy kvm --- docker/dragonfly.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/dragonfly.sh b/docker/dragonfly.sh index 167aff4ad..d53ac1a01 100755 --- a/docker/dragonfly.sh +++ b/docker/dragonfly.sh @@ -105,7 +105,7 @@ EOF cp "${td}/dragonfly/usr/lib/libexecinfo.so.1" "${destdir}/lib" cp "${td}/dragonfly/usr/lib/libpthread.so" "${destdir}/lib/libpthread.so" cp "${td}/dragonfly/usr/lib/librt.so.0" "${destdir}/lib" - cp "${td}"/dragonfly/usr/lib/lib{c,m,util}.a "${destdir}/lib" + cp "${td}"/dragonfly/usr/lib/lib{c,m,util,kvm}.a "${destdir}/lib" cp "${td}/dragonfly/usr/lib/thread/libthread_xu.so.2" "${destdir}/lib/libpthread.so.0" cp "${td}"/dragonfly/usr/lib/{crt1,Scrt1,crti,crtn}.o "${destdir}/lib/" From 3e623059cb135f1ad36cbff8eb60a5b5f77ffe3a Mon Sep 17 00:00:00 2001 From: Alex Huszagh Date: Fri, 15 Jul 2022 10:41:54 -0500 Subject: [PATCH 08/12] Simplify FreeBSD package installs. --- docker/Dockerfile.i686-unknown-freebsd | 6 ++- docker/Dockerfile.x86_64-unknown-freebsd | 6 ++- docker/freebsd-common.sh | 3 ++ docker/freebsd-extras.sh | 46 ++----------------- docker/freebsd-install.sh | 57 ++++++++++++++++++++++++ docker/freebsd.sh | 1 - 6 files changed, 72 insertions(+), 47 deletions(-) create mode 100755 docker/freebsd-install.sh diff --git a/docker/Dockerfile.i686-unknown-freebsd b/docker/Dockerfile.i686-unknown-freebsd index af4600a9c..37ea6e780 100644 --- a/docker/Dockerfile.i686-unknown-freebsd +++ b/docker/Dockerfile.i686-unknown-freebsd @@ -10,12 +10,14 @@ RUN /cmake.sh COPY xargo.sh / RUN /xargo.sh +RUN echo "export ARCH=i686" > /freebsd-arch.sh COPY freebsd-common.sh / COPY freebsd.sh / -RUN /freebsd.sh i686 +RUN /freebsd.sh +COPY freebsd-install.sh / COPY freebsd-extras.sh / -RUN /freebsd-extras.sh i686 +RUN /freebsd-extras.sh ENV CARGO_TARGET_I686_UNKNOWN_FREEBSD_LINKER=i686-unknown-freebsd12-gcc \ CC_i686_unknown_freebsd=i686-unknown-freebsd12-gcc \ diff --git a/docker/Dockerfile.x86_64-unknown-freebsd b/docker/Dockerfile.x86_64-unknown-freebsd index 4f53fb297..239628f80 100644 --- a/docker/Dockerfile.x86_64-unknown-freebsd +++ b/docker/Dockerfile.x86_64-unknown-freebsd @@ -10,12 +10,14 @@ RUN /cmake.sh COPY xargo.sh / RUN /xargo.sh +RUN echo "export ARCH=x86_64" > /freebsd-arch.sh COPY freebsd-common.sh / COPY freebsd.sh / -RUN /freebsd.sh x86_64 +RUN /freebsd.sh +COPY freebsd-install.sh / COPY freebsd-extras.sh / -RUN /freebsd-extras.sh x86_64 +RUN /freebsd-extras.sh ENV CARGO_TARGET_X86_64_UNKNOWN_FREEBSD_LINKER=x86_64-unknown-freebsd12-gcc \ CC_x86_64_unknown_freebsd=x86_64-unknown-freebsd12-gcc \ diff --git a/docker/freebsd-common.sh b/docker/freebsd-common.sh index 514ff524e..a5af3fa66 100755 --- a/docker/freebsd-common.sh +++ b/docker/freebsd-common.sh @@ -3,6 +3,9 @@ set -x set -euo pipefail +# shellcheck disable=SC1091 +. freebsd-arch.sh + export BSD_ARCH= case "${ARCH}" in x86_64) diff --git a/docker/freebsd-extras.sh b/docker/freebsd-extras.sh index c3f4f2348..e1d41462a 100755 --- a/docker/freebsd-extras.sh +++ b/docker/freebsd-extras.sh @@ -3,55 +3,17 @@ set -x set -euo pipefail -export ARCH="${1}" # shellcheck disable=SC1091 . lib.sh # shellcheck disable=SC1091 . freebsd-common.sh +# shellcheck disable=SC1091 +. freebsd-install.sh main() { - local pkg_source="https://pkg.freebsd.org/FreeBSD:${BSD_MAJOR}:${BSD_ARCH}/quarterly" - install_packages curl jq xz-utils - - local td - td="$(mktemp -d)" - - mkdir "${td}"/{openssl,sqlite,packagesite} - - pushd "${td}" - - curl --retry 3 -sSfL "${pkg_source}/packagesite.txz" -O - tar -C "${td}/packagesite" -xJf packagesite.txz - local openssl_ver - local sqlite_ver - openssl_ver=$(jq -c '. | select ( .name == "openssl" ) | .version' "${td}/packagesite/packagesite.yaml") - sqlite_ver=$(jq -c '. | select ( .name == "sqlite3" ) | .version' "${td}/packagesite/packagesite.yaml") - openssl_ver=${openssl_ver//'"'/} - sqlite_ver=${sqlite_ver//'"'/} - - local target="${ARCH}-unknown-freebsd${BSD_MAJOR}" - - # Adding openssl lib - curl --retry 3 -sSfL "${pkg_source}/All/openssl-${openssl_ver}.txz" -O - tar -C "${td}/openssl" -xJf "openssl-${openssl_ver}.txz" /usr/local/lib /usr/local/include/ - - # Adding sqlite3 - curl --retry 3 -sSfL "${pkg_source}/All/sqlite3-${sqlite_ver}.txz" -O - tar -C "${td}/sqlite" -xJf "sqlite3-${sqlite_ver}.txz" /usr/local/lib - - # Copy the linked library - local destdir="/usr/local/${target}" - cp -r "${td}/openssl/usr/local/include" "${destdir}" - cp "${td}/openssl/usr/local/lib"/lib{crypto,ssl}.a "${destdir}/lib" - cp "${td}/openssl/usr/local/lib"/lib{crypto,ssl}.so* "${destdir}/lib" - cp "${td}/sqlite/usr/local/lib"/libsqlite3.so* "${destdir}/lib" - - purge_packages - - # clean up - popd + setup_packagesite + install_freebsd_package openssl sqlite3 - rm -rf "${td}" rm "${0}" } diff --git a/docker/freebsd-install.sh b/docker/freebsd-install.sh new file mode 100755 index 000000000..dba0d1db7 --- /dev/null +++ b/docker/freebsd-install.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +set -x +set -euo pipefail + +# shellcheck disable=SC1091 +. freebsd-common.sh + +export PACKAGESITE=/opt/freebsd-packagesite/packagesite.yaml +export PKG_SOURCE="https://pkg.freebsd.org/FreeBSD:${BSD_MAJOR}:${BSD_ARCH}/quarterly" +export TARGET="${ARCH}-unknown-freebsd${BSD_MAJOR}" + +setup_packagesite() { + apt-get update && apt-get install --assume-yes --no-install-recommends \ + curl \ + jq \ + xz-utils + + mkdir /opt/freebsd-packagesite + curl --retry 3 -sSfL "${PKG_SOURCE}/packagesite.txz" -O + tar -C /opt/freebsd-packagesite -xJf packagesite.txz + + rm packagesite.txz +} + +install_freebsd_package() { + local name + local path + local pkg + local td + local destdir="/usr/local/${TARGET}" + + td="$(mktemp -d)" + pushd "${td}" + + for name in "${@}"; do + path=$(jq -c '. | select ( .name == "'"${name}"'" ) | .repopath' "${PACKAGESITE}") + if [[ -z "${path}" ]]; then + echo "Unable to find package ${name}" >&2 + exit 1 + fi + path=${path//'"'/} + pkg=$(basename "${path}") + + mkdir "${td}"/package + curl --retry 3 -sSfL "${PKG_SOURCE}/${path}" -O + tar -C "${td}/package" -xJf "${pkg}" + cp -r "${td}/package/usr/local"/* "${destdir}"/ + + rm "${td:?}/${pkg}" + rm -rf "${td:?}/package" + done + + # clean up + popd + rm -rf "${td:?}" +} diff --git a/docker/freebsd.sh b/docker/freebsd.sh index 2d1d01783..94f023b31 100755 --- a/docker/freebsd.sh +++ b/docker/freebsd.sh @@ -3,7 +3,6 @@ set -x set -euo pipefail -export ARCH="${1}" # shellcheck disable=SC1091 . freebsd-common.sh # shellcheck disable=SC1091 From f2dc7f7173d7682afb0719639e4a9c5d673c5cb4 Mon Sep 17 00:00:00 2001 From: Alex Huszagh Date: Thu, 29 Sep 2022 10:08:36 -0500 Subject: [PATCH 09/12] Fix Wine install steps from WineHQ. --- docker/wine.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docker/wine.sh b/docker/wine.sh index cda79f38a..9ab0f158a 100755 --- a/docker/wine.sh +++ b/docker/wine.sh @@ -14,9 +14,18 @@ main() { # add repository for latest wine version and install from source # hardcode version, since we might want to avoid a version later. wget -nc https://dl.winehq.org/wine-builds/winehq.key - mv winehq.key /usr/share/keyrings/winehq-archive.key - wget -nc https://dl.winehq.org/wine-builds/ubuntu/dists/bionic/winehq-bionic.sources - mv winehq-bionic.sources /etc/apt/sources.list.d/ + + # workaround for wine server synchronization, see #1035 + # we need to ensure the keys are now stored in `/etc/apt/keyrings`, + # which were previously stored in `/usr/share/keyrings`, and ensure + # our sources list searches for the right location. + mkdir -p /etc/apt/keyrings + mv winehq.key /etc/apt/keyrings/winehq-archive.key + + wget -nc https://dl.winehq.org/wine-builds/ubuntu/dists/focal/winehq-focal.sources + mv winehq-focal.sources /etc/apt/sources.list.d/ + sed -i s@/usr/share/keyrings/@/etc/apt/keyrings/@ /etc/apt/sources.list.d/winehq-focal.sources || true + apt-get update apt install --no-install-recommends --assume-yes \ "winehq-stable=7.0.0.0~bionic-1" From 8f22bbf502a06f06ededa60a73d713b368889d28 Mon Sep 17 00:00:00 2001 From: Alex Huszagh Date: Fri, 11 Nov 2022 18:37:43 -0600 Subject: [PATCH 10/12] Make WINE builds more resilient. --- docker/wine.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docker/wine.sh b/docker/wine.sh index 9ab0f158a..89e6670af 100755 --- a/docker/wine.sh +++ b/docker/wine.sh @@ -7,6 +7,7 @@ set -euo pipefail . lib.sh main() { + local version="7.0.1~focal-1" install_packages wget dpkg --add-architecture i386 @@ -26,9 +27,14 @@ main() { mv winehq-focal.sources /etc/apt/sources.list.d/ sed -i s@/usr/share/keyrings/@/etc/apt/keyrings/@ /etc/apt/sources.list.d/winehq-focal.sources || true + # winehq requires all the dependencies to be manually specified + # if we're not using the latest version of a given major version. apt-get update apt install --no-install-recommends --assume-yes \ - "winehq-stable=7.0.0.0~bionic-1" + "wine-stable=${version}" \ + "wine-stable-amd64=${version}" \ + "wine-stable-i386=${version}" \ + "winehq-stable=${version}" purge_packages } From 23a6283aaab588a4deb622b10d5bfe35ac410a4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Sat, 4 Feb 2023 10:17:06 +0100 Subject: [PATCH 11/12] hack powerpc64 and solaris --- Dockerfile.hack | 2 ++ xtask/src/build_docker_image.rs | 12 +++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 Dockerfile.hack diff --git a/Dockerfile.hack b/Dockerfile.hack new file mode 100644 index 000000000..664ab56dd --- /dev/null +++ b/Dockerfile.hack @@ -0,0 +1,2 @@ +ARG CROSS_IMAGE +FROM $CROSS_IMAGE \ No newline at end of file diff --git a/xtask/src/build_docker_image.rs b/xtask/src/build_docker_image.rs index fc00310ba..a4cc5d7c5 100644 --- a/xtask/src/build_docker_image.rs +++ b/xtask/src/build_docker_image.rs @@ -84,7 +84,17 @@ fn locate_dockerfile( } else { eyre::bail!("unable to find dockerfile for target \"{target}\""); }; - let dockerfile = dockerfile_root.join(dockerfile_name).to_utf8()?.to_string(); + let dockerfile = if matches!( + target.triplet.as_str(), + "powerpc64-unknown-linux-gnu" | "x86_64-sun-solaris" + ) { + crate::util::project_dir(&mut <_>::default())? + .join("Dockerfile.hack") + .to_utf8()? + .to_string() + } else { + dockerfile_root.join(dockerfile_name).to_utf8()?.to_string() + }; Ok((target, dockerfile)) } From c15d3ece919d4df2ce112148b0bee7f6c7287932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Gardstr=C3=B6m?= Date: Fri, 3 Feb 2023 23:18:03 +0100 Subject: [PATCH 12/12] Release v0.2.5 --- CHANGELOG.md | 6 +++++- Cargo.lock | 2 +- Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19faad3a9..c84a15d03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] - ReleaseDate +## [v0.2.5] - 2023-02-03 + ## Fixed - #962 - fix SELinux labels to allow use in multiple containers and/or the host filesystem. @@ -369,7 +371,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). -[Unreleased]: https://github.com/cross-rs/cross/compare/v0.2.4...HEAD +[Unreleased]: https://github.com/cross-rs/cross/compare/v0.2.5...HEAD + +[v0.2.5]: https://github.com/cross-rs/cross/compare/v0.2.4...v0.2.5 [v0.2.4]: https://github.com/cross-rs/cross/compare/v0.2.3...v0.2.4 diff --git a/Cargo.lock b/Cargo.lock index 0ca6781d1..a95faa1ec 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -150,7 +150,7 @@ checksum = "fb58b6451e8c2a812ad979ed1d83378caa5e927eef2622017a45f251457c2c9d" [[package]] name = "cross" -version = "0.2.4" +version = "0.2.5" dependencies = [ "atty", "clap", diff --git a/Cargo.toml b/Cargo.toml index 64e5d09ed..d2c8f7b0d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ keywords = ["cross", "compilation", "testing", "tool"] license = "MIT OR Apache-2.0" name = "cross" repository = "https://github.com/cross-rs/cross" -version = "0.2.4" +version = "0.2.5" edition = "2021" include = [ "src/**/*",